Score
Developing software using the Python language and ecosystem, including core language features, standard library, packaging and virtual environments (pip, venv, poetry), debugging, and writing tests for applications ranging from scripting to web services and ML workflows.
Open-source license variants—ranging from minimally modified standard licenses to fully custom terms—are pervasive yet poorly understood across ecosystems like PyPI; existing tools fail to reliably detect them, leading to compliance risks and flawed license analysis. This paper presents the first large-scale empirical study characterizing such variants, revealing widespread textual divergence but rare substantive modifications—many of which nonetheless introduce critical license incompatibilities. To address this, we propose LV-Parser, a lightweight license parser leveraging differential analysis and LLM-assisted validation, achieving 0.936 accuracy with 30% lower computational overhead; and LV-Compat, a dependency-aware compatibility checker that improves detection rate by 5.2× and attains 0.98 precision. Together, they form an end-to-end automated pipeline that significantly enhances license identification accuracy and compliance assessment efficacy.
Existing Python vulnerability scanners suffer from significant false positives and false negatives due to their neglect of security backports in packaged libraries and operating system distributions. This work proposes a provenance-aware approach that integrates content-hash matching, dynamic binary version extraction, and cross-ecosystem call graph construction to establish fine-grained mappings between native dependencies in the Python and OS ecosystems for the first time. By accurately identifying the upstream or system package versions corresponding to bundled libraries, the method enables precise assessment of vulnerability reachability. Evaluation on 100,000 PyPI packages and 10 CVEs reveals 39 directly affected packages—collectively downloaded over 47 million times per month—and 312 indirectly affected packages, reducing false positive rates by up to 97%.
This work addresses the challenges of IDE development posed by the rapid evolution of smart contract languages such as Move by presenting a high-performance IDE support system built atop the Move compiler and adhering to the Language Server Protocol (LSP). Through deep integration with existing language toolchains and the application of incremental parsing and optimized semantic analysis techniques, the system efficiently delivers rich IDE features even as the language undergoes continuous iteration. Deployed successfully within the Sui platform’s Move ecosystem, it significantly enhances developer experience and yields a reusable, evolution-aware IDE construction strategy applicable to other emerging programming language ecosystems.
Existing automated environment configuration research relies on small-scale datasets that fail to reflect real-world complexity and challenges. Method: We introduce EnvBench, the first large-scale, high-difficulty benchmark for environment configuration, comprising 329 real-world Python and 665 JVM (Java/Kotlin) open-source repositories—each requiring non-trivial reasoning for successful configuration. We formally define and quantify repository-level configuration difficulty for the first time, and propose a dual-dimensional automatic evaluation framework: static analysis (e.g., missing import detection for Python) and compilation-based validation (e.g., JVM bytecode verification). The benchmark supports extensibility and model fine-tuning. Results: Evaluated on LLM-powered agent workflows driven by GPT-4o and GPT-4o-mini, state-of-the-art methods achieve only 6.69% success on Python repositories and 29.47% on JVM repositories, underscoring persistent limitations of current LLMs in practical environment configuration tasks.
AI-generated code exhibits low reliability, high maintenance overhead, and poor verifiability in embedded systems. To address these challenges, this paper introduces Pythoness—a domain-specific language (DSL) designed for embedded development that enables developers to specify behavioral requirements via natural-language descriptions or formal tests, thereby replacing low-level coding and enabling collaborative programming with large language models (LLMs). Its core contribution is the first proposal of a test-driven LLM programming paradigm: unit and property tests guide prompt engineering, establishing a closed-loop workflow of code generation, execution, and feedback, while runtime verification continuously ensures correctness. Evaluation of a prototype implementation demonstrates that Pythoness significantly improves test pass rates (+32%) and reduces defect density (−41%) compared to specification-only approaches, while also enhancing maintainability and formal verifiability.
This study addresses the unique challenges faced by non-developer-led knowledge communities—such as Obsidian—in maintaining sustainable plugin ecosystems, a domain lacking systematic understanding. Through an empirical investigation of 396 plugins, combining repository mining, large language model–driven topic modeling, and pull request analysis, this work presents the first systematic characterization of such ecosystems. It identifies six functional theme categories and reveals active software evolution patterns. Furthermore, the research proposes an analytical framework tailored for plugin maintenance in mixed-skill communities, articulating three strategic directions and six key research questions. The findings demonstrate that even non-developer communities can cultivate plugin ecosystems with discernible engineering structure and long-term sustainability.
This study addresses the unclear distribution of software licenses in open-source projects and their impact on code reuse and project activity. Leveraging a dataset of over 100 million open-source repositories, this work presents the first large-scale analysis of license adoption trends across programming language ecosystems and examines how license changes influence project activity over time. Through data mining and time-series comparisons, the authors find that most projects lack an explicit license, while permissive licenses have steadily increased in prevalence. Notably, the C ecosystem exhibits a preference for restrictive licenses, and transitioning from restrictive to permissive licensing correlates with decreased activity in C projects—contrasting sharply with Python projects, which show significantly enhanced activity following such transitions. These findings demonstrate that the effects of licensing strategies are highly dependent on the language ecosystem, challenging assumptions of universal applicability.
This work addresses the time-consuming and error-prone nature of manually migrating third-party libraries in Python projects, particularly when the original libraries become outdated or deprecated. To tackle this challenge, we propose MigMate—the first end-to-end, large language model (LLM)-based library migration plugin for Visual Studio Code—that seamlessly integrates automated migration capabilities into developers’ workflows. Built upon MigrateLib, MigMate leverages LLMs to generate migration code and provides an interactive preview and confirmation interface. Preliminary user studies demonstrate that MigMate significantly reduces the time required for migration tasks and achieves high scores on the System Usability Scale (SUS), confirming its effectiveness and practical utility.
Automatically generating verifiable Python formal specifications remains challenging, and developers often abandon automated verification tools due to the tediousness of manually writing contracts. This work proposes a closed-loop approach that integrates large language models with symbolic execution (CrossHair) to automatically generate and iteratively refine icontract-style contract annotations without modifying the original code. The method leverages feedback from symbolic execution to drive specification refinement and simultaneously produces coverage-guided pytest stubs and debugging artifacts. Experimental results demonstrate that the approach successfully generates CrossHair-compatible specifications for most programs, significantly enhancing the practical feasibility of automated verification, while also revealing real-world limitations arising from the boundaries of symbolic exploration and behavioral discrepancies in large language models.
This work addresses the challenge of reliably conveying intent, requirements, and constraints in human–AI–tool collaborative software development by proposing a specification-centric Bosque API (BAPI) ecosystem. The system introduces a highly expressive specification language that, for the first time, enables cross-language interoperability, automated test generation, formal verification, and execution sandboxing across the entire API lifecycle—from requirement definition and implementation to invocation and validation. By providing end-to-end specification guarantees, BAPI significantly enhances system correctness, security, and the efficiency of human–AI collaboration, offering a novel infrastructure for software development in the era of AI agents.