Jianyu Wang,Chunming Wu

DOI: https://doi.org/10.1177/0020294020970213

2020-01-01

Abstract:Given users and products that he/she reviews, can we recognize fake reviews just using the text information, or determine whether a reviewer is a fraud or not? Automatically detecting fake reviews and reviewers is an urgent problem and lots of work attempts for discovering linguistics, behaviors and graph patterns. However, in reality, there are new kinds of fraudsters who can change their behaviors to camouflage as genuine reviewers to avoid detection systems. With the fraudsters become distributed, dynamic, and adversarial, anti-spam tasks face a new challenge. In this paper, we tackle the challenge of adversarial fraudsters in online app review platform and propose a system called DDF (Detect, Defense, and Forecast) to uncover camouflage accounts. Firstly, we select a small set of seed with high-precision based on text and behavior features; Secondly, we build our graph-based detection model for uncovering hidden (distant) users who serve structurally similar to the seed by utilizing Graph Convolutional Network (GCN) algorithm. Thirdly, we evaluate DDF using real-world data set from Tencent APP Store and analyze the potential fraudsters detected by DDF. It is worth mentioning that precision can achieve 0.95+. Finally, we validate the efficiency and scalability of DDF and show that it can be well transferred to other anti-spam tasks.

Hongyu Wang,Ying Li,Ronghong Huang,Xianghang Mi

2024-06-03

Abstract:In this paper, we present an extensive study of the promotion of illicit goods and services on Twitter, a popular online social network(OSN). This study is made possible through the design and implementation of multiple novel tools for detecting and analyzing illicit promotion activities as well as their underlying campaigns. As the results, we observe that illicit promotion is prevalent on Twitter, along with noticeable existence on other three popular OSNs including Youtube, Facebook, and TikTok. Particularly, 12 million distinct posts of illicit promotion (PIPs) have been observed on the Twitter platform, which are widely distributed in 5 major natural languages and 10 categories of illicit goods and services, e.g., drugs, data leakage, gambling, and weapon sales. What are also observed are 580K Twitter accounts publishing PIPs as well as 37K distinct instant messaging (IM) accounts that are embedded in PIPs and serve as next hops of communication, which strongly indicates that the campaigns underpinning PIPs are also of a large scale. Also, an arms race between Twitter and illicit promotion operators is also observed. On one hand, Twitter is observed to conduct content moderation in a continuous manner and almost 80% PIPs will get gradually unpublished within six months since posted. However, in the meantime, miscreants adopt various evasion tactics to masquerade their PIPs, which renders more than 90% PIPs keeping hidden from the detection radar for two months or longer.

Cryptography and Security,Social and Information Networks

Youmei Fan,Tao Xiao,Hideaki Hata,Christoph Treude,Kenichi Matsumoto

2024-01-05

Abstract:GitHub Sponsors was launched in 2019, enabling donations to open-source software developers to provide financial support, as per GitHub's slogan: "Invest in the projects you depend on". However, a 2022 study on GitHub Sponsors found that only two-fifths of developers who were seeking sponsorship received a donation. The study found that, other than internal actions (such as offering perks to sponsors), developers had advertised their GitHub Sponsors profiles on social media, such as Twitter (also known as X). Therefore, in this work, we investigate the impact of tweets that contain links to GitHub Sponsors profiles on sponsorship, as well as their reception on Twitter/X. We further characterize these tweets to understand their context and find that (1) such tweets have the impact of increasing the number of sponsors acquired, (2) compared to other donation platforms such as Open Collective and Patreon, GitHub Sponsors has significantly fewer interactions but is more visible on Twitter/X, and (3) developers tend to contribute more to open-source software during the week of posting such tweets. Our findings are the first step toward investigating the impact of social media on obtaining funding to sustain open-source software.

Software Engineering

Yezhou Ma,Huiying Li,Jiyao Hu,Rong Xie,Yang Chen

DOI: https://doi.org/10.1145/3127404.3127431

2017-01-01

Abstract:GitHub is a worldwide popular website for version control and source code management. In addition, since its users can follow each other, it also forms a professional social network of millions of users. In this work, we perform a data-driven study for analyzing the GitHub network. By introducing a distributed crawling framework, we first collect profiles and behavioral data of more than 2 million GitHub users. To the best of our knowledge, this is the largest and latest public dataset of GitHub. Then, we build the social graph of these users and conduct a thorough analysis of the network structure. Moreover, we investigate the user behavior patterns, particularly the patterns of the "commit" activities. Finally, we utilize machine learning methods to discover important users in the network with a high accuracy and a low overhead. Our inspiring findings are helpful for GitHub to provide better services for its users.

Shang Ma,Chaoran Chen,Shao Yang,Shifu Hou,Toby Jia-Jun Li,Xusheng Xiao,Tao Xie,Yanfang Ye

2024-10-10

Abstract:In Android apps, their developers frequently place app promotion ads, namely advertisements to promote other apps. Unfortunately, the inadequate vetting of ad content allows malicious developers to exploit app promotion ads as a new distribution channel for malware. To help detect malware distributed via app promotion ads, in this paper, we propose a novel approach, named ADGPE, that synergistically integrates app user interface (UI) exploration with graph learning to automatically collect app promotion ads, detect malware promoted by these ads, and explain the promotion mechanisms employed by the detected malware. Our evaluation on 18, 627 app promotion ads demonstrates the substantial risks in the app promotion ecosystem.

Cryptography and Security,Computers and Society

Aditya Mehta,Arun Paudyal,Atul Sharma,Zyanya Ambros,Ipek Baris,Jun Sun,Oul Han,Akram Sadat Hosseini

DOI: https://doi.org/10.48550/arXiv.2006.02193

2020-06-03

Abstract:Collaborative consensus-finding is an integral element of many Web services and greatly determines the quality of information, content, and products that are available through the Web. That also means that the dynamics of democratic consensus-finding strengthen collective resilience against potential threats that attempt to degrade information, content, and products and affect Web data, users, behaviors, and even beyond as well as offline life. Even on Web platforms that are open to all, the influence of some first mover authors may shape future discussion and collaboration, which is comparable to academic citation networks for instance. In a social coding network such as GitHub, activities of a set of users can have influence on other users who can get interested in further actions, possibly contributing to a new project together with influential users. In this paper, we analyze the effect of contribution activities on gaining influence in this and comparable networks that provide users the functionality and aims for reaching collaborative goals on the <a class="link-external link-http" href="http://Web.For" rel="external noopener nofollow">this http URL</a> this purpose, we present an empirical approach to identify the top influential users by using network features and contribution characteristics, which we find in existing and newly collected data set. We find that early adopter dynamics exist in the GitHub community, where early adopters have more followers in the end as expected. However, we also see counterexamples that arise due to the social networking behavior of late adopters, and due to the aging effect of older repositories and users. We publicly share the source code and the data sets for reproducing our paper.

Social and Information Networks

Qingyuan Gong,Yushan Liu,Jiayun Zhang,Yang Chen,Qi Li,Yu Xiao,Xin Wang,Pan Hui

DOI: https://doi.org/10.1109/tkde.2023.3237838

IF: 9.235

2023-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Online developer communities like GitHub allow a massive number of developers to collaborate. However, the openness of the communities makes them vulnerable to different types of malicious attacks, since attackers can easily join these communities and interact with legitimate users. In this work, we propose GitSec, a deep learning-based solution for detecting malicious accounts in online developer communities. GitSec distinguishes malicious accounts from legitimate ones based on the account profiles, dynamic activity characteristics, as well as social interactions. First, GitSec introduces two user activity sequences and applies a parallel neural network design with an attention mechanism to process the sequences. Second, GitSec constructs two graphs to represent the interactions between users according to their repository operations. Especially, graph neural networks and structural hole theory are employed to deal with the two constructed graphs. Third, GitSec makes use of the descriptive features to enhance the detection performance. The final judgement is made by a decision maker implemented by a supervised machine learning-based classifier. Based on the real-world data of GitHub users, our comprehensive evaluations show that GitSec achieves a better performance than state-of-the-art solutions, with an AUC value of 0.916.

computer science, information systems, artificial intelligence,engineering, electrical & electronic

Xunhui Zhang,Tao Wang,Yue Yu,Qiubing Zeng,Zhixing Li,Huaimin Wang

DOI: https://doi.org/10.48550/arXiv.2111.13323

2021-11-26

Abstract:While many forms of financial support are currently available, there are still many complaints about inadequate financing from software maintainers. In May 2019, GitHub, the world's most active social coding platform, launched the Sponsor mechanism as a step toward more deeply integrating open source development and financial support. This paper collects data on 8,028 maintainers, 13,555 sponsors, and 22,515 sponsorships and conducts a comprehensive analysis. We explore the relationship between the Sponsor mechanism and developers along four dimensions using a combination of qualitative and quantitative analysis, examining why developers participate, how the mechanism affects developer activity, who obtains more sponsorships, and what mechanism flaws developers have encountered in the process of using it. We find a long-tail effect in the act of sponsorship, with most maintainers' expectations remaining unmet, and sponsorship has only a short-term, slightly positive impact on development activity but is not sustainable. While sponsors participate in this mechanism mainly as a means of thanking the developers of OSS that they use, in practice, the social status of developers is the primary influence on the number of sponsorships. We find that both the Sponsor mechanism and open source donations have certain shortcomings and need further improvements to attract more participants.

Human-Computer Interaction,Software Engineering

Yaxin Wang,Liang Wang,Hao Hu,Jing Jiang,Hongyu Kuang,Xianping Tao

DOI: https://doi.org/10.1109/compsac54236.2022.00144

2022-01-01

Abstract:Studies on the OSS communities have shown that financial supports are critical to OSS developers and projects to maintain their progress and sustainability. However, there were few developers being paid directly for maintaining OSS projects in the past. The GitHub Sponsors program that brings financial supports to the general OSS developers in GitHub-the world's largest OSS platform may make a difference on this situation in the future. In this paper, we present a data set on GitHub Sponsors and conduct a data-driven study to analyze the participants of the program and the impact of sponsorships to developers' activities and their projects' outcomes and qualities. The results of our survey suggest that most developers state they will contribute more with sponsorships and provide some privilege for their sponsors. And through quantitative study, we find that developers make more contributions on GitHub after they got/offered sponsorships. Moreover, gaining sponsorship also has a weakly positive impact on developers' collaborators that did not get sponsorship. And not only developers, but their own or contributed projects also can be motivate by sponsorships. Our findings are useful to the community by understanding the impact of sponsorships on users' activities and projects' progress and sustainability, and helping the managers to improve the current financial support mechanism.

Jiaqi Zhang,Yanchun Sun,Yuqi Zhou,Jiawei Wu,Huizhen Jiang,Gang Huang

DOI: https://doi.org/10.1109/sse62657.2024.00017

2024-01-01

Abstract:N owadays, software service design is increasingly oriented toward addressing human needs, aiming to extract users' needs and behavioral patterns from open-source data. GitHub's massive open-source repositories have emerged as a crucial data source for software service researchers seeking to extract valuable insights and develop software services tailored for developers. Both GitHub and researchers are making efforts to help researchers and developers better utilize GitHub data. In 2017, GitHub launched “topics”, enabling developers to assign keywords to repositories. This feature fosters linkages between repositories, aiding in their discovery by other developers. For software development, topics offer two significant values. First, topics provide researchers with new insights to better mine GitHub data and provide enhanced support for developers. Second, developers utilizing topics to annotate their repositories may enhance their visibility and engagement within the community, potentially bolstering their repository's popularity. Despite the increasing number of topics, no research has systematically analyzed their content and potential value. Therefore, we conduct the first empirical study on topics, providing valuable conclusions for future researchers and developers. We conduct a case study encompassing 900 repositories to analyze the information explicitly presented in the topic content, and three experiments to verify whether topics have the potential to be used as repository features and user features in GitHub-related studies. Furthermore, we delve into the correlation between topics and repository popularity, by analyzing the number of stars repositories received. Our findings cover the composition of topic content, the potential value of topics for GitHub-related research, and the impact of topics on repository popularity.

Haitao Xu,Daiping Liu,Haining Wang,Angelos Stavrou

DOI: https://doi.org/10.1145/2736277.2741650

2015-01-01

Abstract:In online markets, a store's reputation is closely tied to its profitability. Sellers' desire to quickly achieve high reputation has fueled a profitable underground business, which operates as a specialized crowdsourcing marketplace and accumulates wealth by allowing online sellers to harness human laborers to conduct fake transactions for improving their stores' reputations. We term such an underground market a seller-reputation-escalation (SRE) market. In this paper, we investigate the impact of the SRE service on reputation escalation by performing in-depth measurements of the prevalence of the SRE service, the business model and market size of SRE markets, and the characteristics of sellers and offered laborers. To this end, we have infiltrated five SRE markets and studied their operations using daily data collection over a continuous period of two months. We identified more than 11,000 online sellers posting at least 219,165 fake-purchase tasks on the five SRE markets. These transactions earned at least $46,438 in revenue for the five SRE markets, and the total value of merchandise involved exceeded $3,452,530. Our study demonstrates that online sellers using SRE service can increase their stores' reputations at least 10 times faster than legitimate ones while only 2.2% of them were detected and penalized. Even worse, we found a newly launched service that can, within a single day, boost a seller's reputation by such a degree that would require a legitimate seller at least a year to accomplish. Finally, armed with our analysis of the operational characteristics of the underground economy, we offer some insights into potential mitigation strategies.

Nuthan Munaiah,Steven Kroh,Craig Cabrey,Meiyappan Nagappan

DOI: https://doi.org/10.1007/s10664-017-9512-6

IF: 3.762

2017-04-18

Empirical Software Engineering

Abstract:Software forges like GitHub host millions of repositories. Software engineering researchers have been able to take advantage of such a large corpora of potential study subjects with the help of tools like GHTorrent and Boa. However, the simplicity in querying comes with a caveat: there are limited means of separating the signal (e.g. repositories containing engineered software projects) from the noise (e.g. repositories containing home work assignments). The proportion of noise in a random sample of repositories could skew the study and may lead to researchers reaching unrealistic, potentially inaccurate, conclusions. We argue that it is imperative to have the ability to sieve out the noise in such large repository forges. We propose a framework, and present a reference implementation of the framework as a tool called reaper, to enable researchers to select GitHub repositories that contain evidence of an engineered software project. We identify software engineering practices (called dimensions) and propose means for validating their existence in a GitHub repository. We used reaper to measure the dimensions of 1,857,423 GitHub repositories. We then used manually classified data sets of repositories to train classifiers capable of predicting if a given GitHub repository contains an engineered software project. The performance of the classifiers was evaluated using a set of 200 repositories with known ground truth classification. We also compared the performance of the classifiers to other approaches to classification (e.g. number of GitHub Stargazers) and found our classifiers to outperform existing approaches. We found stargazers-based classifier (with 10 as the threshold for number of stargazers) to exhibit high precision (97%) but an inversely proportional recall (32%). On the other hand, our best classifier exhibited a high precision (82%) and a high recall (86%). The stargazer-based criteria offers precision but fails to recall a significant portion of the population.

computer science, software engineering

Haitao Xu,Daiping Liu,Haining Wang,Angelos Stavrou

DOI: https://doi.org/10.1145/2983646

IF: 3.35

2017-01-01

ACM Transactions on the Web

Abstract:In online markets, a store's reputation is closely tied to its profitability. Sellers' desire to quickly achieve a high reputation has fueled a profitable underground business that operates as a specialized crowdsourcing marketplace and accumulates wealth by allowing online sellers to harness human laborers to conduct fake transactions to improve their stores' reputations. We term such an underground market a seller-reputation-escalation (SRE) market. In this article, we investigate the impact of the SRE service on reputation escalation by performing in-depth measurements of the prevalence of the SRE service, the business model and market size of SRE markets, and the characteristics of sellers and offered laborers. To this end, we have infiltrated five SRE markets and studied their operations using daily data collection over a continuous period of 2 months. We identified more than 11,000 online sellers posting at least 219,165 fake-purchase tasks on the five SRE markets. These transactions earned at least $46,438 in revenue for the five SRE markets, and the total value of merchandise involved exceeded $3,452,530. Our study demonstrates that online sellers using the SRE service can increase their stores' reputations at least 10 times faster than legitimate ones while about 25% of them were visibly penalized. Even worse, we found a much stealthier and more hazardous service that can, within a single day, boost a seller's reputation by such a degree that would require a legitimate seller at least a year to accomplish. Armed with our analysis of the operational characteristics of the underground economy, we offer some insights into potential mitigation strategies. Finally, we revisit the SRE ecosystem 1 year later to evaluate the latest dynamism of the SRE markets, especially the statuses of the online stores once identified to launch fake-transaction campaigns on the SRE markets. We observe that the SRE markets are not as active as they were 1 year ago and about 17% of the involved online stores become inaccessible likely because they have been forcibly shut down by the corresponding E-commerce marketplace for conducting fake transactions.

Yun Zhang,David Lo,Pavneet Singh Kochhar,Xin Xia,Quanlai Li,Jianling Sun

DOI: https://doi.org/10.1109/SANER.2017.7884605

2017-01-01

Abstract:GitHub contains millions of repositories among which many are similar with one another (i.e., having similar source codes or implementing similar functionalities). Finding similar repositories on GitHub can be helpful for software engineers as it can help them reuse source code, build prototypes, identify alternative implementations, explore related projects, find projects to contribute to, and discover code theft and plagiarism. Previous studies have proposed techniques to detect similar applications by analyzing API usage patterns and software tags. However, these prior studies either only make use of a limited source of information or use information not available for projects on GitHub.In this paper, we propose a novel approach that can effectively detect similar repositories on GitHub. Our approach is designed based on three heuristics leveraging two data sources (i.e., GitHub stars and readme files) which are not considered in previous works. The three heuristics are: repositories whose readme files contain similar contents are likely to be similar with one another, repositories starred by users of similar interests are likely to be similar, and repositories starred together within a short period of time by the same user are likely to be similar. Based on these three heuristics, we compute three relevance scores (i.e., readme-based relevance, stargazer-based relevance, and time-based relevance) to assess the similarity between two repositories. By integrating the three relevance scores, we build a recommendation system called RepoPal to detect similar repositories. We compare RepoPal to a prior state-of-the-art approach CLAN using one thousand Java repositories on GitHub. Our empirical evaluation demonstrates that RepoPal achieves a higher success rate, precision and confidence over CLAN.

Xi Zhang,Shan Jiang,Xuyan Wang,Keran Duan,Yuting Xiao,Dongming Xu,Miltiadis D. Lytras,Yunhao Zheng,Patricia Ordóñez De Pablos

DOI: https://doi.org/10.1016/j.jik.2024.100497

IF: 11.219

2024-07-01

Journal of Innovation & Knowledge

Abstract:With the digital transformation of the global economy, a new mode of knowledge service has emerged on open innovation platforms such as those for the sharing economy. This mode is the paid knowledge-sharing service, where knowledge providers share knowledge with only those who have paid for it. Since an individual customer's purchases are influenced by others around them, we adopted social influence theory to explain sales of such services on paid knowledge-sharing platforms. A machine learning approach was applied to analyze 27,223 text reviews from the Zhihu Live platform (a well-known and large-scale open knowledge community in China). Hierarchical regression models were built to verify twelve proposed hypotheses about the knowledge providers, knowledge quality, interaction quality, and ratings. The results confirm the positive effect on sales of responsiveness (a dimension of interaction quality), and the negative effect on sales of free provider-driven knowledge contributions. In summary, this study provides a comprehensive framework for antecedent factors of sales of knowledge-sharing services. By introducing to knowledge management notions from the field of e-commerce (e.g., price, quality), this study broadens the understanding of the free-to-paid phenomenon on knowledge-sharing platforms.

management,business

Kamel Alrashedy,Ahmed Binjahlan

2024-04-05

Abstract:Millions of developers share their code on open-source platforms like GitHub, which offer social coding opportunities such as distributed collaboration and popularity-based ranking. Software engineering researchers have joined in as well, hosting their research artifacts (tools, replication package & datasets) in repositories, an action often marked as part of the publications contribution. Yet a decade after the first such paper-with-GitHub-link, little is known about the fate of such repositories in practice. Do research repositories ever gain the interest of the developer community, or other researchers? If so, how often and why (not)? Does effort invested on GitHub pay off with research impact? In short: we ask whether and how authors engage in social coding related to their research. We conduct a broad empirical investigation of repositories from published work, starting with ten thousand papers in top SE research venues, hand-annotating their 3449 GitHub (and Zenodo) links, and studying 309 paper-related repositories in detail. We find a wide distribution in popularity and impact, some strongly correlated with publication venue. These were often heavily informed by the authors investment in terms of timely responsiveness and upkeep, which was often remarkably subpar by GitHubs standards, if not absent altogether. Yet we also offer hope: popular repositories often go hand-in-hand with well-citepd papers and achieve broad impact. Our findings suggest the need to rethink the research incentives and reward structure around research products requiring such sustained contributions.

Software Engineering

Junxiao Han,Shuiguang Deng,Xin Xia,Dongjing Wang,Jianwei Yin

DOI: https://doi.org/10.1109/compsac.2019.00013

2019-01-01

Abstract:GitHub is a large and popular open source project platform, which hosts various open source projects. Despite the prevalence of GitHub platform, not every project has gained high popularity. Identification of popular projects on GitHub can help developers choose proper projects to follow or contribute to, as well as provide guidance in building a popular project. In this paper, we propose an approach to predict the popularity of GitHub projects. We first conducted online surveys with GitHub users to determine the threshold (the number of stars of a project) of popular and unpopular projects. Next, we extract 35 features from both GitHub and Stack Overflow, which are divided into three dimensions: project, evolutionary, and project owner. A random forest classifier is built based on these features to identify popular GitHub projects. To evaluate the performance of our approach, we collect a large-scale dataset from GitHub which contains a total of 409,784 GitHub projects and 174,784 GitHub users. Our model achieves an average AUC of 0.76, which statistically significantly improves state-of-the-art by a substantial margin. We also study which features are of the most importance in distinguishing popular projects from unpopular ones. Experimental results show that number of branches, number of open issues, and number of contributors play the most important roles in identification of popular projects, and all of them have large effect size.

Md Rayhanul Masud,Michalis Faloutsos

2024-03-07

Abstract:Are malicious repositories hiding under the educational label in GitHub? Recent studies have identified collections of GitHub repositories hosting malware source code with notable collaboration among the developers. Thus, analyzing GitHub repositories deserves inevitable attention due to its open-source nature providing easy access to malicious software code and artifacts. Here we leverage the capabilities of ChatGPT in a qualitative study to annotate an educational GitHub repository based on maliciousness of its metadata contents. Our contribution is twofold. First, we demonstrate the employment of ChatGPT to understand and annotate the content published in software repositories. Second, we provide evidence of hidden risk in educational repositories contributing to the opportunities of potential threats and malicious intents. We carry out a systematic study on a collection of 35.2K GitHub repositories claimed to be created for educational purposes only. First, our study finds an increasing trend in the number of such repositories published every year. Second, 9294 of them are labeled by ChatGPT as malicious, and further categorization of the malicious ones detects 14 different malware families including DDoS, keylogger, ransomware and so on. Overall, this exploratory study flags a wake-up call for the community for better understanding and analysis of software platforms.

Software Engineering,Cryptography and Security

Hudson Borges,Marco Tulio Valente

DOI: https://doi.org/10.1109/MC.2018.2888770

2019-08-13

Abstract:Open source projects have an increasing importance on modern software development. For this reason, these projects, as usual with commercial software projects, should make use of promotion channels to communicate and establish contact with users and contributors. In this article, we study the channels used to promote a set of 100 popular GitHub projects. First, we reveal that Twitter, user meetings, and blogs are the most common promotion channels used by the studied projects. Second, we report a major difference between the studied projects and a random sample of projects, regarding the use of the investigated promotion channels. Third, we show the importance of a popular news aggregation site (Hacker News) on the promotion of open source. We conclude by presenting a set of practical recommendation to open source project managers and leaders, regarding the promotion of their projects.

Software Engineering

Peter Mehler,Eva Iris Otto,Anna Sapienza

DOI: https://doi.org/10.1140/epjds/s13688-024-00475-0

IF: 3.63

2024-05-08

EPJ Data Science

Abstract:While Free and Open Source (F/OSS) coding has traditionally been described as a separate commons linked to values of openness and sharing, recent research suggests an increasing integration of private corporations into F/OSS practices, blurring the boundaries between F/OSS and commodified coding. However, there is a dearth of empirical, and especially quantitative studies exploring this phenomenon. To address this gap, we model the power dynamics and infrastructural aspects of software production within GitHub, a central hub for F/OSS development, using a large-scale, directed network. Using various network statistics, we detect the ecosystem's most impactful actors and find a nuanced picture of the influence of individuals, open source organizations, and private corporations in F/OSS practices. We find that the majority of public repositories on GitHub depend on a small core of specialized repositories and users. In accordance with expectations, individuals and open source organizations are more prevalent in this core of elite GitHub users, however, we also find a significant amount of private organizations with an indirect, yet consistent influence within GitHub. In addition, we find that directly influential individuals tend to facilitate sponsorship methods more often than indirectly or non-influential individuals. Our research highlights a hybridization of F/OSS and sheds light on the complex interplay between influence, power, and code production in the multi-language dependency ecosystem of GitHub.

mathematics, interdisciplinary applications,social sciences, mathematical methods