On the evolution of technical lag in the npm package dependency network

•

0 likes•101 views

Presentation at the International Conference on Software Maintenance and Evolution (ICSME2018), Madrid, Spain, 28 September 2018. Joint research by Alexandre Decan, Eleni Constantinou, Tom Mens at the Software Engineering Lab of the University of Mons. Research conducted in the context of the SECOHealth and SECO-ASSIST research projects (https://secohealth.github.io, https://secoassist.github.io) We empirically analyse the context of technical lag in the JavaScript npm package dependency network to assess to which extent npm software packages and their dependencies are outdated.

Software

ICSME 2018
ON THE EVOLUTION OF TECHNICAL LAG IN THE
NPM PACKAGE DEPENDENCY NETWORK
ALEXANDRE
DECAN
ELENI
CONSTANTINOU
TOM MENS
@AlexandreDecan
@tom_mens
@eleni_const

PACKAGE DEPENDENCY
NETWORKS
&
TECHNICAL LAG

Semantic versioning
major minor patch
3 9 2
Breaking
changes Bug fixes
Backwards
compatible
changes
4.0.0 3.10.0 3.9.3

Dependency constraints
More
Permissive
More
Restrictive
major minor patch
3 9 2

Technical Lag
[1] J. M. Gonzalez-Barahona et al. Technical lag in software compilations: Measuring how outdated a software deployment is. IFIP International
Conf. on Open Source Systems, pp. 182—192, 2017.
How outdated a
software system is with
respect to its upstream
dependencies [1]

Δt(d3,t)
Δt(d2,t)
Δt(d1,t)
r
p1
p2
p3
Technical lag at time t
For a dependency d:
For a release r:

$T1 p1 p2 1.0.0 1.0.1 1.0.21.1.0 r1 r2 T2 T3 T4 T5 T6 T7 T9T8 2.0.0 T10 Technical lag example 1.0.0 1.0.0Analysis date Constraint Missed Technical Lag ~1.0.0 {1.1.0, 2.0.0} ^1.0.0 {2.0.0} T10 – T5 T10 – T9 p2p1$

Should I keep my dependencies up-to-date?
COST
§ Effort to integrate backwards
incompatible changes
§ Monitor dependency evolution
RISK
§ Backwards incompatible
changes
BENEFIT
§ Bug fixes
§ Security vulnerability fixes
§ New features

NOVEMBER 2017
Libraries.io [2]
[2] http://doi.org/10.5281/zenodo.1068916

How prominent is technical lag (TL)?
25% of dependencies/
40% of releases suffer from TL
Dependency management tools reduce TL presence

How long is the technical lag?
>=2015: average TL is 7 to 9 months
Only 25% have a TL <52 days
TL information in dependency management tools

How frequently are packages updated?
It takes an average of 12 to 22 days to update a
release
Frequent updates can contribute to TL of dependents

During the lifetime of a
package release, a new
release of its dependency
becomes available that
does not satisfy the
dependency constraint
Why does technical lag occur?
A package release does not use the highest available release of
its dependency
1 out of 3 releases missed a new release of a
dependency because it is excluded by the constraint.

How does technical lag evolve?
Most packages do not change their constraints
to use newer releases of their dependencies.
Better tool support for managing constraints

Could technical lag be reduced
by proper use of semantic versioning?
The proportion of releases suffering from TL could be
reduced by 17.7%
Package maintainers should adhere to semantic
versioning

npm package releases/dependencies suffer from technical lag
7 - 9 months of technical lag
Proper use of semantic versioning
Ø Decreases the effect of technical lag (~18%)
Ø Allows to benefit from vulnerability fixes
Summary

Conclusion
Dependency management tools help package maintainers to reduce the
presence technical lag.
Dependency monitoring tools should incorporate technical lag information.
Ecosystem-wide view of technical lag.
Support dependent packages/backport important fixes.
Transitive
dependencies
Direct
dependencies
Technical lag
definition

Similar to On the evolution of technical lag in the npm package dependency network

Invited presentation at Concordia University (Montreal, Canada) by Eleni Constantinou and Tom Mens on recent research about the socio-technical health issues in software package management ecosystems. Abstract: The large majority of today’s software is relying on open software software components. Such components are typically distributed through package managers for a wide variety of programming languages, and developed and maintained through online distributed software development services like GitHub. Software component repositories are perceived as software ecosystems that constitute complex and evolving socio-technical software dependency networks. Because of their complexity and evolution, these ecosystems tend to suffer from a wide variety of software health issues that can be either technical or social in nature. Examples of such issues include the ecosystem fragility due to exponential growth and transitive dependencies; the abundance of outdated, unmaintained or obsolete software components; the prolonged presence of unfixed bugs and security vulnerabilities; the abandonment or high turnover of key contributors, suboptimal collaboration between contributors, and many more. This presentation will report on our past and ongoing empirical research that studies such health factors within and across different software packaging ecosystems (such as npm, RubyGems, Cargo, CRAN, CPAN). We provide empirical evidence of some of the health problems, compare their presence across different ecosystems, and suggest ways to reduce their potential impact by providing concrete guidelines and tools. The presented research Is being conducted by researchers of the Software Engineering Lab at the University of Mons in the context of two ongoing projects SECOHealth and SECO-ASSIST, aiming to analyse and improve the health of software ecosystems.

Empirically Analysing the Socio-Technical Health of Software Package Managers

Tom Mens

On the health of the npm packaging ecosystem

Tom Mens

Unsustainable Regaining Control of Uncontrollable Apps

CAST

How to save on software maintenance costs

FrancisJansen

PhD public defense: A Measurement Framework for Analyzing Technical Lag in ...

Ahmed Zerouali

Proactive Population-Risk Based Defense Against Denial of Cyber-Physical Serv...

IRJET Journal

PacketsNeverLie

Rick Kingsley

Whitepaper Omnext

meijerandre

PACE-IT: Applying Patches and Upgrades

Pace IT at Edmonds Community College

Alft

Vincenzo De Florio

Measuring Technical Lag in Software Deployments (CHAOSScon 2020)

Tom Mens

Towards an empirical analysis of the maintainability of CRAN packages

Tom Mens

Watch the full OnDemand Webcast: http://bit.ly/tuneupnetwork It’s time to make good on that new year’s resolution. Admit it, in a moment of weakness as the clock hit midnight you resolved to dig in and tune up your corporate network in the new year. Well, the new year is already passing quickly by, so if you haven’t yet made good on that resolution, here is your chance. In these slides from our web seminar, we return to the basics – overall network evaluation, baseline measurements and comparisons, typical yet troublesome network issues, sharing bandwidth in the presence of time-sensitive applications, security, and overall network monitoring and reporting, just to name a few. We focus on practical issues and practical methods for improving the overall health of your network. In these slides, we will cover: - Critical elements to consider when evaluating your network - Common pitfalls and how to avoid them - Developing and using network baselines - Optimizing network usage in the presence of competing applications and protocols - Monitoring and reporting on your well-tuned network What you will learn: 1. How and where to find the data you need 2. How to automate network monitoring and analysis to ensure the success of your tune up 3. How to quickly diagnose problems when things go wrong

Tune Up Your Network for the New Year

Savvius, Inc

Wait for it: identifying “On-Hold” self-admitted technical debt

RungrojMaipradit1

See how IT Risks Impacts your Business. CAST help you to check on software performance, stability, maintainability, and security vulnerabilities in which CAST excels and successfully differentiates from code analyzers.CAST’s Application Intelligence Platform and Rapid Portfolio Analysis solutions can help you avoid these types of “software glitches” or "software risks" by allowing you to gain greater visibility through automated code review that identifies the root causes of risks before they become production problems, while expediting time-to-market with shorter release time lines and improved business agility.

Managing Software Risk with CAST

CAST

Crypto Mark Scheme for Fast Pollution Detection and Resistance over Networking

IRJET Journal

On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...

Tom Mens

Modern IP networks are complex entities that require constant maintenance and care. Similarly, constructing a new network comes with a high amount of upfront cost, planning, and risk. Unlike the disciplines of software and hardware engineering, networking and IT professionals lack an expressive and useful certification language that they can use to verify that their work is correct. When installing and maintaining networks without a standard for describing their behavior, teams find themselves prone to making configuration mistakes. These mistakes can have real monetary and operational efficiency costs for organizations that maintain large networks.In this research, the Network Certification Description Language (NETCDL) is proposed as an easily human readable and writeable language that is used to describe network components and their desired behavior. The complexity of the grammar is shown to rank in the top 5 out of 31 traditional computer language grammars, as measured by metrics suite. The language is also shown to be able to express the majority of common use cases in network troubleshooting. A workflow involving a certifier tool is proposed that uses NETCDL to verify network correctness, and a reference certifier design is presented to guide and standardize future implementations.

NETCDL : THE NETWORK CERTIFICATION DESCRIPTION LANGUAGE

ijcsitcejournal

Is my software ecosystem healthy? It depends!

Tom Mens

Rain technology seminar

Mufeedh Muhammed

Similar to On the evolution of technical lag in the npm package dependency network (20)

Empirically Analysing the Socio-Technical Health of Software Package Managers

On the health of the npm packaging ecosystem

Unsustainable Regaining Control of Uncontrollable Apps

How to save on software maintenance costs

PhD public defense: A Measurement Framework for Analyzing Technical Lag in ...

Proactive Population-Risk Based Defense Against Denial of Cyber-Physical Serv...

PacketsNeverLie

Whitepaper Omnext

PACE-IT: Applying Patches and Upgrades

Alft

Measuring Technical Lag in Software Deployments (CHAOSScon 2020)

Towards an empirical analysis of the maintainability of CRAN packages

Tune Up Your Network for the New Year

Wait for it: identifying “On-Hold” self-admitted technical debt

Managing Software Risk with CAST

Crypto Mark Scheme for Fast Pollution Detection and Resistance over Networking

On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...

NETCDL : THE NETWORK CERTIFICATION DESCRIPTION LANGUAGE

Is my software ecosystem healthy? It depends!

Rain technology seminar

More from Tom Mens

How to be(come) a successful PhD student

Tom Mens

Recognising bot activity in collaborative software development

Tom Mens

A Dataset of Bot and Human Activities in GitHub

Tom Mens

The (r)evolution of CI/CD on GitHub

Tom Mens

In January 2018, four Software Engineering research groups located in different Belgian Universities launched a five year research project to nurture the software ecosystems of the future. We assembled a diverse team of about a dozen researchers and embarked on an exciting journey leading to a rich and diverse suite of papers, tools and datasets. Halfway into the project the corona pandemic intervened, but despite several months of lockdown, we succeeded in increasing inter-university collaboration. In this paper we share our achievements so that the BENEVOL community may benefit from our experience.

Nurturing the Software Ecosystems of the Future

Tom Mens

Comment programmer un robot en 30 minutes?

Tom Mens

On the rise and fall of CI services in GitHub

Tom Mens

Presentation at FOSDEM 2022 Composition and Dependency Management DevRoom of empirical research on backporting practices in package dependency networks, published in the IEEE Transactions in Software Engineering in 2021 (https://doi.org/10.1109/TSE.2021.3112204) Joint work by Alexandre Decan, Tom Mens; Ahmed Zeourali, Coen De Roover as part of the Belgian Excellence of Science research project SECOASSIST (https://secoassist.github.io)

On backporting practices in package dependency networks

Tom Mens

Presentation by Tom Mens at PackagingCon 2021 on Wednesday 10 November 2021. Abstract: Semantic versioning (semver) is a commonly accepted open source practice, used by many package management systems to inform whether new package releases introduce possibly backward incompatible changes. Maintainers depending on such packages can use this practice to reduce the risk of breaking changes in their own packages by specifying version constraints on their dependencies. Depending on the amount of control a package maintainer desires to assert over her package dependencies, these constraints can range from very permissive to very restrictive. We empirically compared the evolution of semver compliance in four package management systems: Cargo, npm, Packagist and Rubygems. We discuss to what extent ecosystem-specific characteristics influence the degree of semver compliance, and we suggest to develop tools adopting the wisdom of the crowds to help package maintainers decide which type of version constraints they should impose on their dependencies. We also studied to which extent the packages distributed by these package managers are still using a 0.y.z release, suggesting less stable and immature packages. We explore the effect of such "major zero" packages on semantic versioning adoption. Our findings shed insight in some important differences between package managers with respect to package versioning policies. Our empirical results have been published in two peer-reviewed academic journals: the IEEE Transactions in Software Engineering (https://doi.org/10.1109/TSE.2019.2918315) and Elsevier Science of Computer Programming (https://doi.org/10.1016/j.scico.2021.102656). Achknowledgments: Research conducted in the context of the SECOASSIST "Excellence of Science" Research Project.

Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems

Tom Mens

Presentation by Tom Mens at FOSDEM21 (Free Open Source Developers Meeting, February 2021). Published in Science of Computer Programming, August 2021. https://doi.org/10.1016/j.scico.2021.102656 Abstract: When developing open source software end-user applications or reusable software packages, developers depend on software packages distributed through package managers such as npm, Packagist, Cargo, RubyGems. In addition to this, empirical evidence has shown that these package managers adhere to a large extent to semantic versioning principles. Packages that are still in major version zero are considered unstable according to semantic versioning, as some developers consider such packages as immature, still being under initial development. This presentation reports on large-scale empirical evidence on the use of dependencies towards 0.y.z versions in four different software package distributions: Cargo, npm, Packagist and RubyGems. We study to which extent packages get stuck in the zero version space, never crossing the psychological barrier of major version zero. We compare the effect of the policies and practices of package managers on this phenomenon. We do not reveal the results of our findings in this abstract yet, as it would spoil the fun of the presentation.

Lost in Zero Space

Tom Mens

Detecting the presence of bots in distributed software development activity is very important in order to prevent bias in socio-technical empirical studies. In previous work, we proposed a classification model to detect bots in GitHub repositories based on the pull request and issue comments of GitHub accounts. The current study generalises the approach to git contributors based on their commit messages. We train and evaluate the classification model on a large dataset of 6,922 git contributors. The original model based on pull request and issue comments obtained a precision of 0.77 on this dataset, whereas retraining the classification model on git commit messages increased the precision to 0.80. As a proof-of-concept, we implemented this model in BoDeGiC, an open source command-line tool to detect bots in git repositories.

Evaluating a bot detection model on git commit messages

Tom Mens

Presentation by Mehdi Golzadeh (Software Engineering Lab, University of Mons) of an article published at the 2nd International ICSE Workshop on Bots In Software Engineering (BotSE). See https://doi.org/10.1145/3387940.3391503 Abstract: Many empirical studies focus on socio-technical activity in social coding platforms such as GitHub, for example to study the onboarding, abandonment, productivity and collaboration among team members. Such studies face the difficulty that GitHub activity can also be generated automatically by bots of a different nature. It therefore becomes imperative to distinguish such bots from human users. We propose an automated approach to detect bots in GitHub pull request activity. Relying on the assumption that bots contain repetitive message patterns in their pull request comments, we analyse the similarity between multiple messages from the same GitHub identity, using a clustering method that combines the Jaccard and Levenshtein distance. We empirically evaluate our approach by analysing 20,090 comments of 250 users and 42 bots in 1,262 GitHub repositories. Our results show that the method is able to clearly separate bots from human users.

Bot or not? Detecting bots in GitHub pull request activity based on comment s...

Tom Mens

How magic is zero? An Empirical Analysis of Initial Development Releases in S...

Tom Mens

This presentation reports on the research results achieved in the context of the interuniversity interdisciplinary research project SECOHealth "Vers une méthodologie et analyse socio-technique interdisciplinaire de la santé des écosystèmes logiciels" co-financed by FRS-FNRS Belgium and FRQ (FRSC - FRNT, Québec) with principal investigators Tom Mens (UMONS), Bram Adams (Polytechnique Montréal) and Josianne Marsan (Université Laval).

SecoHealth 2019 Research Achievements

Tom Mens

Introduction to the research seminar on empirical analysis of open source software ecosystems, organised by the SECO-ASSIST "excellence of science" research project, on September 4th, 2019 at the University of Mons, Belgium. With invited presentations by Alexander Serebrenik, Jesus Gonzalez-Barahona, Dario Di Nucci and Henrique Nucci. The seminar concludes with the public PhD defense of Ahmed Zerouali (supervised by Tom Mens) on the topic of "A Measurement Framework for Analyzing Technical Lag in Open-Source Software Ecosystems"

SECO-Assist 2019 research seminar

Tom Mens

Demonstration of the ConPan tool for analysing outdated packages and their security vulnerabilities in Docker containers. Developed by Ahmed Zerouali, Software Engineering Lab, University of Mons. In collaboration with Universidad Rey Juan Carlos and Bitergia, Madrid, Spain. Presented by Tom Mens at the MSR 2019 International Conference on Mining Software Repositories, May 2019, Montréal, Canada.

ConPan: Analysing Packages Installed in Docker Containers

Tom Mens

Presentation by Prof. Tom Mens (University of Mons) of an ERA-track paper at SANER 2019, the International Conference on Software Analysis, Evolution and Reengineering (Hangzhou, China, February 2019). Abstract: Software systems often leverage on open source software libraries to reuse functionalities. Such libraries are readily available through software package managers like npm for JavaScript. Due to the huge amount of packages available in such package distributions, developers often decide to rely on or contribute to a software package based on its popularity. Moreover, it is a common practice for researchers to depend on popularity metrics for data sampling and choosing the right candidates for their studies. However, the meaning of popularity is relative and can be defined and measured in a diversity of ways, that might produce different outcomes even when considered for the same studies. In this paper, we show evidence of how different is the meaning of popularity in software engineering research. Moreover, we empirically analyse the relationship between different software popularity measures. As a case study, for a large dataset of 175k npm packages, we computed and extracted 9 different popularity metrics from three open source tracking systems: libraries.io, npmjs.com and GitHub. We found that indeed popularity can be measured with different unrelated metrics, each metric can be defined within a specific context. This indicates a need for a generic framework that would use a portfolio of popularity metrics drawing from different concepts. Acknowledgments: This work was partially supported by the EU Research FP (H2020-MSCA-ITN-2014-642954, Seneca), the Spanish Government (TIN2014-59400-R, SobreVision), the Excellence of Science Project SECO-Assist (O015718F, FWO - Vlaanderen and F.R.S.-FNRS).

On the diversity of software popularity metrics: An empirical study of npm

Tom Mens

Presentation by Prof. Tom Mens (University of Mons) about the relation between, and guidelines for increasing, the internal and external technical debt and technical health of software. This talk was presented at the Business and Technology Club of the Infopole Cluster TIC in Gosselies (Belgium) on 19 February 2019. The ideas presented are partly based on research conducted in the context of the FRNS-FWO co-financed "Excellence of Science" Research Project SECO-ASSIST (http://secoassist.github.io)

How to increase the technical health of your software?

Tom Mens

"Software Ecosystem Health" lightning talk

Tom Mens

Presentation slides of MSR 2018 article, co-authored by Alexandre Decan, Tom Mens and Eleni Constantinou from University of Mons, Belgium. Research carried out as part of the SECOHealth and SECO-ASSIST research projects. Abstract: Security vulnerabilities are among the most pressing problems in open source software package libraries. It may take a long time to discover and fix vulnerabilities in packages. In addition, vulnerabilities may propagate to dependent packages, making them vulnerable too. This paper presents an empirical study of nearly 400 security reports over a 6-year period in the npm dependency network containing over 610k JavaScript packages. Taking into account the severity of vulnerabilities, we analyse how and when these vulnerabilities are discovered and fixed, and to which extent they affect other packages in the packaging ecosystem in presence of dependency constraints. We report our findings and provide guidelines for package maintainers and tool developers to improve the process of dealing with security issues.

On the impact of security vulnerabilities in the npm package dependency network

Tom Mens

More from Tom Mens (20)

How to be(come) a successful PhD student

Recognising bot activity in collaborative software development

A Dataset of Bot and Human Activities in GitHub

The (r)evolution of CI/CD on GitHub

Nurturing the Software Ecosystems of the Future

Comment programmer un robot en 30 minutes?

On the rise and fall of CI services in GitHub

On backporting practices in package dependency networks

Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems

Lost in Zero Space

Evaluating a bot detection model on git commit messages

Bot or not? Detecting bots in GitHub pull request activity based on comment s...

How magic is zero? An Empirical Analysis of Initial Development Releases in S...

SecoHealth 2019 Research Achievements

SECO-Assist 2019 research seminar

ConPan: Analysing Packages Installed in Docker Containers

On the diversity of software popularity metrics: An empirical study of npm

How to increase the technical health of your software?

"Software Ecosystem Health" lightning talk

On the impact of security vulnerabilities in the npm package dependency network

Recently uploaded

In an era where security concerns are paramount, the integration of artificial intelligence (AI) into CCTV cameras has revolutionized surveillance capabilities. One of the most significant advancements is the ability to achieve real-time threat detection, enabling immediate responses to potential security breaches. This blog explores how AI is reshaping surveillance through real-time threat detection and the implications of this technology.

Optimizing AI for immediate response in Smart CCTV

shikhaohhpro

HR Software Buyers Guide in 2024 - HRSoftware.com

Fatema Valibhai

Many specialized tools cater to distinct stages within the software development lifecycle (SDLC). These tools target various aspects of development, delivery, and operations, each with its unique strengths. Uniting these diverse testing needs into a single continuous testing platform presents several challenges. Such a platform must seamlessly integrate with various development tools and environments, accommodate different testing methodologies, and remain flexible to adapt to organizational processes and quality standards.

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

kalichargn70th171

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

5 Signs You Need a Fashion PLM Software.pdf

Wave PLM

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Diamond Application Development Crafting Solutions with Precision

SolGuruz

At TECUNIQUE, we're a stable and steadily growing Indian software services company with over 14 years of industry experience. Specializing in offshore software development and quality assurance services, we've built a reputation for delivering unique and effective solutions to start-ups, software development companies, enterprises, and digital agencies. We pride ourselves on our commitment to excellence and innovation. By blending insightful business domain knowledge with exceptional technical prowess, we craft tailor-made solutions that meet the unique needs of our clients. Our dedicated teams are adept in specific technologies, ensuring seamless integration of skills and delivering reliable, scalable, and high-quality software solutions aligned with our clients' preferences. Bespoke Dedicated Teams: Crafted to meet your specific needs and technology preferences, our dedicated teams are committed to delivering top-notch software solutions. Offshore Software Development: Accelerate your software development and scale up quickly with our 12+ years of expertise in offshore development. Quality Assurance Services: Ensure the quality of your software products with our dedicated teams of experienced QA professionals. IT Staff Augmentation: Overcome skill gaps with our client-centric software team, offering staff augmentation services. Expert Software Services: Unlock our capabilities in custom software development, product development, and quality assurance. Mission and Vision: Our mission at TECUNIQUE is to be the catalyst for our clients' success in the dynamic domain of software development. Rooted in our core values of respect, authenticity, and responsibility, we strive to ease the software outsourcing experience, reducing both time and cost to market for our clients. We envision ourselves as the leading Indian software services company, renowned for our unwavering commitment to excellence and innovation. www.tecunique.com

TECUNIQUE: Success Stories: IT Service provider

mohitmore19

Foundation models are machine learning models which are easily capable of performing variable tasks on large and huge datasets. FMs have managed to get a lot of attention due to this feature of handling large datasets. It can do text generation, video editing to protein folding and robotics. In case we believe that FMs can help the hospitals and patients in any way, we need to perform some important evaluations, tests to test these assumptions. In this review, we take a walk through Fms and their evaluation regimes assumed clinical value. To clarify on this topic, we reviewed no less than 80 clinical FMs built from the EMR data. We added all the models trained on structured and unstructured data. We are referring to this combination of structured and unstructured EMR data or clinical data.

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

harshavardhanraghave

How To Use Server-Side Rendering with Nuxt.js

Andolasoft Inc

8257 interfacing 2 in microprocessor for btech students

HimanshiGarg82

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

Test automation is a cornerstone of software development and quality assurance in today's rapidly evolving digital landscape. Its significance cannot be overstated. Businesses can enhance efficiency, productivity, and accelerate software delivery to market through automation, streamlining testing processes effectively. This comprehensive guide addresses the best practices for test automation in 2024. It offers a detailed checklist to empower you to optimize your automation efforts and maintain a competitive edge.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

kalichargn70th171

Looking to embark on a digital project in New York City? Choosing the ideal Laravel development partner is pivotal. Begin by defining your project requirements clearly. Assess potential partners' experience, expertise, and technical proficiency, checking portfolios and client testimonials. Effective communication and collaboration are paramount, so evaluate partners' communication styles and project management approaches. Consider long-term scalability and support options, and discuss pricing and contracts transparently. Lastly, trust your instincts when selecting a partner aligned with your vision and values.

How to Choose the Right Laravel Development Partner in New York City_compress...

software pro Development

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

kalichargn70th171

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

A great deal of attention in medical devices has shifted towards cybersecurity with the ratification of section 524B of the FD&C act. This new law enables the FDA to enforce cybersecurity controls in any medical device that is capable of networked communications or that has software. In this webinar we will recap the process for managing vulnerabilities, identify categories of vulnerabilities and solutions and more.

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

ICS

Recently uploaded (20)

Optimizing AI for immediate response in Smart CCTV

HR Software Buyers Guide in 2024 - HRSoftware.com

The Guide to Integrating Generative AI into Unified Continuous Testing Platfo...

Define the academic and professional writing..pdf

5 Signs You Need a Fashion PLM Software.pdf

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Diamond Application Development Crafting Solutions with Precision

TECUNIQUE: Success Stories: IT Service provider

Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...

How To Use Server-Side Rendering with Nuxt.js

8257 interfacing 2 in microprocessor for btech students

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

How to Choose the Right Laravel Development Partner in New York City_compress...

VTU technical seminar 8Th Sem on Scikit-learn

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

10 Trends Likely to Shape Enterprise Technology in 2024

Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...

On the evolution of technical lag in the npm package dependency network

1. ICSME 2018 ON THE EVOLUTION OF TECHNICAL LAG IN THE NPM PACKAGE DEPENDENCY NETWORK ALEXANDRE DECAN ELENI CONSTANTINOU TOM MENS @AlexandreDecan @tom_mens @eleni_const

2. PACKAGE DEPENDENCY NETWORKS & TECHNICAL LAG

3. Package dependency networks

4. Semantic versioning major minor patch 3 9 2 Breaking changes Bug fixes Backwards compatible changes 4.0.0 3.10.0 3.9.3

5. Dependency constraints More Permissive More Restrictive major minor patch 3 9 2

6. Technical Lag [1] J. M. Gonzalez-Barahona et al. Technical lag in software compilations: Measuring how outdated a software deployment is. IFIP International Conf. on Open Source Systems, pp. 182—192, 2017. How outdated a software system is with respect to its upstream dependencies [1]

7. Δt(d3,t) Δt(d2,t) Δt(d1,t) r p1 p2 p3 Technical lag at time t For a dependency d: For a release r:

8. T1 p1 p2 1.0.0 1.0.1 1.0.21.1.0 r1 r2 T2 T3 T4 T5 T6 T7 T9T8 2.0.0 T10 Technical lag example 1.0.0 1.0.0Analysis date Constraint Missed Technical Lag ~1.0.0 {1.1.0, 2.0.0} ^1.0.0 {2.0.0} T10 – T5 T10 – T9 p2p1

9. Should I keep my dependencies up-to-date? COST § Effort to integrate backwards incompatible changes § Monitor dependency evolution RISK § Backwards incompatible changes BENEFIT § Bug fixes § Security vulnerability fixes § New features

10. DATASET

11. NOVEMBER 2017 Libraries.io [2] [2] http://doi.org/10.5281/zenodo.1068916

12. FINDINGS

13. How prominent is technical lag (TL)? 25% of dependencies/ 40% of releases suffer from TL Dependency management tools reduce TL presence

14. How long is the technical lag? >=2015: average TL is 7 to 9 months Only 25% have a TL <52 days TL information in dependency management tools

15. How frequently are packages updated? It takes an average of 12 to 22 days to update a release Frequent updates can contribute to TL of dependents

16. During the lifetime of a package release, a new release of its dependency becomes available that does not satisfy the dependency constraint Why does technical lag occur? A package release does not use the highest available release of its dependency 1 out of 3 releases missed a new release of a dependency because it is excluded by the constraint.

17. How does technical lag evolve? Most packages do not change their constraints to use newer releases of their dependencies. Better tool support for managing constraints

18. Could technical lag be reduced by proper use of semantic versioning? The proportion of releases suffering from TL could be reduced by 17.7% Package maintainers should adhere to semantic versioning

19. SUMMARY & CONCLUSION

20. npm package releases/dependencies suffer from technical lag 7 - 9 months of technical lag Proper use of semantic versioning Ø Decreases the effect of technical lag (~18%) Ø Allows to benefit from vulnerability fixes Summary

21. Conclusion Dependency management tools help package maintainers to reduce the presence technical lag. Dependency monitoring tools should incorporate technical lag information. Ecosystem-wide view of technical lag. Support dependent packages/backport important fixes. Transitive dependencies Direct dependencies Technical lag definition

On the evolution of technical lag in the npm package dependency network

Recommended

Recommended

More Related Content

Similar to On the evolution of technical lag in the npm package dependency network

Similar to On the evolution of technical lag in the npm package dependency network (20)

More from Tom Mens

More from Tom Mens (20)

Recently uploaded

Recently uploaded (20)

On the evolution of technical lag in the npm package dependency network