Which Dependency was Updated? Exploring Who Changes Dependencies in npm packages

2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD) Pub Date : 2021-11-24 DOI:10.1109/SNPD51163.2021.9704933

Vittunyuta Maeprasart, Ayano Ikegami, R. Kula, Kenichi Matsumoto

{"title":"Which Dependency was Updated? Exploring Who Changes Dependencies in npm packages","authors":"Vittunyuta Maeprasart, Ayano Ikegami, R. Kula, Kenichi Matsumoto","doi":"10.1109/SNPD51163.2021.9704933","DOIUrl":null,"url":null,"abstract":"Nowadays, software development increasingly depends on third-party library packages to reuse functionality and save the costs of building themselves. Since dependency is constantly evolving, developers struggle to update dependencies. In this work, we take the first exploration into the responsibility of updating a dependency. Analyzing 89,393 npm packages, we mine the repositories to understand who is the person responsible (i.e., dependency author) for the library update and whether or not the spread of responsibility of updating has an impact on what libraries will get updated. Our results show that 64.24% packages have only one dependency author who is responsible for the dependency. Furthermore, the number of dependency authors correlates with dependency changes, hinting that updating dependencies correlates with having more responsible developers. Lastly, we find that npm packages with just a single dependency author update different libraries compared to those with more dependency authors.","PeriodicalId":235370,"journal":{"name":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD51163.2021.9704933","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Nowadays, software development increasingly depends on third-party library packages to reuse functionality and save the costs of building themselves. Since dependency is constantly evolving, developers struggle to update dependencies. In this work, we take the first exploration into the responsibility of updating a dependency. Analyzing 89,393 npm packages, we mine the repositories to understand who is the person responsible (i.e., dependency author) for the library update and whether or not the spread of responsibility of updating has an impact on what libraries will get updated. Our results show that 64.24% packages have only one dependency author who is responsible for the dependency. Furthermore, the number of dependency authors correlates with dependency changes, hinting that updating dependencies correlates with having more responsible developers. Lastly, we find that npm packages with just a single dependency author update different libraries compared to those with more dependency authors.

查看原文本刊更多论文

哪个依赖项被更新了?探索是谁改变了npm包中的依赖关系

如今，软件开发越来越依赖于第三方库包来重用功能并节省构建自己的成本。由于依赖关系是不断发展的，开发人员很难更新依赖关系。在这项工作中，我们第一次探索了更新依赖项的责任。通过分析89,393个npm包，我们挖掘了这些库，以了解谁是库更新的责任人(即依赖作者)，以及更新责任的分散是否会影响哪些库将被更新。我们的结果显示，64.24%的包只有一个依赖作者负责该依赖。此外，依赖作者的数量与依赖变更相关，这暗示更新依赖与拥有更多负责任的开发人员相关。最后，我们发现只有一个依赖作者的npm包比那些有更多依赖作者的npm包更新不同的库。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)

自引率

0.00%

发文量