nach oben

Empirical Software Engineering

Erschienen in:

01.09.2021

An empirical study of same-day releases of popular packages in the npm ecosystem

verfasst von: Filipe R. Cogo, Gustavo A. Oliva, Cor-Paul Bezemer, Ahmed E. Hassan

Erschienen in: Empirical Software Engineering | Ausgabe 5/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Within a software ecosystem, client packages can reuse provider packages as third-party libraries. The reuse relation between client and provider packages is called a dependency. When a client package depends on the code of a provider package, every change that is introduced in a release of the provider has the potential to impact the client package. Since a large number of dependencies exist within a software ecosystem, releases of a popular provider package can impact a large number of clients. Occasionally, multiple releases of a popular package need to be published on the same day, leading to a scenario in which the time available to revise, test, build, and document the release is restricted compared to releases published within a regular schedule. In this paper, our objective is to study the same-day releases that are published by popular packages in the npm ecosystem. We design an exploratory study to characterize the type of changes that are introduced in same-day releases, the prevalence of same-day releases in the npm ecosystem, and the adoption of same-day releases by client packages. A preliminary manual analysis of the existing release notes suggests that same-day releases introduce non-trivial changes (e.g., bug fixes). We then focus on three RQs. First, we study how often same-day releases are published. We found that the median proportion of regularly scheduled releases that are interrupted by a same-day release (per popular package) is 22%, suggesting the importance of having timely and systematic procedures to cope with same-day releases. Second, we study the performed code changes in same-day releases. We observe that 32% of the same-day releases have larger changes compared with their prior release, thus showing that some same-day releases can undergo significant maintenance activity despite their time-constrained nature. In our third RQ, we study how client packages react to same-day releases of their providers. We observe the vast majority of client packages that adopt the release preceding the same-day release would also adopt the latter without having to change their versioning statement (implicit updates). We also note that explicit adoptions of same-day releases (i.e., adoptions that require a change to the versioning statement of the provider in question) is significantly faster than the explicit adoption of regular releases. Based on our findings, we argue that (i) third-party tools that support the automation of dependency management (e.g., Dependabot) should consider explicitly flagging same-day releases, (ii) popular packages should strive for optimized release pipelines that can properly handle same-day releases, and (iii) future research should design scalable, ecosystem-ready tools that support provider packages in assessing the impact of their code changes on client packages.

Vorheriger Artikel Individual differences limit predicting well-being and productivity using software repositories: a longitudinal industrial study

Nächster Artikel Can Offline Testing of Deep Neural Networks Replace Their Online Testing?

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nur mit Berechtigung zugänglich

https://github.com/mochajs/mocha/issues/2276

https://github.com/visionmedia/debug/issues/347

https://play.google.com/store/apps

https://store.steampowered.com

https://www.zdnet.com/article/another-one-line-npm-package-breaks-the-javascript-ecosystem/

https://www.theregister.com/2016/03/23/npm_left_pad_chaos/

The semantic version manifest is described in https://semver.org. The usage of semantic version for version numbers is not mandatory in npm, but strongly recommended. See https://docs.npmjs.com/about-semantic-versioning

https://insights.stackoverflow.com/survey/2019

https://replicate.npmjs.com

https://blog.npmjs.org/post/92574016600/numeric-precision-matters-how-npm-download-counts

https://github.com/SAILResearch/replication-npm_downgrades

https://docs.npmjs.com/cli/publish

https://docs.npmjs.com/cli-commands/pack.html

https://docs.python.org/3/library/difflib.html%23difflib.unified_diff

In our regular expression notation, the — operator is a logical OR and the * operator is a non-greed zero-or-more matcher of any character. All other symbols are literal characters.

https://github.com/angular/angular/tree/master/modules

https://github.com/babel/babel/tree/master/packages

https://github.com/facebook/react/tree/master/packages

https://dependabot.com

https://travis-ci.org

https://blog.npmjs.org/post/171556855892/introducing-npm-ci-for-faster-more-reliable

Adams B, McIntosh S (2016) Modern release engineering in a nutshell – why researchers should care. In: Proceedings of the 2016 IEEE 23rd international conference on software analysis, evolution, and reengineering, IEEE, SANER’16. pp 78–90

Adams B, Bellomo S, Bird C, Marshall-Keim T, Khomh F, Moir K (2015) The practice and future of release engineering: a roundtable with three release engineers. Software, IEEE 32:42–49. https://doi.org/10.1109/MS.2015.52CrossRef

Al Alam SMD, Shahnewaz SM, Pfahl D, Ruhe G (2014) Monitoring bottlenecks in achieving release readiness: A retrospective case study across ten oss projects. In: Proceedings of the 8th ACM/IEEE international symposium on empirical software engineering and measurement, ESEM’14

Arnold RS (1996) Software change impact analysis. IEEE Computer Society Press, Washington

Bauer DF (1972) Constructing confidence sets using rank statistics. J Am Stat Assoc 67(339):687–690CrossRef

Castelluccio M, An L, Khomh F (2019) An empirical study of patch uplift in rapid release development pipelines. Empir Softw Eng 24(5):3008–3044CrossRef

Chen L, Hassan F, Wang X, Zhang L (2020) Taming behavioral backward incompatibilities via cross-project testing and analysis. In: Proceedings of the 42nd ACM/IEEE international conference on software engineering, ICSE’20. pp 112–124

Cliff N (1996) Ordinal methods for behavioral data analysis. Psychology Press, New-York

Cox J, Bouwers E, van Eekelen M, Visser J (2015) Measuring dependency freshness in software systems. In: 2015 IEEE/ACM 37Th IEEE international conference on software engineering, vol 2, pp 109–118

Czerwonka J, Das R, Nagappan N, Tarvo A, Teterev A (2011) Crane: Failure prediction, change analysis and test prioritization in practice – experiences from windows. In: 2011 Fourth IEEE international conference on software testing, verification and validation. pp 357–366

Decan A, Mens T (2019) What do package dependencies tell us about semantic versioning?. IEEE Trans Softw Eng :1–1

Decan A, Mens T, Claes M (2017) An empirical comparison of dependency issues in OSS packaging ecosystems. In: Proceedings of the 24th IEEE international conference on software analysis, evolution, and reengineering, SANER’17. pp 2–12

Erenkrantz JR (2003) Release management within open source projects. In: Proc. 3rd. workshop on open source software engineering

Eski S, Buzluca F (2011) An empirical study on object-oriented metrics and software evolution in order to reduce testing costs by predicting change-prone classes. In: Proceedings of the 2011 IEEE fourth international conference on software testing, verification and validation workshops, IEEE Computer Society, Washington, DC, USA, ICSTW ’11. pp 566–571

Fox A (2002) Toward recovery-oriented computing. In: Bernstein PA, Ioannidis YE, Ramakrishnan R, Papadias D (eds) VLDB ’02: Proceedings of the 28th international conference on very large databases. Morgan Kaufmann, San Francisco, pp 873–876

Graves TL, Karr AF, Marron JS, Siy H (2000) Predicting fault incidence using software change history. IEEE Trans Softw Eng 26(7):653–661CrossRef

Haenni N, Lungu M, Schwarz N, Nierstrasz O (2014) A quantitative analysis of developer information needs in software ecosystems. In: Proceedings of the 2014 European conference on software architecture workshops, ACM, New York, NY, USA, ECSAW ’14. pp 12:1–12:6

Hamilton J (2007) On designing and deploying internet-scale services. In: Proceedings of the 21st conference on large installation system administration conference, USENIX Association, Berkeley, CA, USA, LISA’07. pp 18:1–18:12

Hassan S, Shang W, Hassan AE (2017) An empirical study of emergency updates for top android mobile apps. Empir Softw Eng 22(1):505–546CrossRef

Jaspan C, Jorde M, Knight A, Sadowski C, Smith EK, Winter C, Murphy-Hill E (2018) Advantages and disadvantages of a monolithic repository: A case study at google. In: Proceedings of the 40th international conference on software engineering: software engineering in practice, ACM, New York, NY, USA, ICSE-SEIP ’18. pp 225–234

Kajko-Mattsson M, Yulong F (2005) Outlining a model of a release management process. J Integr Des Process Sci 9(4):13–25

Kerzazi N, Adams B (2016) Botched releases: do we need to roll back? empirical study on a commercial web app. In: 2016 IEEE 23rd international conference on software analysis, evolution, and reengineering, IEEE, SANER’16. pp 574–583

Kikas R, Gousios G, Dumas M, Pfahl D (2017) Structure and evolution of package dependency networks. In: IEEE international working conference on mining software repositories, MSR’17. pp 102–112

Lahtela A, Janttï M (2011) Challenges and problems in release management process: A case study. In: Proceedings of the 2nd IEEE international conference on software engineering and service science, ICSESS’11. pp 10–13

Lex A, Gehlenborg N, Strobelt H, Vuillemot R, Pfister H (2014) Upset: Visualization of intersecting sets. IEEE Trans Vis Comput Graph 20(12):1983–1992CrossRef

Lin D, Bezemer CP, Hassan AE (2017) Studying the urgent updates of popular games on the Steam platform. Empir Softw Eng 22(4):2095–2126CrossRef

Louis M, Rea RAP (2014) Designing and conducting survey research: a comprehensive guide. 4th edn. Wiley, Hoboken

Mȧntylȧ MV, Adams B, Khomh F, Engstrȯm E, Petersen K (2015) On rapid releases and software testing: a case study and a semi-systematic literature review. Empir Softw Eng 20(5):1384–1425CrossRef

Mezzetti G, Møller A, Torp MT (2018) Type regression testing to detect breaking changes in node.js libraries. In: 32nd european conference on object-oriented programming (ECOOP 2018)

Moreno L, Bavota G, Di Penta M, Oliveto R, Marcus A, Canfora G (2014) Automatic generation of release notes. In: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE’14). pp 484–495

Moser R, Pedrycz W, Succi G (2008) A comparative analysis of the efficiency of change metrics and static code attributes for defect prediction. In: Proceedings of the 30th International Conference on Software Engineering, ACM, New York, NY, USA, ICSE ’08. pp 181–190

Mujahid S, Abdalkareem R, Shihab E, McIntosh S (2020) Using others’ tests to identify breaking updates. pp 466–476, MSR’20

Nagappan N, Ball T (2005) Use of relative code churn measures to predict system defect density. In: Proceedings of the 27th international conference on software engineering, ACM, New York, NY, USA, ICSE ’05, pp 284–292

Romano J, Kromrey J, Coraggio J, Skowronek J (2006) Appropriate statistics for ordinal level data: should we really be using t-test and Cohen’s d for evaluating group differences on the NSSE and other surveys?. In: Annual meeting of the Florida association of institutional research

Schober P, Boer C, A Schwarte L (2018) Correlation coefficients: Appropriate use and interpretation. Anesth Analg 126(5)

Stol KJ, Ralph P, Fitzgerald B (2016) Grounded theory in software engineering research: A critical review and guidelines. In: Proceedings of the 38th international conference on software engineering (ICSE’16). pp 120–131

Van der Hoek A, Wolf AL (2003) Software release management for component-based software. Softw Pract Exper 33(1):77–98CrossRef

Wittern E, Suter P, Rajagopalan S (2016) A look at the dynamics of the JavaScript package ecosystem. In: Proceedings of the 13th international workshop on mining software repositories, MSR’16, pp 351–361

Zerouali A, Mens T, Gonzalez-Barahona J, Decan A, Constantinou E, Robles G (2019) A formal framework for measuring technical lag in component repositories and its application to npm. J Softw Evol Process

Titel: An empirical study of same-day releases of popular packages in the npm ecosystem
verfasst von: Filipe R. Cogo
Gustavo A. Oliva
Cor-Paul Bezemer
Ahmed E. Hassan
Publikationsdatum: 01.09.2021
Verlag: Springer US
Erschienen in: Empirical Software Engineering / Ausgabe 5/2021
Print ISSN: 1382-3256
Elektronische ISSN: 1573-7616
DOI: https://doi.org/10.1007/s10664-021-09980-6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 5/2021

Correction to: MLASP: Machine learning assisted capacity planning. An industrial experience report

Topic recommendation for software repositories using multi-label classification algorithms

Evaluating the impact of falsely detected performance bug-inducing changes in JIT models

Perceived diversity in software engineering: a systematic literature review

To what extent do DNN-based image classification models make unreliable inferences?

A requirements inspection method based on scenarios generated by model mutation and the experimental validation

Premium Partner