Tootfinder

An Empirical Study of Vulnerable Package Dependencies in LLM Repositories
Shuhan Liu, Xing Hu, Xin Xia, David Lo, Xiaohu Yang
https://arxiv.org/abs/2508.21417 https://

An Empirical Study of Vulnerable Package Dependencies in LLM Repositories
Large language models (LLMs) have developed rapidly in recent years, revolutionizing various fields. Despite their widespread success, LLMs heavily rely on external code dependencies from package management systems, creating a complex and interconnected LLM dependency supply chain. Vulnerabilities in dependencies can expose LLMs to security risks. While existing research predominantly focuses on model-level security threats, vulnerabilities within the LLM dependency supply chain have been overl…

North Korean hackers target open-source repositories in new espionage campaign https://therecord.media/north-korean-hackers-targeting-open-source-repositories

Czas w końcu wziąć się za przenoszenie swoich projektów z LLM Torment Nexus, dawniej #GitHub. Projekty związane z #Gentoo trafią na naszą własną infrastrukturę, w najbliższym czasie GitHub dalej będzie służył jako serwer lustrzany / ścieżka przyjmowania łatek. W przyszłości prawdopodobnie te funkcje przejmie

TypyBench: Evaluating LLM Type Inference for Untyped Python Repositories
Honghua Dong, Jiacheng Yang, Xun Deng, Yuhe Jiang, Gennady Pekhimenko, Fan Long, Xujie Si
https://arxiv.org/abs/2507.22086

TypyBench: Evaluating LLM Type Inference for Untyped Python Repositories
Type inference for dynamic languages like Python is a persistent challenge in software engineering. While large language models (LLMs) have shown promise in code understanding, their type inference capabilities remain underexplored. We introduce TypyBench, a benchmark designed to evaluate LLMs' type inference across entire Python repositories. TypyBench features two novel metrics: TypeSim, which captures nuanced semantic relationships between predicted and ground truth types, and TypeCheck, whi…

I need to remember to turn off the issues feature for sample GitHub repositories

DataLens: Enhancing Dataset Discovery via Network Topologies
Ana\"is Ollagnier (CRISAM, CNRS, MARIANNE), Aline Menin (WIMMICS, Laboratoire I3S - SPARKS)
https://arxiv.org/abs/2507.23515

DataLens: Enhancing Dataset Discovery via Network Topologies
The rapid growth of publicly available textual resources, such as lexicons and domain-specific corpora, presents challenges in efficiently identifying relevant resources. While repositories are emerging, they often lack advanced search and exploration features. Most search methods rely on keyword queries and metadata filtering, which require prior knowledge and fail to reveal connections between resources. To address this, we present DataLens, a web-based platform that combines faceted search w…

Recovering Signals in CoRoT Mission (RSCoRoT): I. Short Period Variable Stars
C. E. Ferreira Lopes, A. Papageorgiou, B. L. Canto Martins, M. Catelan, D. Hazarika, I. C. Le\~ao, J. R. De Medeiros, E. Lalounta, P. E. Christopoulou, D. O. Fontinele, R. L. Gomes
https://arxiv.org/abs/2508.21665

Recovering Signals in CoRoT Mission (RSCoRoT): I. Short Period Variable Stars
The CoRoT (Convection, Rotation, and planetary Transits) mission still holds a large trove of high-quality, underused light curves with excellent signal-to-noise and continuous coverage. This paper, the first in a series, identifies and classifies variable stars in CoRoT fields whose variability has not been analyzed in the main repositories. We combine simulations and real data to test a moving-average scheme that mitigates instrumental jumps and enhances the recovery of short-period signals (…

Since at least 2009, I've had 4-5 git repositories online with gitweb.cgi for projects I worked on in the mid/late 2000s. Nothing super important, and no activity since 2010 or so, but just sitting there available.
I just had to kill the web server because facebook's web crawlers are hitting the webserver so hard and overloading the cheap VPS that it's on (which I'm using for other things). It has literally been no bother for 15 years until now.
Meta truly is a …

RepoMark: A Code Usage Auditing Framework for Code Large Language Models
Wenjie Qu, Yuguang Zhou, Bo Wang, Wengrui Zheng, Yuexin Li, Jinyuan Jia, Jiaheng Zhang
https://arxiv.org/abs/2508.21432

RepoMark: A Code Usage Auditing Framework for Code Large Language Models
The rapid development of Large Language Models (LLMs) for code generation has transformed software development by automating coding tasks with unprecedented efficiency. However, the training of these models on open-source code repositories (e.g., from GitHub) raises critical ethical and legal concerns, particularly regarding data authorization and open-source license compliance. Developers are increasingly questioning whether model trainers have obtained proper authorization before using repo…

Shot: https://techcrunch.com/2025/04/29/microsoft-ceo-says-up-to-30-of-the-companys-code-was-written-by-ai/
Chaser:

Microsoft CEO says up to 30% of the company's code was written by AI | TechCrunch
Microsoft CEO Satya Nadella said that 20%-30% of code inside the company's repositories is "written by software," meaning AI.

And, boom, with that, all my servers and VPSs are monitored (25 total, with 3 hubs). Thank you, henrygd - https://github.com/henrygd - for Beszel - https://beszel.dev/

Predicting Maintenance Cessation of Open Source Software Repositories with An Integrated Feature Framework
Yiming Xu, Runzhi He, Hengzhi Ye, Minghui Zhou, Huaimin Wang
https://arxiv.org/abs/2507.21678 …

Predicting Maintenance Cessation of Open Source Software Repositories with An Integrated Feature Framework
The maintenance risks of open source software (OSS) projects pose significant threats to the quality, security, and resilience of modern software supply chains. While prior research has proposed diverse approaches for predicting OSS maintenance risk -- leveraging signals ranging from surface features (e.g., stars, commits) to social network analyses and behavioral patterns -- existing methods often suffer from ambiguous operational definitions, limited interpretability, and datasets of insuffic…

Knowledge engineering for open science: Building and deploying knowledge bases for metadata standards
Mark A. Musen, Martin J. O'Connor, Josef Hardi, Marcos Martinez-Romero
https://arxiv.org/abs/2507.22391

Knowledge engineering for open science: Building and deploying knowledge bases for metadata standards
Scientists strive to make their datasets available in open repositories, with the goal that they be findable, accessible, interoperable, and reusable (FAIR). Although it is hard for most investigators to remember all the guiding principles associated with FAIR data, there is one overarching requirement: The data need to be annotated with rich, discipline-specific, standardized metadata. The Center for Expanded Data Annotation and Retrieval (CEDAR) builds technology that enables scientists to en…

This post brought to you by finally figuring out what I hate about spreading related code across multiple repositories.
You see, I’m working in infrastructure now, so your code is my data.

For anyone waiting for a bookmark export feature of the #Vanadium browser, here's a workaround that seems to be working:
https://github.com/GrapheneOS/Vanadium/issues/…

Security researcher #exploits #GitHub gotcha, gets admin access to all #Istio repositories and more

User request for access to the main SharePoint site I administer. No, you will NOT get access to the main work SharePoint site. Even though many subsites and file repositories are locked with special permissions just knowing what is there isn't something we want everyone to see.
Only a few people have access to the main site and most of them is browse only and is required for their job.

Bart Wullems of The Art of Simplicity shares his experience using Microsoft's .NET Source Browser to take a peek at a particular API's internals. The code documentation pages have links to the corresponding Github repositories where you can see exactly how any given function is implemented.
"Browse the .NET code base with the .NET Source Browser"

Classifying Issues in Open-source GitHub Repositories
Amir Hossain Raaj, Fairuz Nawer Meem, Sadia Afrin Mim
https://arxiv.org/abs/2507.18982 https://arxiv.…

Classifying Issues in Open-source GitHub Repositories
GitHub is the most widely used platform for software maintenance in the open-source community. Developers report issues on GitHub from time to time while facing difficulties. Having labels on those issues can help developers easily address those issues with prior knowledge of labels. However, most of the GitHub repositories do not maintain regular labeling for the issues. The goal of this work is to classify issues in the open-source community using ML \& DNN models. There are thousands of open…

Survey on longform content in institutional repositories. This is part of a study commissioned by The British Academy and carried out by Information Power Ltd. #OpenAccess #books #AcademicPublishing

Usage of longform publications in HEI repositories
Take this survey powered by surveymonkey.com. Create your own surveys for free.

Generative Foundation Model for Structured and Unstructured Electronic Health Records
Sonish Sivarajkumar, Hang Zhang, Yuelyu Ji, Maneesh Bilalpur, Xizhi Wu, Chenyu Li, Min Gu Kwak, Shyam Visweswaran, Yanshan Wang
https://arxiv.org/abs/2508.16054

Generative Foundation Model for Structured and Unstructured Electronic Health Records
Electronic health records (EHRs) are rich clinical data sources but complex repositories of patient data, spanning structured elements (demographics, vitals, lab results, codes), unstructured clinical notes and other modalities of data. Harnessing this heterogeneity is critical for improving patient outcomes. Recent advances in large language models (LLMs) have enabled foundation models that can learn from multiple data modalities and support clinical tasks. However, most current approaches sim…

Hooray, parallel downloading of repository metadata was merged for #dnf! 🥳
https://github.com/rpm-software-management/dnf5/issues/307#issuecomment-2…

FreeBSD pkg version 2.2.0 seems to simplify things for users of FreeBSD-kmods repositories.
Big thanks to @…
https://www.reddit.com/r/freebsd/comments/

AI-Powered Legal Intelligence System Architecture: A Comprehensive Framework for Automated Legal Consultation and Analysis
Sean Kalaycioglu, Bob Liu, Colin Hong, Haipeng Xie
https://arxiv.org/abs/2508.17499

AI-Powered Legal Intelligence System Architecture: A Comprehensive Framework for Automated Legal Consultation and Analysis
This paper introduces the Legal Intelligence and Client Engagement System (LICES), a novel architecture designed to redefine legal consultation services through the systematic integration of advanced artificial intelligence, natural language processing, and federated legal databases. The proposed system uniquely harmonizes the sophisticated reasoning capabilities of large language models with authoritative legal information repositories, including CanLII, LexisNexis, WestLaw, the Justice Laws W…

I have now also converted my remaining personal open source Git repositories (those which we don't already host at the institute's #Gitlab instance and which are not forked from or contribution to others) from #Github to

René Mayrhofer
Codeberg is a non-profit, community-led organization that aims to help free and open source projects prosper by giving them a safe and friendly home.

scheise was ist pasirt
https://github.com/AasishPokhrel/repository/issues/1

"Does the cafe entrance look accessible? Where is the door?" Towards Geospatial AI Agents for Visual Inquiries
Jon E. Froehlich, Jared Hwang, Zeyu Wang, John S. O'Meara, Xia Su, William Huang, Yang Zhang, Alex Fiannaca, Philip Nelson, Shaun Kane
https://arxiv.org/abs/2508.15752

"Does the cafe entrance look accessible? Where is the door?" Towards Geospatial AI Agents for Visual Inquiries
Interactive digital maps have revolutionized how people travel and learn about the world; however, they rely on pre-existing structured data in GIS databases (e.g., road networks, POI indices), limiting their ability to address geo-visual questions related to what the world looks like. We introduce our vision for Geo-Visual Agents--multimodal AI agents capable of understanding and responding to nuanced visual-spatial inquiries about the world by analyzing large-scale repositories of geospatial …

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Chidera Biringa, Gokhan Kul
https://arxiv.org/abs/2506.13090 https://

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces exploitable by a potential adversary to conduct malicious exploits such as backdoor attacks. Recent detection efforts utilize embedding models to vectorize textual credentials before passing them to classifier…

Generative Foundation Model for Structured and Unstructured Electronic Health Records
Sonish Sivarajkumar, Hang Zhang, Yuelyu Ji, Maneesh Bilalpur, Xizhi Wu, Chenyu Li, Min Gu Kwak, Shyam Visweswaran, Yanshan Wang
https://arxiv.org/abs/2508.16054

Generative Foundation Model for Structured and Unstructured Electronic Health Records
Electronic health records (EHRs) are rich clinical data sources but complex repositories of patient data, spanning structured elements (demographics, vitals, lab results, codes), unstructured clinical notes and other modalities of data. Harnessing this heterogeneity is critical for improving patient outcomes. Recent advances in large language models (LLMs) have enabled foundation models that can learn from multiple data modalities and support clinical tasks. However, most current approaches sim…

Measuring the effectiveness of code review comments in GitHub repositories: A machine learning approach
Shadikur Rahman, Umme Ayman Koana, Hasibul Karim Shanto, Mahmuda Akter, Chitra Roy, Aras M. Ismael
https://arxiv.org/abs/2508.16053

Measuring the effectiveness of code review comments in GitHub repositories: A machine learning approach
This paper illustrates an empirical study of the working efficiency of machine learning techniques in classifying code review text by semantic meaning. The code review comments from the source control repository in GitHub were extracted for development activity from the existing year for three open-source projects. Apart from that, programmers need to be aware of their code and point out their errors. In that case, it is a must to classify the sentiment polarity of the code review comments to a…

Virtual Multiplex Staining for Histological Images using a Marker-wise Conditioned Diffusion Model
Hyun-Jic Oh, Junsik Kim, Zhiyi Shi, Yichen Wu, Yu-An Chen, Peter K. Sorger, Hanspeter Pfister, Won-Ki Jeong
https://arxiv.org/abs/2508.14681

Virtual Multiplex Staining for Histological Images using a Marker-wise Conditioned Diffusion Model
Multiplex imaging is revolutionizing pathology by enabling the simultaneous visualization of multiple biomarkers within tissue samples, providing molecular-level insights that traditional hematoxylin and eosin (H&E) staining cannot provide. However, the complexity and cost of multiplex data acquisition have hindered its widespread adoption. Additionally, most existing large repositories of H&E images lack corresponding multiplex images, limiting opportunities for multimodal analysis. To address…

Today in how #Elsevier ruins my mood: Pure repositories pollute #Unpaywall with garbage data.
https://phabricator.wikimedia.org/T396…

What is going on in the land of Fedora Linux?
First, the latest kernel in Fedora 42 recently went from "working" to "broken" with regard to the video screen on Intel(R) Core(TM) Ultra 7 155H on an ASUSTeK COMPUTER INC. NUC14RVK-B/NUC14RVBU7
Second, the update repositories now all have invalid checksums. (Update: this is now corrected.)
Fedora is Redhat is IBM - you would think that they could do some regression testing and maybe do a better locking of t…

Added a graphic showing the dependency tree of the #Linux @kernel-vanilla #Fedora coprs to https://fedoraproject.org/wi…

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Chidera Biringa, Gokhan Kul
https://arxiv.org/abs/2506.13090 https://

Detecting Hard-Coded Credentials in Software Repositories via LLMs
Software developers frequently hard-code credentials such as passwords, generic secrets, private keys, and generic tokens in software repositories, even though it is strictly advised against due to the severe threat to the security of the software. These credentials create attack surfaces exploitable by a potential adversary to conduct malicious exploits such as backdoor attacks. Recent detection efforts utilize embedding models to vectorize textual credentials before passing them to classifier…

Prometheus: Unified Knowledge Graphs for Issue Resolution in Multilingual Codebases
Zimin Chen, Yue Pan, Siyu Lu, Jiayi Xu, Claire Le Goues, Martin Monperrus, He Ye
https://arxiv.org/abs/2507.19942

Prometheus: Unified Knowledge Graphs for Issue Resolution in Multilingual Codebases
Language model (LM) agents, such as SWE-agent and OpenHands, have made progress toward automated issue resolution. However, existing approaches are often limited to Python-only issues and rely on pre-constructed containers in SWE-bench with reproduced issues, restricting their applicability to real-world and work for multi-language repositories. We present Prometheus, designed to resolve real-world issues beyond benchmark settings. Prometheus is a multi-agent system that transforms an entire co…

CodeEdu: A Multi-Agent Collaborative Platform for Personalized Coding Education
Jianing Zhao, Peng Gao, Jiannong Cao, Zhiyuan Wen, Chen Chen, Jianing Yin, Ruosong Yang, Bo Yuan
https://arxiv.org/abs/2507.13814

CodeEdu: A Multi-Agent Collaborative Platform for Personalized Coding Education
Large Language Models (LLMs) have demonstrated considerable potential in improving coding education by providing support for code writing, explanation, and debugging. However, existing LLM-based approaches generally fail to assess students' abilities, design learning plans, provide personalized material aligned with individual learning goals, and enable interactive learning. Current work mostly uses single LLM agents, which limits their ability to understand complex code repositories and schedu…

I've drafted support for verification of #PyPI provenance for #Gentoo.
You know, the new fancy thing that protects against supply chain attacks on PyPI, and verifies that you're using genuine #GitHub artifacts. Because, you know, GitHub repositories and deployment pipelines are an unlikely attack vector. And you definitely don't need to worry about #Microsoft owning the keys, the repositories and the pipelines at all.
#security #Python #SigStore

Adaptive Parallel Downloader for Large Genomic Datasets
Rasman Mubtasim Swargo, Engin Arslan, Md Arifuzzaman
https://arxiv.org/abs/2508.05511 https://arxiv…

Adaptive Parallel Downloader for Large Genomic Datasets
Modern next-generation sequencing (NGS) projects routinely generate terabytes of data, which researchers commonly download from public repositories such as SRA or ENA. Existing download tools often employ static concurrency settings, leading to inefficient bandwidth utilization and prolonged download times due to their inability to adapt to dynamic network conditions. We introduce FastBioDL, a parallel file downloader designed for large biological datasets, featuring an adaptive concurrency con…

USRN Discovery Pilot: Increasing the Discoverability of Open Access Content Through a National Network
Petr Knoth, Paul Walk, Matteo Cancellieri, Micheal Upshall, Halyna Torchylo, Jennifer Beamer, Kathleen Shearer, Heather Joseph
https://arxiv.org/abs/2508.02379

USRN Discovery Pilot: Increasing the Discoverability of Open Access Content Through a National Network
This paper presents the results of the USRN Discovery Pilot Project, a collaboration of SPARC, the Confederation of Open Access Repositories (COAR), CORE and Antleaf, to enhance the discoverability of research papers in US repositories leveraging CORE as an indexing service for USRN repositories. The project conducted actions in three strategic areas: Assessing and quantitatively measuring discoverability and barriers to it at the beginning and end of the pilot project, conducting interventions…

When folks open a GitHub issue on one of your random-ass experimental learning repositories.

A Reproducible, Scalable Pipeline for Synthesizing Autoregressive Model Literature
Faruk Alpay, Bugra Kilictas, Hamdi Alakkad
https://arxiv.org/abs/2508.04612 https://

A Reproducible, Scalable Pipeline for Synthesizing Autoregressive Model Literature
The accelerating pace of research on autoregressive generative models has produced thousands of papers, making manual literature surveys and reproduction studies increasingly impractical. We present a fully open-source, reproducible pipeline that automatically retrieves candidate documents from public repositories, filters them for relevance, extracts metadata, hyper-parameters and reported results, clusters topics, produces retrieval-augmented summaries and generates containerised scripts for …

GitTaskBench: A Benchmark for Code Agents Solving Real-World Tasks Through Code Repository Leveraging
Ziyi Ni, Huacan Wang, Shuo Zhang, Shuo Lu, Ziyang He, Wang You, Zhenheng Tang, Yuntao Du, Bill Sun, Hongzhang Liu, Sen Hu, Ronghao Chen, Bo Li, Xin Li, Chen Hu, Binxing Jiao, Daxin Jiang, Pin Lyu
https://arxiv.org/abs/2508.18993

GitTaskBench: A Benchmark for Code Agents Solving Real-World Tasks Through Code Repository Leveraging
Beyond scratch coding, exploiting large-scale code repositories (e.g., GitHub) for practical tasks is vital in real-world software development, yet current benchmarks rarely evaluate code agents in such authentic, workflow-driven scenarios. To bridge this gap, we introduce GitTaskBench, a benchmark designed to systematically assess this capability via 54 realistic tasks across 7 modalities and 7 domains. Each task pairs a relevant repository with an automated, human-curated evaluation harness s…

FuncVul: An Effective Function Level Vulnerability Detection Model using LLM and Code Chunk
Sajal Halder, Muhammad Ejaz Ahmed, Seyit Camtepe
https://arxiv.org/abs/2506.19453

FuncVul: An Effective Function Level Vulnerability Detection Model using LLM and Code Chunk
Software supply chain vulnerabilities arise when attackers exploit weaknesses by injecting vulnerable code into widely used packages or libraries within software repositories. While most existing approaches focus on identifying vulnerable packages or libraries, they often overlook the specific functions responsible for these vulnerabilities. Pinpointing vulnerable functions within packages or libraries is critical, as it can significantly reduce the risks associated with using open-source softw…

LEO: An Open-Source Platform for Linking OMERO with Lab Notebooks and Heterogeneous Metadata Sources
Rodrigo Escobar D\'iaz Guerrero, Jamile Mohammad Jafari, Tobias Meyer-Zedler, Michael Schmitt, Juergen Popp, Thomas Bocklitz
https://arxiv.org/abs/2508.00654

LEO: An Open-Source Platform for Linking OMERO with Lab Notebooks and Heterogeneous Metadata Sources
In the interdisciplinary field of microscopy research, managing and integrating large volumes of data stored across disparate platforms remains a major challenge. Data types such as bioimages, experimental records, and spectral information are often maintained in separate repositories, each following different management standards. However, linking these data sources across the research lifecycle is essential to align with the FAIR principles of data management: Findability, Accessibility, Inte…

Reflective Homework as a Learning Tool: Evidence from Comparing Thirteen Years of Dual vs. Single Submission
Madhur Dixit, Kavya Lalbahadur Joshi, Kaveri Bhalchandra Konde, Edward F. Gehringer
https://arxiv.org/abs/2508.09314

Reflective Homework as a Learning Tool: Evidence from Comparing Thirteen Years of Dual vs. Single Submission
Dual-submission homework, where students submit work, receive feedback and then revise has gained attention as a way to foster reflection and discourage reliance on online answer repositories. This study analyzes 13 years of exam data from a computer architecture course to compare student performance under single versus dual-submission homework conditions. Using pooled t-tests on matched exam questions, we found that dual-submission significantly improved outcomes in a majority of cases. The re…

EEG Foundation Models for BCI Learn Diverse Features of Electrophysiology
Mattson Ogg, Rahul Hingorani, Diego Luna, Griffin W. Milsap, William G. Coon, Clara A. Scholl
https://arxiv.org/abs/2506.01867

EEG Foundation Models for BCI Learn Diverse Features of Electrophysiology
Brain computer interface (BCI) research, as well as increasing portions of the field of neuroscience, have found success deploying large-scale artificial intelligence (AI) pre-training methods in conjunction with vast public repositories of data. This approach of pre-training foundation models using label-free, self-supervised objectives offers the potential to learn robust representations of neurophysiology, potentially addressing longstanding challenges in neural decoding. However, to date, m…

PickleBall: Secure Deserialization of Pickle-based Machine Learning Models
Andreas D. Kellas, Neophytos Christou, Wenxin Jiang, Penghui Li, Laurent Simon, Yaniv David, Vasileios P. Kemerlis, James C. Davis, Junfeng Yang
https://arxiv.org/abs/2508.15987

PickleBall: Secure Deserialization of Pickle-based Machine Learning Models
Machine learning model repositories such as the Hugging Face Model Hub facilitate model exchanges. However, bad actors can deliver malware through compromised models. Existing defenses such as safer model formats, restrictive (but inflexible) loading policies, and model scanners have shortcomings: 44.9% of popular models on Hugging Face still use the insecure pickle format, 15% of these cannot be loaded by restrictive loading policies, and model scanners have both false positives and false nega…

Does AI Code Review Lead to Code Changes? A Case Study of GitHub Actions
Kexin Sun, Hongyu Kuang, Sebastian Baltes, Xin Zhou, He Zhang, Xiaoxing Ma, Guoping Rong, Dong Shao, Christoph Treude
https://arxiv.org/abs/2508.18771

Does AI Code Review Lead to Code Changes? A Case Study of GitHub Actions
AI-based code review tools automatically review and comment on pull requests to improve code quality. Despite their growing presence, little is known about their actual impact. We present a large-scale empirical study of 16 popular AI-based code review actions for GitHub workflows, analyzing more than 22,000 review comments in 178 repositories. We investigate (1) how these tools are adopted and configured, (2) whether their comments lead to code changes, and (3) which factors influence their ef…

MagicGUI: A Foundational Mobile GUI Agent with Scalable Data Pipeline and Reinforcement Fine-tuning
Liujian Tang, Shaokang Dong, Yijia Huang, Minqi Xiang, Hongtao Ruan, Bin Wang, Shuo Li, Zhihui Cao, Hailiang Pang, Heng Kong, He Yang, Mingxu Chai, Zhilin Gao, Xingyu Liu, Yingnan Fu, Jiaming Liu, Tao Gui, Xuanjing Huang, Yu-Gang Jiang, Qi Zhang, Kang Wang, Yunke Zhang, Yuran Wang

MagicGUI: A Foundational Mobile GUI Agent with Scalable Data Pipeline and Reinforcement Fine-tuning
This paper presents MagicGUI, a foundational mobile GUI agent designed to address critical challenges in perception, grounding, and reasoning within real-world mobile GUI environments. The framework is underpinned by following six key components: (1) a comprehensive and accurate dataset, constructed via the scalable GUI Data Pipeline, which aggregates the largest and most diverse GUI-centric multimodal data to date from open-source repositories, automated crawling, and targeted manual annotatio…

SWE-Perf: Can Language Models Optimize Code Performance on Real-World Repositories?
Xinyi He, Qian Liu, Mingzhe Du, Lin Yan, Zhijie Fan, Yiming Huang, Zejian Yuan, Zejun Ma
https://arxiv.org/abs/2507.12415

SWE-Perf: Can Language Models Optimize Code Performance on Real-World Repositories?
Code performance optimization is paramount in real-world software engineering and critical for production-level systems. While Large Language Models (LLMs) have demonstrated impressive capabilities in code generation and bug fixing, their proficiency in enhancing code performance at the repository level remains largely unexplored. To address this gap, we introduce SWE-Perf, the first benchmark specifically designed to systematically evaluate LLMs on code performance optimization tasks within au…

MeAJOR Corpus: A Multi-Source Dataset for Phishing Email Detection
Paulo Mendes (GECAD, ISEP, Polytechnic of Porto, Portugal), Eva Maia (GECAD, ISEP, Polytechnic of Porto, Portugal), Isabel Pra\c{c}a (GECAD, ISEP, Polytechnic of Porto, Portugal)
https://arxiv.org/abs/2507.17978

MeAJOR Corpus: A Multi-Source Dataset for Phishing Email Detection
Phishing emails continue to pose a significant threat to cybersecurity by exploiting human vulnerabilities through deceptive content and malicious payloads. While Machine Learning (ML) models are effective at detecting phishing threats, their performance largely relies on the quality and diversity of the training data. This paper presents MeAJOR (Merged email Assets from Joint Open-source Repositories) Corpus, a novel, multi-source phishing email dataset designed to overcome critical limitation…

TRAIL: Joint Inference and Refinement of Knowledge Graphs with Large Language Models
Xinkui Zhao, Haode Li, Yifan Zhang, Guanjie Cheng, Yueshen Xu
https://arxiv.org/abs/2508.04474

TRAIL: Joint Inference and Refinement of Knowledge Graphs with Large Language Models
Recent advances in large language models (LLMs) have unlocked powerful reasoning and decision-making capabilities. However, their inherent dependence on static parametric memory fundamentally limits their adaptability, factual accuracy, and interpretability in knowledge-intensive scenarios. Knowledge graphs (KGs), as structured repositories of explicit relational knowledge, offer a promising approach for augmenting LLMs with external, interpretable memory. Nevertheless, most existing methods th…

This https://arxiv.org/abs/2506.02139 has been replaced.
link: https://scholar.google.com/scholar?q=a

The Unified Cognitive Consciousness Theory for Language Models: Anchoring Semantics, Thresholds of Activation, and Emergent Reasoning
Few-shot learning in large language models (LLMs) reveals a core paradox: certain tasks generalize from just a few examples, while others demand extensive supervision. To explain this, we introduce the Unified Cognitive Consciousness Theory (UCCT), which reconceptualizes LLMs not as deficient agents, but as unconscious substrates: dense, distributed repositories of linguistic and conceptual patterns that operate without explicit semantics, intention, or goal-directed reasoning. Under this view,…

Threshold-Protected Searchable Sharing: Privacy Preserving Aggregated-ANN Search for Collaborative RAG
Ruoyang Rykie Guo
https://arxiv.org/abs/2507.17199 https://

Threshold-Protected Searchable Sharing: Privacy Preserving Aggregated-ANN Search for Collaborative RAG
LLM-powered search services have driven data integration as a significant trend. However, this trend's progress is fundamentally hindered, despite the fact that combining individual knowledge can significantly improve the relevance and quality of responses in specialized queries and make AI more professional at providing services. Two key bottlenecks are private data repositories' locality constraints and the need to maintain compatibility with mainstream search techniques, particularly Hierarc…

ModeliHub: A Web-based, Federated Analytics Platform for Modelica-centric, Model-based Systems Engineering
Mohamad Omar Nachawati
https://arxiv.org/abs/2506.18790

ModeliHub: A Web-based, Federated Analytics Platform for Modelica-centric, Model-based Systems Engineering
This paper introduces ModeliHub, a Web-based, federated analytics platform designed specifically for model-based systems engineering with Modelica. ModeliHub's key innovation lies in its Modelica-centric, hub-and-spoke federation architecture that provides systems engineers with a Modelica-based, unified system model of repositories containing heterogeneous engineering artifacts. From this unified system model, ModeliHub's Virtual Twin engine provides a real-time, interactive simulation environ…

LMR-BENCH: Evaluating LLM Agent's Ability on Reproducing Language Modeling Research
Shuo Yan, Ruochen Li, Ziming Luo, Zimu Wang, Daoyang Li, Liqiang Jing, Kaiyu He, Peilin Wu, George Michalopoulos, Yue Zhang, Ziyang Zhang, Mian Zhang, Zhiyu Chen, Xinya Du
https://arxiv.org/abs/2506.17335…

LMR-BENCH: Evaluating LLM Agent's Ability on Reproducing Language Modeling Research
Large language model (LLM) agents have demonstrated remarkable potential in advancing scientific discovery. However, their capability in the fundamental yet crucial task of reproducing code from research papers, especially in the NLP domain, remains underexplored. This task includes unique complex reasoning challenges in the intellectual synthesis of abstract concepts and the comprehension of code repositories with interdependent files. Motivated by this gap, we present LMR-BENCH, a benchmark d…

A Methodological Framework for LLM-Based Mining of Software Repositories
Vincenzo De Martino, Joel Casta\~no, Fabio Palomba, Xavier Franch, Silverio Mart\'inez-Fern\'andez
https://arxiv.org/abs/2508.02233

A Methodological Framework for LLM-Based Mining of Software Repositories
Large Language Models (LLMs) are increasingly used in software engineering research, offering new opportunities for automating repository mining tasks. However, despite their growing popularity, the methodological integration of LLMs into Mining Software Repositories (MSR) remains poorly understood. Existing studies tend to focus on specific capabilities or performance benchmarks, providing limited insight into how researchers utilize LLMs across the full research pipeline. To address this gap,…

This https://arxiv.org/abs/2505.19165 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csAI_…

OrgAccess: A Benchmark for Role Based Access Control in Organization Scale LLMs
Role-based access control (RBAC) and hierarchical structures are foundational to how information flows and decisions are made within virtually all organizations. As the potential of Large Language Models (LLMs) to serve as unified knowledge repositories and intelligent assistants in enterprise settings becomes increasingly apparent, a critical, yet under explored, challenge emerges: \textit{can these models reliably understand and operate within the complex, often nuanced, constraints imposed b…

Empirical Analysis of Temporal and Spatial Fault Characteristics in Multi-Fault Bug Repositories
Dylan Callaghan, Alexandra van der Spuy, Bernd Fischer
https://arxiv.org/abs/2508.08872

Empirical Analysis of Temporal and Spatial Fault Characteristics in Multi-Fault Bug Repositories
Fixing software faults contributes significantly to the cost of software maintenance and evolution. Techniques for reducing these costs require datasets of software faults, as well as an understanding of the faults, for optimal testing and evaluation. In this paper, we present an empirical analysis of the temporal and spatial characteristics of faults existing in 16 open-source Java and Python projects, which form part of the Defects4J and BugsInPy datasets, respectively. Our findings show that…

Dissecting the SWE-Bench Leaderboards: Profiling Submitters and Architectures of LLM- and Agent-Based Repair Systems
Matias Martinez, Xavier Franch
https://arxiv.org/abs/2506.17208

Dissecting the SWE-Bench Leaderboards: Profiling Submitters and Architectures of LLM- and Agent-Based Repair Systems
The rapid progress in Automated Program Repair (APR) has been driven by advances in AI, particularly large language models (LLMs) and agent-based systems. SWE-Bench is a recent benchmark designed to evaluate LLM-based repair systems using real issues and pull requests mined from 12 popular open-source Python repositories. Its public leaderboards, SWE-Bench Lite and SWE-Bench Verified, have become central platforms for tracking progress and comparing solutions. However, because the submission pr…

VulGuard: An Unified Tool for Evaluating Just-In-Time Vulnerability Prediction Models
Duong Nguyen, Manh Tran-Duc, Thanh Le-Cong, Triet Huynh Minh Le, M. Ali Babar, Quyet-Thang Huynh
https://arxiv.org/abs/2507.16685

VulGuard: An Unified Tool for Evaluating Just-In-Time Vulnerability Prediction Models
We present VulGuard, an automated tool designed to streamline the extraction, processing, and analysis of commits from GitHub repositories for Just-In-Time vulnerability prediction (JIT-VP) research. VulGuard automatically mines commit histories, extracts fine-grained code changes, commit messages, and software engineering metrics, and formats them for downstream analysis. In addition, it integrates several state-of-the-art vulnerability prediction models, allowing researchers to train, evaluat…

Interoperable verification and dissemination of software assets in repositories using COAR Notify
Matteo Cancellieri, Martin Docekal, David Pride, Morane Gruenpeter, David Douard, Petr Knoth
https://arxiv.org/abs/2508.02335

Interoperable verification and dissemination of software assets in repositories using COAR Notify
The discoverability, attribution, and reusability of open research software are often hindered by its obscurity within academic manuscripts. To address this, the SoFAIR project (2024-2025) introduces a comprehensive workflow leveraging machine learning tools for extracting software mentions from research papers. The project integrates repository systems, authors, and services like HAL and Software Heritage to ensure proper archiving, citation, and accessibility of research software in alignment…

Structural and Connectivity Patterns in the Maven Central Software Dependency Network
Daniel Ogenrwot, John Businge, Shaikh Arifuzzaman
https://arxiv.org/abs/2508.13819 https://…

Structural and Connectivity Patterns in the Maven Central Software Dependency Network
Understanding the structural characteristics and connectivity patterns of large-scale software ecosystems is critical for enhancing software reuse, improving ecosystem resilience, and mitigating security risks. In this paper, we investigate the Maven Central ecosystem, one of the largest repositories of Java libraries, by applying network science techniques to its dependency graph. Leveraging the Goblin framework, we extracted a sample consisting of the top 5,000 highly connected artifacts base…

This https://arxiv.org/abs/2504.16449 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csCR_…

From Past to Present: A Survey of Malicious URL Detection Techniques, Datasets and Code Repositories
Malicious URLs persistently threaten the cybersecurity ecosystem, by either deceiving users into divulging private data or distributing harmful payloads to infiltrate host systems. Gaining timely insights into the current state of this ongoing battle holds significant importance. However, existing reviews exhibit 4 critical gaps: 1) Their reliance on algorithm-centric taxonomies obscures understanding of how detection approaches exploit specific modal information channels; 2) They fail to incor…

On the synchronization between Hugging Face pre-trained language models and their upstream GitHub repository
Ajibode Adekunle, Abdul Ali Bangash, Bram Adams, Ahmed E. Hassan
https://arxiv.org/abs/2508.10157

On the synchronization between Hugging Face pre-trained language models and their upstream GitHub repository
Pretrained language models (PTLMs) have advanced natural language processing (NLP), enabling progress in tasks like text generation and translation. Like software package management, PTLMs are trained using code and environment scripts in upstream repositories (e.g., GitHub, GH) and distributed as variants via downstream platforms like Hugging Face (HF). Coordinating development between GH and HF poses challenges such as misaligned release timelines, inconsistent versioning, and limited reuse o…

Improving Merge Pipeline Throughput in Continuous Integration via Pull Request Prioritization
Maximilian Jungwirth, Martin Gruber, Gordon Fraser
https://arxiv.org/abs/2508.08342

Improving Merge Pipeline Throughput in Continuous Integration via Pull Request Prioritization
Integrating changes into large monolithic software repositories is a critical step in modern software development that substantially impacts the speed of feature delivery, the stability of the codebase, and the overall productivity of development teams. To ensure the stability of the main branch, many organizations use merge pipelines that test software versions before the changes are permanently integrated. However, the load on merge pipelines is often so high that they become bottlenecks, des…

Bug Classification in Quantum Software: A Rule-Based Framework and Its Evaluation
Mir Mohammad Yousuf, Shabir Ahmad Sofi
https://arxiv.org/abs/2506.10397 h…

Bug Classification in Quantum Software: A Rule-Based Framework and Its Evaluation
Accurate classification of software bugs is essential for improving software quality. This paper presents a rule-based automated framework for classifying issues in quantum software repositories by bug type, category, severity, and impacted quality attributes, with additional focus on quantum-specific bug types. The framework applies keyword and heuristic-based techniques tailored to quantum computing. To assess its reliability, we manually classified a stratified sample of 4,984 issues from a …

Repeton: Structured Bug Repair with ReAct-Guided Patch-and-Test Cycles
Nguyen Phu Vinh, Anh Chung Hoang, Chris Ngo, Truong-Son Hy
https://arxiv.org/abs/2506.08173

Repeton: Structured Bug Repair with ReAct-Guided Patch-and-Test Cycles
Large Language Models (LLMs) have shown strong capabilities in code generation and comprehension, yet their application to complex software engineering tasks often suffers from low precision and limited interpretability. We present Repeton, a fully open-source framework that leverages LLMs for precise and automated code manipulation in real-world Git repositories. Rather than generating holistic fixes, Repeton operates through a structured patch-and-test pipeline: it iteratively diagnoses issue…

This https://arxiv.org/abs/2503.02610 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csSE_…

Monitoring Continuous Integration Practices in Industry: A Case Study
In this paper, we study the benefits and challenges of monitoring Continuous Integration (CI) practices in software development. Our aim is to evaluate the impact of monitoring seven CI practices in industry using three organizations in Brazil as case studies. We developed a tool for monitoring CI practices and conducted a multiple case study, applying a mixed-methods strategy. We combined surveys, interviews, log data, and repositories data from software projects and their CI services.We gauge…

Bridging Language Gaps in Open-Source Documentation with Large-Language-Model Translation
Elijah Kayode Adejumo, Brittany Johnson, Mariam Guizani
https://arxiv.org/abs/2508.02497

Bridging Language Gaps in Open-Source Documentation with Large-Language-Model Translation
While open source communities attract diverse contributors globally, few repositories provide essential documentation in languages other than English. Large language models (LLMs) have demonstrated remarkable capabilities in software engineering tasks and translations across domains. However, little is known about LLM capabilities in translating open-source technical documentation, which mixes natural language, code, URLs, and markdown formatting. To understand the need and potential for LLMs i…

Evaluating Software Supply Chain Security in Research Software
Richard Hegewald, Rebecca Beyer
https://arxiv.org/abs/2508.03856 https://arxiv.org/pdf/2508.…

Evaluating Software Supply Chain Security in Research Software
The security of research software is essential for ensuring the integrity and reproducibility of scientific results. However, research software security is still largely unexplored. Due to its dependence on open source components and distributed development practices, research software is particularly vulnerable to supply chain attacks. This study analyses 3,248 high-quality, largely peer-reviewed research software repositories using the OpenSSF Scorecard. We find a generally weak security post…

This https://arxiv.org/abs/2505.23419 has been replaced.
initial toot: https://mastoxiv.page/@arXiv_csSE_…

SWE-bench Goes Live!
The issue-resolving task, where a model generates patches to fix real-world bugs, has emerged as a critical benchmark for evaluating the capabilities of large language models (LLMs). While SWE-bench and its variants have become standard in this domain, they suffer from key limitations: they have not been updated since their initial releases, cover a narrow set of repositories, and depend heavily on manual effort for instance construction and environment setup. These factors hinder scalability a…