Advanced Software Tools for JavaScript Developers

Typical modern Node.js application consists of hundreds of JavaScript files, with more than 90% of the code coming from such third-party libraries. Reuse of high-quality libraries is thus an important factor in software development. Most libraries, especially the most popular ones, are continuously improved, and new versions are released frequently. However, dependence on other people’s libraries opens the door to security vulnerabilities and programming errors that may exist deeply inside the libraries and have severe consequences to the applications and end users, and breaking changes in new versions often cause problems for the application developers.
The objectives of this project are to further explore the scientific results achieved in the ERC CoG project “Automated Program Analysis for Advanced Web Applications” (PAW) and bring them closer to practical use.

In the PAWTOOLS project, we have continued the development of the program analyses from PAW, focusing on automated techniques for discovering how breaking changes and vulnerabilities in third-party libraries can affect application code, and we have performed an initial market analysis to explore the innovative aspects towards commercialization.

The main results of the project are: (1) We have performed a large experiment to investigate the potential of the JSFIX analysis tool in supporting breaking changes in widely used npm packages, which has led to improvements of the analysis technique and confirmed that the expressiveness is appropriate for practical use. (2) We have developed a new program analysis tool based on the experiences from the JSFIX and JAM research tools. The new analysis tool is Open Source and now forms the backbone of a commercial product. (3) The initial market analysis has provided insights into the commercial potential of the research results and has led to the creation of a startup company.