Advertisement

An Empirical Analysis of Technical Lag in npm Package Dependencies

  • Ahmed ZeroualiEmail author
  • Eleni Constantinou
  • Tom Mens
  • Gregorio Robles
  • Jesús González-Barahona
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10826)

Abstract

Software library packages are constantly evolving and increasing in number. Not updating to the latest available release of dependent libraries may negatively affect software development by not benefiting from new functionality, vulnerability and bug fixes available in more recent versions. On the other hand, automatically updating to the latest release may introduce incompatibility issues. We introduce a technical lag metric for dependencies in package networks, in order to assess how outdated a software package is compared to the latest available releases of its dependencies. We empirically analyse the package update practices and technical lag for the npm distribution of JavaScript packages. Our results show a strong presence of technical lag caused by the specific use of dependency constraints, indicating a reluctance to update dependencies to avoid backward incompatible changes.

Keywords

Software library Technical lag Package dependency npm 

Notes

Acknowledgements

This work was partially supported by EU Research Framework Programme H2020-MSCA-ITN-2014-642954 Seneca, bilateral FRQ-FNRS research program 30440672 SECOHealth, research project TIN2014-59400-R SobreVision funded by the Spanish Government, and Excellence of Science project 30446992 SECO-Assist financed by FWO - Vlaanderen and F.R.S.-FNRS.

References

  1. 1.
    Abdalkareem, R., Nourry, O., Wehaibi, S., Mujahid, S., Shihab, E.: Why do developers use trivial packages? An empirical case study on npm. In: International Symposium Foundations of Software Engineering, pp. 385–395. ACM (2017)Google Scholar
  2. 2.
    Bogart, C., Kästner, C., Herbsleb, J., Thung, F.: How to break an API: cost negotiation and community values in three software ecosystems. In: International Symposium on Foundations of Software Engineering, pp. 109–120. ACM (2016)Google Scholar
  3. 3.
    Borges, H., Valente, M.T., Hora, A., Coelho, J.: On the popularity of GitHub applications: a preliminary note. arXiv preprint arXiv:1507.00604 (2015)
  4. 4.
    Constantinou, E., Mens, T.: An empirical comparison of developer retention in the RubyGems and npm software ecosystems. Innov. Syst. Softw. Eng. 13(2–3), 101–115 (2017)CrossRefGoogle Scholar
  5. 5.
    Cunningham, W.: The WyCash portfolio management system. ACM SIGPLAN OOPS Messenger 4(2), 29–30 (1993)CrossRefGoogle Scholar
  6. 6.
    Decan, A., Mens, T., Claes, M.: An empirical comparison of dependency issues in OSS packaging ecosystems. In: SANER, pp. 2–12. IEEE (2017)Google Scholar
  7. 7.
    Decan, A., Mens, T., Grosjean, P.: An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empirical Softw. Eng., 1–36 (2018).  https://doi.org/10.1007/s10664-017-9589-y
  8. 8.
    Dietrich, J., Jezek, K., Brada, P.: Broken promises: an empirical study into evolution problems in Java programs caused by library upgrades. In: CSMR-WCRE, pp. 64–73 (2014).  https://doi.org/10.1109/CSMR-WCRE.2014.6747226
  9. 9.
    Digkas, G., Lungu, M., Chatzigeorgiou, A., Avgeriou, P.: The evolution of technical debt in the Apache ecosystem. In: Lopes, A., de Lemos, R. (eds.) ECSA 2017. LNCS, vol. 10475, pp. 51–66. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-65831-5_4CrossRefGoogle Scholar
  10. 10.
    Gonzalez-Barahona, J.M., Sherwood, P., Robles, G., Izquierdo, D.: Technical lag in software compilations: measuring how outdated a software deployment is. In: Balaguer, F., Di Cosmo, R., Garrido, A., Kon, F., Robles, G., Zacchiroli, S. (eds.) OSS 2017. IAICT, vol. 496, pp. 182–192. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-57735-7_17CrossRefGoogle Scholar
  11. 11.
    Kula, R.G., German, D.M., Ishio, T., Inoue, K.: Trusting a library: a study of the latency to adopt the latest Maven release. In: International Conference on Software Analysis, Evolution, and Reengineering, pp. 520–524 (2015).  https://doi.org/10.1109/SANER.2015.7081869
  12. 12.
    Kula, R.G., German, D.M., Ouni, A., Ishio, T., Inoue, K.: Do developers update their library dependencies? Empirical Softw. Eng. 23(1), 384–417 (2017).  https://doi.org/10.1007/s10664-017-9521-5CrossRefGoogle Scholar
  13. 13.
    Mileva, Y.M., Dallmeier, V., Burger, M., Zeller, A.: Mining trends of library usage. In: Proceedings of (IWPSE) and (Evol) Workshops, pp. 57–62. ACM (2009)Google Scholar
  14. 14.
    Nesbitt, A., Nickolls, B.: Libraries.io open source repository and dependency metadata (2017).  https://doi.org/10.5281/zenodo.808273
  15. 15.
    Raemaekers, S., van Deursen, A., Visser, J.: Semantic versioning versus breaking changes: a study of the Maven repository. In: SCAM, pp. 215–224 (2014).  https://doi.org/10.1109/SCAM.2014.30

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Software Engineering LabUniversité de MonsMonsBelgium
  2. 2.GSyC/LibreSoftUniversidad Rey Juan CarlosMadridSpain

Personalised recommendations