Standard

Structure and Evolution of Package Dependency Networks. / Kikas, Riivo; Gousios, Georgios; Dumas, Marlon; Pfahl, Dietmar.

Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017. ed. / R. Bilof. Piscataway : IEEE, 2017. p. 102-112.

Research output: Scientific - peer-reviewConference contribution

Harvard

Kikas, R, Gousios, G, Dumas, M & Pfahl, D 2017, Structure and Evolution of Package Dependency Networks. in R Bilof (ed.), Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017. IEEE, Piscataway, pp. 102-112, MSR 2017, Buenos Aires, Argentina, 20/05/17. DOI: 10.1109/MSR.2017.55

APA

Kikas, R., Gousios, G., Dumas, M., & Pfahl, D. (2017). Structure and Evolution of Package Dependency Networks. In R. Bilof (Ed.), Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017 (pp. 102-112). Piscataway: IEEE. DOI: 10.1109/MSR.2017.55

Vancouver

Kikas R, Gousios G, Dumas M, Pfahl D. Structure and Evolution of Package Dependency Networks. In Bilof R, editor, Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017. Piscataway: IEEE. 2017. p. 102-112. Available from, DOI: 10.1109/MSR.2017.55

Author

Kikas, Riivo ; Gousios, Georgios ; Dumas, Marlon ; Pfahl, Dietmar. / Structure and Evolution of Package Dependency Networks. Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017. editor / R. Bilof. Piscataway : IEEE, 2017. pp. 102-112

BibTeX

@inbook{d4f3b461a0c84b2380413f2f55dd773e,
title = "Structure and Evolution of Package Dependency Networks",
abstract = "Software developers often include available open-source software packages into their projects to minimize redundant effort. However, adding a package to a project can also introduce risks, which can propagate through multiple levels of dependencies. Currently, not much is known about the structure of open-source package ecosystems of popular programming languages and the extent to which transitive bug propagation is possible. This paper analyzes the dependency network structure and evolution of the JavaScript, Ruby, and Rust ecosystems. The reported results reveal significant differences across language ecosystems. The results indicate that the number of transitive dependencies for JavaScript has grown 60% over the last year, suggesting that developers should look more carefully into their dependencies to understand what exactly is included. The study also reveals that vulnerability to a removal of the most popular package is increasing, yet most other packages have a decreasing impact on vulnerability. The findings of this study can inform the development of dependency management tools.",
keywords = "Ecosystems, Computer languages, Computer bugs, Tools, Libraries, Software packages",
author = "Riivo Kikas and Georgios Gousios and Marlon Dumas and Dietmar Pfahl",
note = "Accepted author manuscript",
year = "2017",
month = "5",
doi = "10.1109/MSR.2017.55",
isbn = "978-1-5386-1545-4",
pages = "102--112",
editor = "R. Bilof",
booktitle = "Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017",
publisher = "IEEE",
address = "United States",

}

RIS

TY - CHAP

T1 - Structure and Evolution of Package Dependency Networks

AU - Kikas,Riivo

AU - Gousios,Georgios

AU - Dumas,Marlon

AU - Pfahl,Dietmar

N1 - Accepted author manuscript

PY - 2017/5

Y1 - 2017/5

N2 - Software developers often include available open-source software packages into their projects to minimize redundant effort. However, adding a package to a project can also introduce risks, which can propagate through multiple levels of dependencies. Currently, not much is known about the structure of open-source package ecosystems of popular programming languages and the extent to which transitive bug propagation is possible. This paper analyzes the dependency network structure and evolution of the JavaScript, Ruby, and Rust ecosystems. The reported results reveal significant differences across language ecosystems. The results indicate that the number of transitive dependencies for JavaScript has grown 60% over the last year, suggesting that developers should look more carefully into their dependencies to understand what exactly is included. The study also reveals that vulnerability to a removal of the most popular package is increasing, yet most other packages have a decreasing impact on vulnerability. The findings of this study can inform the development of dependency management tools.

AB - Software developers often include available open-source software packages into their projects to minimize redundant effort. However, adding a package to a project can also introduce risks, which can propagate through multiple levels of dependencies. Currently, not much is known about the structure of open-source package ecosystems of popular programming languages and the extent to which transitive bug propagation is possible. This paper analyzes the dependency network structure and evolution of the JavaScript, Ruby, and Rust ecosystems. The reported results reveal significant differences across language ecosystems. The results indicate that the number of transitive dependencies for JavaScript has grown 60% over the last year, suggesting that developers should look more carefully into their dependencies to understand what exactly is included. The study also reveals that vulnerability to a removal of the most popular package is increasing, yet most other packages have a decreasing impact on vulnerability. The findings of this study can inform the development of dependency management tools.

KW - Ecosystems

KW - Computer languages

KW - Computer bugs

KW - Tools

KW - Libraries

KW - Software packages

UR - http://resolver.tudelft.nl/uuid:d4f3b461-a0c8-4b23-8041-3f2f55dd773e

U2 - 10.1109/MSR.2017.55

DO - 10.1109/MSR.2017.55

M3 - Conference contribution

SN - 978-1-5386-1545-4

SP - 102

EP - 112

BT - Proceedings - 2017 IEEE/ACM 14th International Conference on Mining Software Repositories, MSR 2017

PB - IEEE

ER -

ID: 32952391