Where to Go Now? Finding Alternatives for Declining Packages in the npm Ecosystem
Software ecosystems (e.g., npm, PyPI) are the backbone of modern software developments. Developers add new packages to ecosystems every day to solve new problems or provide alternative solutions, causing obsolete packages to decline in their importance to the community. Packages in decline are reused less overtime and may become less frequently maintained. Thus, developers usually migrate their dependencies to better alternatives. Replacing packages in decline with better alternatives requires time and effort by developers to identify packages that need to be replaced, find the alternatives, asset migration benefits, and finally, perform the migration.
This paper proposes an approach that automatically identifies packages that need to be replaced and finds their alternatives supported with real-world examples of open source projects performing the suggested migrations. At its core, our approach relies on the dependency migration patterns performed in the ecosystem to suggest migrations to other developers. We evaluated our approach on the npm ecosystem and found that 96% of the suggested alternatives are accurate. Furthermore, by surveying expert JavaScript developers, 67% of them indicate that they will use our suggested alternative packages in their future projects.
Thu 14 SepDisplayed time zone: Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna change
15:30 - 17:00 | Configuration and Version ManagementResearch Papers at Room D Chair(s): Shahar Maoz Tel Aviv University | ||
15:30 12mTalk | A Large-Scale Empirical Study on Semantic Versioning in Golang Ecosystem Research Papers Wenke Li Huazhong University of Science and Technology, Feng Wu Tencent Technology (Shenzhen) Co. Ltd, Cai Fu Huazhong University of Science and Technology, Fan Zhou Tencent Technology (Shenzhen) Co. Ltd Link to publication DOI Pre-print | ||
15:42 12mTalk | Where to Go Now? Finding Alternatives for Declining Packages in the npm Ecosystem Research Papers Suhaib Mujahid Mozilla, Diego Costa Concordia University, Canada, Rabe Abdalkareem Omar Al-Mukhtar University, Emad Shihab Concordia Univeristy Pre-print | ||
15:55 12mTalk | ESRO: Experience Assisted Service Reliability against Outages Research Papers Sarthak Chakraborty Adobe Research, Shubham Agarwal Adobe Research, Shaddy Garg Adobe, Abhimanyu Sethia Indian Institute of Technology Kanpur, Udit Narayan Pandey Indian Institute of Technology Kanpur, Videh Aggarwal Indian Institute of Technology Kanpur, Shiv Saini Adobe Research File Attached | ||
16:08 12mTalk | Fixing Privilege Escalations in Cloud Access Control with MaxSAT and Graph Neural Networks Research Papers Yang Hu University of Texas at Austin, Wenxi Wang University of Texas at Austin, Sarfraz Khurshid University of Texas at Austin, Kenneth L. McMillan University of Texas at Austin, Mohit Tiwari University of Texas at Austin File Attached | ||
16:21 12mTalk | Merge Conflict Resolution: Classification or Generation? Research Papers Jinhao Dong Peking University, Qihao Zhu Peking University, Zeyu Sun Zhongguancun Laboratory, Yiling Lou Fudan University, Dan Hao Peking University Pre-print File Attached | ||
16:34 12mTalk | Repeated Builds During Code Review: An Empirical Study of the OpenStack Community Research Papers Rungroj Maipradit University of Waterloo, Dong Wang Kyushu University, Japan, Patanamon Thongtanunam University of Melbourne, Raula Gaikovina Kula Nara Institute of Science and Technology, Yasutaka Kamei Kyushu University, Shane McIntosh University of Waterloo Pre-print File Attached | ||
16:47 12mTalk | Automated Software Entity Matching Between Successive VersionsRecorded talk Research Papers Bo Liu Beijing Institute of Technology, Hui Liu Beijing Institute of Technology, Nan Niu University of Cincinnati, Yuxia Zhang Beijing Institute of Technology, Guangjie Li National Innovation Institute of Defense Technology, Yanjie Jiang Beijing Institute of Technology DOI Media Attached | ||