Software ecosystem call graph for dependency management

Hejderup, Joseph; Deursen, Arie van; Gousios, Georgios

doi:10.1145/3183399.3183417

Cited by 43 publications

(30 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Another study by Trockman et al [30] analyzes repository badges of npm packages to understand the quality of the npm ecosystem, finding a positive correlation between the assignment of a coverage badge and the presence of more test code. The study from Hejderup et al [32] analyzes the dependency among different versions of npm packages by constructing the call graph at the function level using static analysis. NpmMiner [20] employs static analysis on 2000 packages to highlight metrics such as cyclomatic complexity [33] and lines of code, as well as pinpoint code linting issues.…”

Section: Related Workmentioning

confidence: 99%

Automatically Assessing and Extending Code Coverage for NPM Packages

Sun

Rosà

Bonetta³

et al. 2021

2021 IEEE/ACM International Conference on Automation of Software Test (AST)

View full text Add to dashboard Cite

Typical Node.js applications extensively rely on packages hosted in the npm registry. As such packages may be used by thousands of other packages or applications, it is important to assess their code coverage. Moreover, increasing code coverage may help detect previously unknown issues. In this paper, we introduce TESA, a new tool that automatically assembles a test suite for any package in the npm registry. The test suite includes 1) tests written for the target package and usually hosted in its development repository, and 2) tests selected from dependent packages. The former tests allow assessing the code coverage of the target package, while the latter ones can increase code coverage by exploiting third-party tests that also exercise code in the target package. We use TESA to assess the code coverage of 500 popular npm packages. Then, we demonstrate that TESA can significantly increase code coverage by including tests from dependent packages. Finally, we show that the test suites assembled by TESA increase the effectiveness of existing dynamic program analyses to identify performance issues that are not detectable when only executing the developer's tests.

show abstract

Section: Related Workmentioning

confidence: 99%

Automatically Assessing and Extending Code Coverage for NPM Packages

Sun

Rosà

Bonetta³

et al. 2021

2021 IEEE/ACM International Conference on Automation of Software Test (AST)

View full text Add to dashboard Cite

show abstract

“…Cogo et al [9] performed an empirical study of dependency downgrades and found that downgrades occur because developers want to avoid some defects from a specific version and some incompatibility issues. Hejderup et al [25] extracted the call graph for software to build a fine-grained representation of the dependency network.…”

Section: Analysis Of Repositoriesmentioning

confidence: 99%

What makes a good Node.js package? Investigating Users, Contributors, and Runnability

Chinthanet,

Reid,

Treude

et al. 2021

Preprint

View full text Add to dashboard Cite

The Node.js Package Manager (i.e., npm) archive repository serves as a critical part of the JavaScript community and helps support one of the largest developer ecosystems in the world. However, as a developer, selecting an appropriate npm package to use or contribute to can be difficult. To understand what features users and contributors consider important when searching for a good npm package, we conduct a survey asking Node.js developers to evaluate the importance of 30 features derived from existing work, including GitHub activity, software usability, and properties of the repository and documentation. We identify that both user and contributor perspectives share similar views on which features they use to assess package quality. We then extract the 30 features from 104,364 npm packages and analyse the correlations between them, including three software features that measure package "runnability"; ability to install, build, and execute a unit test. We identify which features are negatively correlated with runnability-related features and find that predicting the runnability of packages is viable. Our study lays the groundwork for future work on understanding how users and contributors select appropriate npm packages.CCS Concepts: • Software and its engineering → Software libraries and repositories.

show abstract

“…Decan et al [29,30] studied how dependency networks tend to grow over time, both in size and package updates, and to what extent ecosystems suffer from issues related to package dependency updates. Hedjedrup et al [31] proposed the construction of a fine-grained dependency network extended with call graph information. This would enable developers to perform change impact analysis at the ecosystem level and on a version basis.…”

Section: Main Findingsmentioning

confidence: 99%

Releasing fast and slow: an exploratory case study at ING

Kula

Rastogi

Huijgens

et al. 2019

Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of

Self Cite

View full text Add to dashboard Cite

The appeal of delivering new features faster has led many software projects to adopt rapid releases. However, it is not well understood what the effects of this practice are. This paper presents an exploratory case study of rapid releases at ING, a large banking company that develops software solutions in-house, to characterize rapid releases. Since 2011, ING has shifted to a rapid release model. This switch has resulted in a mixed environment of 611 teams releasing relatively fast and slow. We followed a mixed-methods approach in which we conducted a survey with 461 participants and corroborated their perceptions with 2 years of code quality data and 1 year of release delay data. Our research shows that: rapid releases are more commonly delayed than their non-rapid counterparts, however, rapid releases have shorter delays; rapid releases can be beneficial in terms of reviewing and user-perceived quality; rapidly released software tends to have a higher code churn, a higher test coverage and a lower average complexity; challenges in rapid releases are related to managing dependencies and certain code aspects, e.g. design debt. CCS CONCEPTS • Software and its engineering → Software development process management;

show abstract

Software ecosystem call graph for dependency management

Cited by 43 publications

References 6 publications

Automatically Assessing and Extending Code Coverage for NPM Packages

Automatically Assessing and Extending Code Coverage for NPM Packages

What makes a good Node.js package? Investigating Users, Contributors, and Runnability

Releasing fast and slow: an exploratory case study at ING

Contact Info

Product

Resources

About