Towards Using Package Centrality Trend to Identify Packages in Decline

Abstract: Due to its increasing complexity, today's software systems are frequently built by leveraging reusable code in the form of libraries and packages. Software ecosystems (e.g., npm) are the primary enablers of this code reuse, providing developers with a platform to share their own and use others' code. These ecosystems evolve rapidly: developers add new packages every day to solve new problems or provide alternative solutions, causing obsolete packages to decline in their importance to the community. Developers … Show more

“…This way, even dependents that need to stick to older major releases could still benefit from the backported vulnerability fix. Perhaps popular packages with a high package centrality [50] can benefit from community support in bringing such backports to older major releases.…”

On the impact of security vulnerabilities in the npm and RubyGems dependency networks

“…This way, even dependents that need to stick to older major releases could still benefit from the backported vulnerability fix. Perhaps popular packages with a high package centrality [50] can benefit from community support in bringing such backports to older major releases.…”

On the impact of security vulnerabilities in the npm and RubyGems dependency networks

“…The results indicated that the number of connections as well as the dependency network position are significant factors affecting the projects' sustainability. Later, Mujahid et al 7 proposed a scalable approach that relies on the package centrality in an ecosystem to identify packages in decline. The results of an evaluation conducted on the Node Package Manager ecosystem showed strong prediction capabilities, thus indicating centrality as an important factor for forecasting project abandonment.…”

OSSARA: Abandonment Risk Assessment for Embedded Open Source Components