An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries

• URL: http://arxiv.org/abs/2409.18884v2
• Date: Tue, 29 Oct 2024 16:29:00 GMT
• Title: An Overview and Catalogue of Dependency Challenges in Open Source Software Package Registries
• Authors: Tom Mens, Alexandre Decan,
• Abstract summary: This article provides a catalogue of dependency-related challenges that come with relying on OSS packages or libraries. The catalogue is based on the scientific literature on empirical research that has been conducted to understand, quantify and overcome these challenges.
• Score: 52.23798016734889
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: While open-source software has enabled significant levels of reuse to speed up software development, it has also given rise to the dreadful dependency hell that all software practitioners face on a regular basis. This article provides a catalogue of dependency-related challenges that come with relying on OSS packages or libraries. The catalogue is based on the scientific literature on empirical research that has been conducted to understand, quantify and overcome these challenges. Our overview of this very active research field of package dependency management can be used as a starting point for junior and senior researchers as well as practitioners that would like to learn more about research advances in dealing with the challenges that come with the dependency networks of large OSS package registries.

Related papers

• GEMS: Generative Expert Metric System through Iterative Prompt Priming [18.0413505095456]
  Non-experts can find it unintuitive to create effective measures or transform theories into context-specific metrics. This technical report addresses this challenge by examining software communities within large software corporations. We propose a prompt-engineering framework inspired by neural activities, demonstrating that generative models can extract and summarize theories.
  arXiv  Detail & Related papers  (2024-10-01T17:14:54Z)
• A Survey of AIOps for Failure Management in the Era of Large Language Models [60.59720351854515]
  This paper presents a comprehensive survey of AIOps technology for failure management in the LLM era. It includes a detailed definition of AIOps tasks for failure management, the data sources for AIOps, and the LLM-based approaches adopted for AIOps.
  arXiv  Detail & Related papers  (2024-06-17T05:13:24Z)
• How to Understand Whole Software Repository? [64.19431011897515]
  An excellent understanding of the whole repository will be the critical path to Automatic Software Engineering (ASE) We develop a novel method named RepoUnderstander by guiding agents to comprehensively understand the whole repositories. To better utilize the repository-level knowledge, we guide the agents to summarize, analyze, and plan.
  arXiv  Detail & Related papers  (2024-06-03T15:20:06Z)
• The Code the World Depends On: A First Look at Technology Makers' Open Source Software Dependencies [3.6840775431698893]
  Open-source software (OSS) supply chain security has become a topic of concern for organizations. Patching an OSS vulnerability can require updating other dependent software products in addition to the original package. We do not know what packages are most critical to patch, hindering efforts to improve OSS security where it is most needed.
  arXiv  Detail & Related papers  (2024-04-17T21:44:38Z)
• Biomedical Open Source Software: Crucial Packages and Hidden Heroes [2.3960586265742574]
  We map the dependencies of the software used in biomedical papers and find the packages critical to the software ecosystems. We propose the centrality metrics for the network of software dependencies, analyze three ecosystems (PyPi, CRAN, Bioconductor) and determine the packages with the highest centrality.
  arXiv  Detail & Related papers  (2024-04-10T01:22:02Z)
• A Survey of Neural Code Intelligence: Paradigms, Advances and Beyond [84.95530356322621]
  This survey presents a systematic review of the advancements in code intelligence. It covers over 50 representative models and their variants, more than 20 categories of tasks, and an extensive coverage of over 680 related works. Building on our examination of the developmental trajectories, we further investigate the emerging synergies between code intelligence and broader machine intelligence.
  arXiv  Detail & Related papers  (2024-03-21T08:54:56Z)
• PyRCA: A Library for Metric-based Root Cause Analysis [66.72542200701807]
  PyRCA is an open-source machine learning library of Root Cause Analysis (RCA) for Artificial Intelligence for IT Operations (AIOps) It provides a holistic framework to uncover the complicated metric causal dependencies and automatically locate root causes of incidents.
  arXiv  Detail & Related papers  (2023-06-20T09:55:10Z)
• Towards Measuring Vulnerabilities and Exposures in Open-Source Packages [0.0]
  We provide an up-to-date overview of the open source landscape. We discuss approaches to map entries of the Common Vulnerabilities and Exposures ( CVE) list to open-source libraries. We show the frequency and distribution of existing CVE entries with respect to popular programming languages.
  arXiv  Detail & Related papers  (2022-06-29T10:51:23Z)
• Empirical Study on the Software Engineering Practices in Open Source ML Package Repositories [6.2894222252929985]
  Modern Machine Learning technologies require considerable technical expertise and resources to develop, train and deploy such models. Such discovery and reuse by practitioners and researchers are being addressed by public ML package repositories. This paper conducts an exploratory study that analyzes the structure and contents of two popular ML package repositories.
  arXiv  Detail & Related papers  (2020-12-02T18:52:56Z)
• KILT: a Benchmark for Knowledge Intensive Language Tasks [102.33046195554886]
  We present a benchmark for knowledge-intensive language tasks (KILT) All tasks in KILT are grounded in the same snapshot of Wikipedia. We find that a shared dense vector index coupled with a seq2seq model is a strong baseline.
  arXiv  Detail & Related papers  (2020-09-04T15:32:19Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.