Title: Which Dependency was Updated? Exploring Who Changes Dependencies in npm packages
Abstract: Nowadays, software development increasingly depends on third-party library packages to reuse functionality and save the costs of building themselves. Since dependency is constantly evolving, developers struggle to update dependencies. In this work, we take the first exploration into the responsibility of updating a dependency. Analyzing 89,393 npm packages, we mine the repositories to understand who is the person responsible (i.e., dependency author) for the library update and whether or not the spread of responsibility of updating has an impact on what libraries will get updated. Our results show that 64.24% packages have only one dependency author who is responsible for the dependency. Furthermore, the number of dependency authors correlates with dependency changes, hinting that updating dependencies correlates with having more responsible developers. Lastly, we find that npm packages with just a single dependency author update different libraries compared to those with more dependency authors.
Publication Year: 2021
Publication Date: 2021-11-24
Language: en
Type: article
Indexed In: ['crossref']
Access and Citation
Cited By Count: 1
AI Researcher Chatbot
Get quick answers to your questions about the article from our AI researcher chatbot