Structure and Evolution of Package Dependency Networks

Kikas, Riivo; Gousios, Georgios; Dumas, Marlon; Pfahl, Dietmar

doi:10.1109/msr.2017.55

Cited by 141 publications

(137 citation statements)

References 22 publications

Supporting

Mentioning

132

Contrasting

Order By: Relevance

“…How much vulnerable are these clients? A recent work [6] attempted to answer a similar question by studying the state of dependency update practices and the structure of dependency networks in JavaScript projects. Pashchenko and colleagues [10] introduced the concept of halted dependencies to describe the libraries that are no longer maintained.…”

Section: The Maven Dependency Graph In Actionmentioning

confidence: 99%

The Maven Dependency Graph: A Temporal Graph-Based Representation of Maven Central

Benelallam

Harrand

Soto-Valero

et al. 2019

2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

The Maven Central Repository provides an extraordinary source of data to understand complex architecture and evolution phenomena among Java applications. As of September 6, 2018, this repository includes 2.8M artifacts (compiled piece of code implemented in a JVM-based language), each of which is characterized with metadata such as exact version, date of upload and list of dependencies towards other artifacts.Today, one who wants to analyze the complete ecosystem of Maven artifacts and their dependencies faces two key challenges: (i) this is a huge data set; and (ii) dependency relationships among artifacts are not modeled explicitly and cannot be queried. In this paper, we present the Maven Dependency Graph. This open source data set provides two contributions: a snapshot of the whole Maven Central taken on September 6, 2018, stored in a graph database in which we explicitly model all dependencies; an open source infrastructure to query this huge dataset.

show abstract

Section: The Maven Dependency Graph In Actionmentioning

confidence: 99%

The Maven Dependency Graph: A Temporal Graph-Based Representation of Maven Central

Benelallam

Harrand

Soto-Valero

et al. 2019

2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

show abstract

“…They observe that dependency networks tend to grow over time and that a small number of libraries have a high impact on the transitive dependencies of the network. Kikas et al [33] study the fragility of dependency networks of JavaScript, Ruby, and Rust and report on the overall evolutionary trends and differences of such ecosystems. Abdalkareem et al [34] investigate about the reasons that motivate developers to use trivial packages on the npm ecosystem.…”

Section: Related Workmentioning

confidence: 99%

The Emergence of Software Diversity in Maven Central

Soto-Valero¹,

Benelallam²,

Harrand³

et al. 2019

2019 IEEE/ACM 16th International Conference on Mining Software Repositories (MSR)

View full text Add to dashboard Cite

Maven artifacts are immutable: an artifact that is uploaded on Maven Central cannot be removed nor modified. The only way for developers to upgrade their library is to release a new version. Consequently, Maven Central accumulates all the versions of all the libraries that are published there, and applications that declare a dependency towards a library can pick any version. In this work, we hypothesize that the immutability of Maven artifacts and the ability to choose any version naturally support the emergence of software diversity within Maven Central. We analyze 1,487,956 artifacts that represent all the versions of 73,653 libraries. We observe that more than 30% of libraries have multiple versions that are actively used by latest artifacts. In the case of popular libraries, more than 50% of their versions are used. We also observe that more than 17% of libraries have several versions that are significantly more used than the other versions. Our results indicate that the immutability of artifacts in Maven Central does support a sustained level of diversity among versions of libraries in the repository.

show abstract

“…Furthermore, libraries.io also monitors and stores package releases, analyzes each project's code, ecosystem, distribution and documentation, and we map the relationships between packages. Our dataset has also been used in recent empirical studies [7,8].…”

Section: Data Collectionmentioning

confidence: 99%

“…In detail, Go 6 is a package manager in GoLang programming language which is developed by Google. The npm 7 and Bower 8 which are renowned for the JavaScript are mostly used in the website development. Similar to the npm and Bower, Packagist 9 is very common for the website development but in server-side.…”

Section: Data Collectionmentioning

confidence: 99%

A topological analysis of communication channels for knowledge sharing in contemporary GitHub projects

Tantisuwankul

Nugroho

Kula

et al. 2019

Journal of Systems and Software

View full text Add to dashboard Cite

With over 28 million developers, success of the GitHub collaborative platform is highlighted through an abundance of communication channels among contemporary software projects. Knowledge is broken into two forms and its sharing (through communication channels) can be described as externalization or combination by the SECI model. Such platforms have revolutionized the way developers work, introducing new channels to share knowledge in the form of pull requests, issues and wikis. It is unclear how these channels capture and share knowledge. In this research, our goal is to analyze these communication channels in GitHub. First, using the SECI model, we are able to map how knowledge is shared through the communication channels. Then in a large-scale topology analysis of seven library package projects (i.e., involving over 70 thousand projects), we extracted insights of the different communication channels within GitHub. Using two research questions, we explored the evolution of the channels and adoption of channels by both popular and unpopular library package projects. Results show that (i) contemporary GitHub Projects tend to adopt multiple communication channels, (ii) communication channels change over time and (iii) communication channels are used to both capture new knowledge (i.e., externalization) and updating existing knowledge (i.e., combination).Recently, Aniche et al. [12] confirmed that news channels also play an important role in shaping and sharing knowledge among developers.In this paper, we investigate communication channels to understand how projects share knowledge at the software ecosystem level. Inspired by the knowledge-based theory of the firm [13], our hypothesis is to validate the underlying theory behind the transferable of knowledge within these library ecosystems, and to investigate how ecosystems influence social practices within and outside their ecosystems. To achieve our goal that is to analyze how communication channels share knowledge over projects, we first identify different knowledge forms of channels in over 210 thousand library projects from seven different library ecosystems. We then explore the evolution of these channels and distinguish differences between these seven ecosystems. Similar to a study by Lertwittayatrai et al. [14], we use topological data analysis to generate topologies that cover three years (i.e., 2015 to 2017). Using topology data analysis, the results of the study that (i) contemporary GitHub Projects tend to adopt multiple communication channels, (ii) communication channels change over time and (iii) communication channels are used to capture new knowledge (i.e., externalization) and updating existing knowledge.The contributions of the study are two-fold. First, we present a manual categorization of channels forms in software projects. The second contribution is a large-scale analysis of channels for software projects over seven ecosystems using the topological analysis of software library projects for seven different software ecosystems.The rest of the pa...

show abstract

Structure and Evolution of Package Dependency Networks

Cited by 141 publications

References 22 publications

The Maven Dependency Graph: A Temporal Graph-Based Representation of Maven Central

The Maven Dependency Graph: A Temporal Graph-Based Representation of Maven Central

The Emergence of Software Diversity in Maven Central

A topological analysis of communication channels for knowledge sharing in contemporary GitHub projects

Contact Info

Product

Resources

About