SourceBroken: A Large-Scale Analysis on the (Un)Reliability of SourceRank in the PyPI Ecosystem

SourceRank is a scoring system made of 18 metrics that assess the popularity and quality of open-source packages. Despite being used in several recent studies, none has thoroughly analyzed its reliability against evasion attacks aimed at inflating the score of malicious packages, thereby...