A formal framework for measuring technical lag in component repositories — and its application to npm. Issue 8 (19th March 2019)
- Record Type:
- Journal Article
- Title:
- A formal framework for measuring technical lag in component repositories — and its application to npm. Issue 8 (19th March 2019)
- Main Title:
- A formal framework for measuring technical lag in component repositories — and its application to npm
- Authors:
- Zerouali, Ahmed
Mens, Tom
Gonzalez‐Barahona, Jesus
Decan, Alexandre
Constantinou, Eleni
Robles, Gregorio - Other Names:
- Capilla Rafael guestEditor.
Gallina Barbara guestEditor.
Cetina Englada Carlos guestEditor. - Abstract:
- Abstract: Reusable Open Source Software (OSS) components for major programming languages are available in package repositories. Developers rely on package management tools to automate deployments, specifying which package releases satisfy the needs of their applications. However, these specifications may lead to deploying package releases that are outdated, or otherwise undesirable, because they do not include bug fixes, security fixes, or new functionality. In contrast, automatically updating to a more recent release may introduce incompatibility issues. To capture this delicate balance, we formalise a generic model of technical lag, a concept that quantifies to which extent a deployed collection of components is outdated, with respect to the ideal deployment. We operationalise this model for thenpm package manager. We empirically analyze the history of package update practices and technical lag for more than 500 K packages with about 4 M package releases over a seven‐year period. We consider both development and runtime dependencies, and study both direct and transitive dependencies. We also analyze the technical lag of externalGitHub applications depending onnpm packages. We report our findings, suggesting the need for more awareness of, and integrated tool support for, controlling technical lag in software libraries. Abstract : Software developers that use reusable component libraries rely on automated tools to specify which component releases to install. TheseAbstract: Reusable Open Source Software (OSS) components for major programming languages are available in package repositories. Developers rely on package management tools to automate deployments, specifying which package releases satisfy the needs of their applications. However, these specifications may lead to deploying package releases that are outdated, or otherwise undesirable, because they do not include bug fixes, security fixes, or new functionality. In contrast, automatically updating to a more recent release may introduce incompatibility issues. To capture this delicate balance, we formalise a generic model of technical lag, a concept that quantifies to which extent a deployed collection of components is outdated, with respect to the ideal deployment. We operationalise this model for thenpm package manager. We empirically analyze the history of package update practices and technical lag for more than 500 K packages with about 4 M package releases over a seven‐year period. We consider both development and runtime dependencies, and study both direct and transitive dependencies. We also analyze the technical lag of externalGitHub applications depending onnpm packages. We report our findings, suggesting the need for more awareness of, and integrated tool support for, controlling technical lag in software libraries. Abstract : Software developers that use reusable component libraries rely on automated tools to specify which component releases to install. These specifications may lead to outdated releases being deployed. On the other hand, automatically deploying more recent releases may introduce incompatibility issues. To quantify to which extent a deployed component is outdated, we formalise a generic technical lag framework. We validate this framework through an empirical study of package releases in the npm ecosystem of JavaScript packages. … (more)
- Is Part Of:
- Journal of software. Volume 31:Issue 8(2019)
- Journal:
- Journal of software
- Issue:
- Volume 31:Issue 8(2019)
- Issue Display:
- Volume 31, Issue 8 (2019)
- Year:
- 2019
- Volume:
- 31
- Issue:
- 8
- Issue Sort Value:
- 2019-0031-0008-0000
- Page Start:
- n/a
- Page End:
- n/a
- Publication Date:
- 2019-03-19
- Subjects:
- empirical analysis -- semantic versioning -- software repository mining -- software reuse -- technical lag
Software engineering -- Periodicals
Computer software -- Development -- Periodicals
Software maintenance -- Periodicals
005.1 - Journal URLs:
- http://onlinelibrary.wiley.com/journal/10.1002/(ISSN)2047-7481 ↗
http://onlinelibrary.wiley.com/ ↗ - DOI:
- 10.1002/smr.2157 ↗
- Languages:
- English
- ISSNs:
- 2047-7473
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 11399.xml