Dependency Update Strategies and Package Characteristics-Reference-Cited by-同舟云学术

Dependency Update Strategies and Package Characteristics

Published:2023-09-29 Issue:6 Volume:32 Page:1-29
ISSN:1049-331X
Container-title:ACM Transactions on Software Engineering and Methodology
language:en
Short-container-title:ACM Trans. Softw. Eng. Methodol.

Author:

Javan Jafari Abbas¹^ORCID,Costa Diego Elias²^ORCID,Shihab Emad¹^ORCID,Abdalkareem Rabe³^ORCID

Affiliation:

1. Data-driven Analysis of Software (DAS) Lab at the Department of Computer Science and Software Engineering, Concordia University, Canada

2. LATECE Lab at the Department of Computer Science, Université du Québec à Montréal (UQAM), Canada

3. Department of Computer Science at the Faculty of Science, Omar Al-Mukhtar University, Libya

Abstract

Managing project dependencies is a key maintenance issue in software development. Developers need to choose an update strategy that allows them to receive important updates and fixes while protecting them from breaking changes. Semantic Versioning was proposed to address this dilemma, but many have opted for more restrictive or permissive alternatives. This empirical study explores the association between package characteristics and the dependency update strategy selected by its dependents to understand how developers select and change their update strategies. We study over 112,000 Node Package Manager (npm) packages and use 19 characteristics to build a prediction model that identifies the common dependency update strategy for each package. Our model achieves a minimum improvement of 72% over the baselines and is much better aligned with community decisions than the npm default strategy. We investigate how different package characteristics can influence the predicted update strategy and find that dependent count, age, and release status to be the highest influencing features. We complement the work with qualitative analyses of 160 packages to investigate the evolution of update strategies. While the common update strategy remains consistent for many packages, certain events such as the release of the 1.0.0 version or breaking changes influence the selected update strategy over time.

Publisher

Association for Computing Machinery (ACM)

Subject

Software

Link

https://dl.acm.org/doi/pdf/10.1145/3603110

Reference45 articles.

1. Sampling in software engineering research: a critical review and guidelines

2. Christopher Bogart Anna Filippova Christian Kästner and James Herbsleb. 2017. How Ecosystem Cultures Differ: Results from a Survey on Values and Practices Across 18 Software Ecosystems. Retrieved October 16 2020 from http://breakingapis.org/survey/.

3. How to break an API: cost negotiation and community values in three software ecosystems

4. Daniel Chatfield. 2014. Fix the Versioning. Retrieved October 16 2020 from https://github.com/jashkenas/underscore/issues/1805.

Cited by 4 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Challenges of Integrating Artificial Intelligence in Software Project Planning: A Systematic Literature Review;Digital;2024-06-29

2. Analyzing the Accessibility of GitHub Repositories for PyPI and NPM Libraries;Proceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering;2024-06-18

3. BUMP: A Benchmark of Reproducible Breaking Dependency Updates;2024 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER);2024-03-12

4. An empirical study of software ecosystem related tweets by npm maintainers;PeerJ Computer Science;2024-01-17