Package Dashboard
A Cross-Ecosystem Framework for Dual-Perspective Analysis of Software Packages
Abstract
Recent software supply chain attacks have revealed a critical socio-technical gap in current Software Composition Analysis (SCA) implementations -- isolation among package management ecosystems and open source communities. This fragmentation poses manual overhead, forcing developers to synthesize scattered data, and potentially undermines the reliability of risk assessments. To address this, we present Package Dashboard, a cross-ecosystem platform that: 1) synthesizes package metadata, vulnerability feeds, and upstream community health metrics for holistic software supply chain analysis; 2) provides actionable insights, e.g. recommending resilient alternatives to mitigate risky packages. Through an extensive analysis of 374,000 packages and a user study in three real-world risk mitigation scenarios, we demonstrate that our approach not only uncovers latent risks but also reduces remediation time by up to 70%, effectively closing the loop between identifying risks and selecting replacements.