A Preliminary Study on Self-Contained Libraries in the NPM Ecosystem

• URL: http://arxiv.org/abs/2406.11363v1
• Date: Mon, 17 Jun 2024 09:33:49 GMT
• Title: A Preliminary Study on Self-Contained Libraries in the NPM Ecosystem
• Authors: Pongchai Jaisri, Brittany Reid, Raula Gaikovina Kula,
• Abstract summary: The widespread of libraries within modern software ecosystems creates complex networks of dependencies. One mitigation strategy involves reducing dependencies; libraries with zero dependencies become to self-contained. This paper explores the characteristics of self-contained libraries within the NPM ecosystem.
• Score: 2.221643499902673
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: The widespread of libraries within modern software ecosystems creates complex networks of dependencies. These dependencies are fragile to breakage, outdated, or redundancy, potentially leading to cascading issues in dependent libraries. One mitigation strategy involves reducing dependencies; libraries with zero dependencies become to self-contained. This paper explores the characteristics of self-contained libraries within the NPM ecosystem. Analyzing a dataset of 2763 NPM libraries, we found that 39.49\% are self-contained. Of these self-contained libraries, 40.42\% previously had dependencies that were later removed. This analysis revealed a significant trend of dependency reduction within the NPM ecosystem. The most frequently removed dependency was babel-runtime. Our investigation indicates that the primary reasons for dependency removal are concerns about the performance and the size of the dependency. Our findings illuminate the nature of self-contained libraries and their origins, offering valuable insights to guide software development practices.

Related papers

• An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries [52.23798016734889]
  This article provides a catalogue of dependency-related challenges that come with relying on OSS packages or libraries. The catalogue is based on the scientific literature on empirical research that has been conducted to understand, quantify and overcome these challenges.
  arXiv  Detail & Related papers  (2024-09-27T16:20:20Z)
• Contributing Back to the Ecosystem: A User Survey of NPM Developers [10.154686574810501]
  Survey of 49 developers from the NPM ecosystem. We find that developers are more likely to maintain their own packages rather than contribute to the ecosystem. Our results open up new avenues into tool support and research into how to sustain these ecosystems.
  arXiv  Detail & Related papers  (2024-07-01T00:15:55Z)
• See to Believe: Using Visualization To Motivate Updating Third-party Dependencies [1.7914660044009358]
  Security vulnerabilities introduced by applications using third-party dependencies are on the increase. Developers are wary of library updates, even to fix vulnerabilities, citing that being unaware, or that the migration effort to update outweighs the decision. In this paper, we hypothesize that the dependency graph visualization (DGV) approach will motivate developers to update.
  arXiv  Detail & Related papers  (2024-05-15T03:57:27Z)
• Analyzing the Accessibility of GitHub Repositories for PyPI and NPM Libraries [91.97201077607862]
  Industrial applications heavily rely on open-source software (OSS) libraries, which provide various benefits. To monitor the activities of such communities, a comprehensive list of repositories for the libraries of an ecosystem must be accessible. In this study, we analyze the accessibility of GitHub repositories for PyPI and NPM libraries.
  arXiv  Detail & Related papers  (2024-04-26T13:27:04Z)
• Less is More? An Empirical Study on Configuration Issues in Python PyPI Ecosystem [38.44692482370243]
  Python is widely used in the open-source community, largely owing to the extensive support from diverse third-party libraries. Third-party libraries can potentially lead to conflicts in dependencies, prompting researchers to develop dependency conflict detectors. endeavors have been made to automatically infer dependencies.
  arXiv  Detail & Related papers  (2023-10-19T09:07:51Z)
• Analyzing Maintenance Activities of Software Libraries [65.268245109828]
  Industrial applications heavily integrate open-source software libraries nowadays. I want to introduce an automatic monitoring approach for industrial applications to identify open-source dependencies that show negative signs regarding their current or future maintenance activities.
  arXiv  Detail & Related papers  (2023-06-09T16:51:25Z)
• On the Security Blind Spots of Software Composition Analysis [46.1389163921338]
  We present a novel approach to detect vulnerable clones in the Maven repository. We retrieve over 53k potential vulnerable clones from Maven Central. We detect 727 confirmed vulnerable clones and synthesize a testable proof-of-vulnerability project for each of those.
  arXiv  Detail & Related papers  (2023-06-08T20:14:46Z)
• Vulnerability Propagation in Package Managers Used in iOS Development [2.9280059958992286]
  Vulnerabilities may be found even in well-known libraries. The library dependency network in the Swift ecosystem encompasses libraries from CocoaPods, Carthage and Swift Package Manager. Although most libraries with publicly reported vulnerabilities are written in C, the highest impact of publicly reported vulnerabilities originated from libraries written in native iOS languages.
  arXiv  Detail & Related papers  (2023-05-17T16:22:38Z)
• Code Librarian: A Software Package Recommendation System [65.05559087332347]
  We present a recommendation engine called Librarian for open source libraries. A candidate library package is recommended for a given context if: 1) it has been frequently used with the imported libraries in the program; 2) it has similar functionality to the imported libraries in the program; 3) it has similar functionality to the developer's implementation, and 4) it can be used efficiently in the context of the provided code.
  arXiv  Detail & Related papers  (2022-10-11T12:30:05Z)
• Demystifying Dependency Bugs in Deep Learning Stack [7.488059560714949]
  This paper characterizes symptoms, root causes and fix patterns of dependency bugs (DBs) across the whole Deep Learning stack. Our findings shed light on practical implications on dependency management.
  arXiv  Detail & Related papers  (2022-07-21T07:56:03Z)
• Linguistic dependencies and statistical dependence [76.89273585568084]
  We use pretrained language models to estimate probabilities of words in context. We find that maximum-CPMI trees correspond to linguistic dependencies more often than trees extracted from non-contextual PMI estimate.
  arXiv  Detail & Related papers  (2021-04-18T02:43:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.