OpenSSF Foundation, formed by the Linux Foundation Organization and aimed at improving the safety of open software, census II , aimed at identifying open projects in need of a priority security audit. The study is focused on analyzing the shared open code implicitly used in various corporate projects in the form of dependencies loaded from external repository.
As a result prepared Lists of the 500 most frequently used packages, security and quality of accompaniment of which requires special attention, since vulnerabilities and compromise the developers of third-party components involved in applications (Supply Chain), may not be reduced to all efforts to improve the protection of the main product. A total of 8 options for lists, the contents in which are ranked depending on the various criteria, such as supplying in the NPM repository and the availability of information about the dependency determination.
10 most frequently used JavaScript packets from the NPM repository downloaded by applications without binding to version:
10 most frequently used in the dependences of python packets distributed through Pypi repository:
10 most frequently used on Ruby-packets distributed through the repository Rubygems: