Vittunyuta Maeprasart, Ayano Ikegami, R. Kula, Kenichi Matsumoto
{"title":"哪个依赖项被更新了?探索是谁改变了npm包中的依赖关系","authors":"Vittunyuta Maeprasart, Ayano Ikegami, R. Kula, Kenichi Matsumoto","doi":"10.1109/SNPD51163.2021.9704933","DOIUrl":null,"url":null,"abstract":"Nowadays, software development increasingly depends on third-party library packages to reuse functionality and save the costs of building themselves. Since dependency is constantly evolving, developers struggle to update dependencies. In this work, we take the first exploration into the responsibility of updating a dependency. Analyzing 89,393 npm packages, we mine the repositories to understand who is the person responsible (i.e., dependency author) for the library update and whether or not the spread of responsibility of updating has an impact on what libraries will get updated. Our results show that 64.24% packages have only one dependency author who is responsible for the dependency. Furthermore, the number of dependency authors correlates with dependency changes, hinting that updating dependencies correlates with having more responsible developers. Lastly, we find that npm packages with just a single dependency author update different libraries compared to those with more dependency authors.","PeriodicalId":235370,"journal":{"name":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2021-11-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Which Dependency was Updated? Exploring Who Changes Dependencies in npm packages\",\"authors\":\"Vittunyuta Maeprasart, Ayano Ikegami, R. Kula, Kenichi Matsumoto\",\"doi\":\"10.1109/SNPD51163.2021.9704933\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Nowadays, software development increasingly depends on third-party library packages to reuse functionality and save the costs of building themselves. Since dependency is constantly evolving, developers struggle to update dependencies. In this work, we take the first exploration into the responsibility of updating a dependency. Analyzing 89,393 npm packages, we mine the repositories to understand who is the person responsible (i.e., dependency author) for the library update and whether or not the spread of responsibility of updating has an impact on what libraries will get updated. Our results show that 64.24% packages have only one dependency author who is responsible for the dependency. Furthermore, the number of dependency authors correlates with dependency changes, hinting that updating dependencies correlates with having more responsible developers. Lastly, we find that npm packages with just a single dependency author update different libraries compared to those with more dependency authors.\",\"PeriodicalId\":235370,\"journal\":{\"name\":\"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SNPD51163.2021.9704933\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 IEEE/ACIS 22nd International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (SNPD)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SNPD51163.2021.9704933","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Which Dependency was Updated? Exploring Who Changes Dependencies in npm packages
Nowadays, software development increasingly depends on third-party library packages to reuse functionality and save the costs of building themselves. Since dependency is constantly evolving, developers struggle to update dependencies. In this work, we take the first exploration into the responsibility of updating a dependency. Analyzing 89,393 npm packages, we mine the repositories to understand who is the person responsible (i.e., dependency author) for the library update and whether or not the spread of responsibility of updating has an impact on what libraries will get updated. Our results show that 64.24% packages have only one dependency author who is responsible for the dependency. Furthermore, the number of dependency authors correlates with dependency changes, hinting that updating dependencies correlates with having more responsible developers. Lastly, we find that npm packages with just a single dependency author update different libraries compared to those with more dependency authors.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
