Understanding the Response to Open-Source Dependency Abandonment in the npm Ecosystem
Award Winner
Many developers relying on open-source digital infrastructure expect continuous maintenance, but even the most critical packages can become unmaintained. Despite this, there is little understanding of the prevalence of abandonment of widely-used packages, of subsequent exposure, and of reactions to abandonment in practice, or the factors that influence them. We perform a large-scale quantitative analysis of all widely-used npm packages and find that abandonment is common among them, that abandonment exposes many projects which often do not respond, that responses correlate with other dependency management practices, and that removal is significantly faster when a projects end-of-life status is explicitly stated. We end with recommendations to both researchers and practitioners who are facing dependency abandonment or are sunsetting projects, such as opportunities for low-effort transparency mechanisms to help exposed projects make better, more informed decisions.
Fri 2 MayDisplayed time zone: Eastern Time (US & Canada) change
14:00 - 15:30 | |||
14:00 15mTalk | Decoding the Issue Resolution Process In Practice via Issue Report Analysis: A Case Study of Firefox Research Track Pre-print | ||
14:15 15mTalk | Preserving Privacy in Software Composition Analysis: A Study of Technical Solutions and Enhancements Research Track Huaijin Wang Ohio State University, Zhibo Liu Hong Kong University of Science and Technology, Yanbo Dai The Hong Kong University of Science and Technology (Guangzhou), Shuai Wang Hong Kong University of Science and Technology, Qiyi Tang Tencent Security Keen Lab, Sen Nie Tencent Security Keen Lab, Shi Wu Tencent Security Keen Lab | ||
14:30 15mTalk | UML is Back. Or is it? Investigating the Past, Present, and Future of UML in Open Source Software Research Track Joseph Romeo Software Institute - USI, Lugano, Switzerland, Marco Raglianti Software Institute - USI, Lugano, Csaba Nagy , Michele Lanza Software Institute - USI, Lugano Pre-print | ||
14:45 15mTalk | Understanding the Response to Open-Source Dependency Abandonment in the npm EcosystemAward Winner Research Track Courtney Miller Carnegie Mellon University, Mahmoud Jahanshahi University of Tennessee, Audris Mockus University of Tennessee, Bogdan Vasilescu Raj Reddy Associate Professor of Software and Societal Systems, Carnegie Mellon University, USA, Christian Kästner Carnegie Mellon University | ||
15:00 15mTalk | Understanding Compiler Bugs in Real Development Research Track Hao Zhong Shanghai Jiao Tong University | ||
15:15 15mTalk | Studying Programmers Without Programming: Investigating Expertise Using Resting State fMRI Research Track Zachary Karas Vanderbilt University, Benjamin Gold Vanderbilt University, Violet Zhou University of Michigan, Noah Reardon University of Michigan, Thad Polk University of Michigan, Catie Chang Vanderbilt University, Yu Huang Vanderbilt University | ||