DigiNews

Summary

The paper proposes the Package Calculus, a formal model for dependency resolution that unifies the core semantics of diverse package managers. It demonstrates how formal reductions can model real-world dependency expressions and enable cross-ecosystem resolution, addressing fragmentation and implicit external dependencies that impact security. This work suggests a path toward interoperability and clearer security visibility across multilingual projects.