An Empirical Analysis of Technical Lag in npm Package Dependencies
Abstract
Software library packages are constantly evolving and increasing in number. Not updating to the latest available release of dependent libraries may negatively affect software development by not benefiting from new functionality, vulnerability and bug fixes available in more recent versions. On the other hand, automatically updating to the latest release may introduce incompatibility issues. We introduce a technical lag metric for dependencies in package networks, in order to assess how outdated a software package is compared to the latest available releases of its dependencies. We empirically analyse the package update practices and technical lag for the npm distribution of JavaScript packages. Our results show a strong presence of technical lag caused by the specific use of dependency constraints, indicating a reluctance to update dependencies to avoid backward incompatible changes. ; Preprint of the paper published as Zerouali A., Constantinou E., Mens T., Robles G., Gonzalez-Barahona J. (2018) An Empirical Analysis of Technical Lag in npm Package Dependencies. In: Capilla R., Gallina B., Cetina C. (eds) New Opportunities for Software Reuse. ICSR 2018. Lecture Notes in Computer Science, vol 10826. Springer. DOI 10.1007/978-3-319-90421-4_6. The work presented in this paper has been funded in part by the European Union's Horizon 2020 Research and Innovation Programme under the Marie Sklodowska-Curie grant agreement No 642954 (Seneca), by the bilateral FRQ-FNRS research program 30440672 SECOHealth, by the research project TIN2014-59400-R SobreVision funded by the Spanish Government, and by Excellence of Science project 30446992 SECO-Assist financed by FWO - Vlaanderen and F.R.S.-FNRS.
Problem melden