🤖 AI Summary
Existing dependency graphs struggle to detect supply chain risks arising from changes in software package release pathways. This work proposes a predecessor-aware release provenance recording method that systematically defines and quantifies release path discontinuities by comparing a package version against its immediate predecessor across multiple dimensions—including publisher identity, repository, workflow, source attestations, cryptographic signatures, and intermediary evidence. Leveraging semantic distance metrics and institution-specific policy rules, the approach implements a transparent triggering strategy to flag high-risk releases. Evaluated on 45,812 versions from npm and PyPI, the method identified 204 policy-triggered events, with the two rule types covering 93% and 100% of cases, respectively. Blind manual review confirmed that the vast majority warrant urgent scrutiny, substantially enhancing the auditability and responsiveness of software supply chain risk detection.
📝 Abstract
Dependency graphs show where released code can flow, while leaving implicit whether the public path used to publish a release changed. We introduce a predecessor-aware release-authority record that compares each package release with its immediate predecessor across publisher, repository, workflow, provenance, signing, and mediation evidence.
We instantiate the record over a purposefully sampled, audited April 2024--June 2026 cohort from npm, PyPI, Maven Central, crates.io, and RubyGems: 45,812 releases, 43,100 eligible predecessor comparisons, and 942 package coordinates. Go is reported separately as a VCS/proxy/checksum-log boundary adapter. Transparent rules identify 204 policy-triggering public release-path discontinuities. The exact trigger policy is the primary candidate queue. A uniform semantic-distance rule selects 320 releases and covers 190/204 triggers; a descriptive regime-specific rule selects 337 releases and covers all 204. In a blinded 60-row shared core, three practitioners rated 20/30 triggers as immediate review, 9/30 as monitoring, 1/30 as no review, and all 30 controls as no review.
These signals are review cues over public release-path evidence. Exact malicious versions in our external alignment have zero overlap with the policy triggers. Same-path compromise, unchanged compromised CI, and versions absent from public snapshots require separate evidence beyond this release-path record.