SlideShare ist ein Scribd-Unternehmen logo

Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seven Software Packaging Ecosystems

Als PPTX, PDF herunterladen
Tom Mens
Tom Mens

Presentation by Tom Mens of joint work with Alexandre Decan (University of Mons) at the SATTOSE 2017 research seminar in Madrid (7 June 2017). Abstract: We carry out a quantitative empirical comparison of the macro-level evolution of software packaging ecosystems for a multitude of different programming languages. We report on the most important observed differences and commonalities in the evolution of their package dependency networks. We hypothesise that the observed commonalities emerge due to the ecosystem scale and complexity. Inspired by Lehman’s laws of software evolution, we seek evidence for a series of empirically observable “laws of software ecosystem evolution”.

Wissenschaft
1 von 29
An Empirical Comparison of Seven Package Dependency Networks NugetnpmCargo CRAN CPAN Packagist RubyGems Towards Laws of Software Ecosystem Evolution
An Empirical Comparison of Seven Package Dependency Networks Towards Laws of Software Ecosystem Evolution Tom Mens and Alexandre Decan COMPLEXYS Research Institute University of Mons, Belgium
Software Ecosystems Large and coherent collections of software components that are maintained by large and geographically distributed online communities.
Software Packaging Ecosystems Collections of software packages distributed by package managers
Software Packaging Ecosystems Collections of software packages distributed by package managers
Package Dependency Networks Extracted using open source discovery service http://libraries.io (CC BY-SA 4.0) Name Age Language Packages Dependencies Cargo 2014 Rust 9k 150k CPAN 1995 Perl 34k 1,078k CRAN 1997 R 12k 164k npm 2010 JavaScript 462k 1,369k NuGet 2010 .NET 84k 1,665k Packagist 2012 PHP 97k 1,863k RubyGems 2004 Ruby 132k 1,894k
Laws of Software Evolution Empirically observed by M. Lehman for large proprietary software systems Continuing Growth Continuing Change Increasing Complexity [ … ] Do they also hold for software ecosystems? Lehman M.M. and Belady L.A., 1985. Software Evolution – Processes of Software Change. Free download from http://informatique.umons.ac.be/genlog/BeladyLehman1985-ProgramEvolution.pdf
Evolution of number of packages Continuing Growth
Evolution of number of dependencies Continuing Growth
Evolution of number of package updates per month Continuing Change Fastest growth for npm, NuGet, Packagist
Package releases get updated often Survival probability of a package release Continuing Change Probability > 50% for a package release to be updated within 2 months. For CRAN : within 6 months.
Younger packages get updated more often … Continuing Change Over 50% of updates are for packages ... up to 6 months old up to 6 months old up to 3 months old Over 2 years oldOver 2 years old … except for older ecosystems
Complexity caused by – high proportion of dependent packages Ecosystem Complexity I had one case where my package heavily depended on another package and after a while that package was removed from CRAN and stopped being maintained. So I had to remove one of the main features of my package. Now I try to minimize dependencies on packages that are not maintained by ‘established’ maintainers or by me.
Complexity caused by – high proportion of dependent packages Ecosystem Complexity
Most of the complexity is hidden … Ecosystem Complexity
Most of the complexity is hidden … … in the transitive dependencies Ecosystem Complexity
Complexity increases over time for some ecosystems (npm, nuget, cargo) Evolution of ratio between number of transitive and number of direct dependencies Increasing Complexity
Most of the complexity is deeply hidden … … in the transitive dependencies Proportion of top-level packages by depth of dependency tree Over 50% of top-level packages have deep dependency tree. Ecosystem Complexity
Impact of transitive dependencies March 2016 Unexpected removal of left-pad caused > 2% of all packages to break (> 5,400 packages) Ecosystem Complexity This impacted many thousands of projects. [...] We began observing hundreds of failures per minute, as dependent projects – and their dependents, and their dependents... – all failed when requesting the now-unpublished package.”
Impact of transitive dependencies March 2016 Unexpected removal of left-pad caused > 2% of all packages to break (> 5,400 packages) RubyGems, November 2010 Release 0.5.0 of i18n broke dependent package ActiveRecord, transitively required by >5% of all packages (930) Ecosystem Complexity
Impact of transitive dependencies • P-Impact Index = number of packages that are transitively required by at least P% of all packages. Evolution of 5-Impact Index Increasing Complexity
Summary Observed evidence of evolution “laws” of software (packaging) ecosystems Increasing growth Continuing change Increasing complexity (How) could we find evidence for other laws?
Complex Networks Emergent properties have been observed in complex networks – Small-world phenomenon – Power-law behaviour (unequal, skewed, distributions) – … Do they also hold for package dependency networks?
Low proportion of required packages Unequally Distributed Connectivity
• Low proportion of required packages concentrates high proportion of reverse deps – From 6% to 17% of required packages concentrate over 80% of all reverse dependencies. • High proportion of package updates is concentrated in a minority of packages. Power Law Behaviour Skewed Distributions Emergent property of complex networks?
Skewed distributions of in- and out-degree in package dependency graph • Few packages with many dependents (resp. dependencies) • Many packages with very few dependencies (resp. dependents) Power Law Behaviour Skewed Distributions
Summary Observed evidence of complex network behavior (power laws) Unequal distribution of package dependencies Unequal distribution of package updates Other emerging properties from complex networks?
Open Questions Many observed similarities across ecosystems … … but also some differences To which extent does the ecosystem policy influence its evolution? Many tools help in supporting package maintainers • DependencyCI, Gemnasium, … • How should they be improved? – E.g. to deal with transitive deps, co-installability issues, …
References • A Decan, T Mens, P Grosjean. An empirical comparison of package dependency networks in seven software ecosystems. SUBMITTED • E Constantinou, T Mens. Socio-technical evolution of the Ruby ecosystem in GitHub. SANER 2017 • A Decan, T Mens, M Claes. An empirical comparison of dependency issues in OSS packaging ecosystems. SANER 2017 • E Constantinou, T Mens. Social and technical evolution of software ecosystems: A case study of Rails. WEA 2016 • A Decan, T Mens, M Claes. On the topology of package dependency networks: A comparison of programming language ecosystems. WEA 2016

Empfohlen

On the topology of package dependency networks: A comparison of programming l...
On the topology of package dependency networks: A comparison of programming l...On the topology of package dependency networks: A comparison of programming l...
On the topology of package dependency networks: A comparison of programming l...Tom Mens
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemTom Mens
 
Socio-technical evolution and migration in the Ruby ecosystem
Socio-technical evolution and migration in the Ruby ecosystemSocio-technical evolution and migration in the Ruby ecosystem
Socio-technical evolution and migration in the Ruby ecosystemTom Mens
 
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...Tom Mens
 
Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!Tom Mens
 
Socio-Technical Evolution of the Ruby Ecosystem in GitHub
Socio-Technical Evolution of the Ruby Ecosystem in GitHubSocio-Technical Evolution of the Ruby Ecosystem in GitHub
Socio-Technical Evolution of the Ruby Ecosystem in GitHubTom Mens
 
When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...
When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...
When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...Tom Mens
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software Ecosystemeconst
 

Empfohlen

On the topology of package dependency networks: A comparison of programming l...
On the topology of package dependency networks: A comparison of programming l...On the topology of package dependency networks: A comparison of programming l...
On the topology of package dependency networks: A comparison of programming l...Tom Mens
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemTom Mens
 
Socio-technical evolution and migration in the Ruby ecosystem
Socio-technical evolution and migration in the Ruby ecosystemSocio-technical evolution and migration in the Ruby ecosystem
Socio-technical evolution and migration in the Ruby ecosystemTom Mens
 
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...
ICSME 2016 keynote: An ecosystemic and socio-technical view on software maint...Tom Mens
 
Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!Software Ecosystem Evolution. It's complex!
Software Ecosystem Evolution. It's complex!Tom Mens
 
Socio-Technical Evolution of the Ruby Ecosystem in GitHub
Socio-Technical Evolution of the Ruby Ecosystem in GitHubSocio-Technical Evolution of the Ruby Ecosystem in GitHub
Socio-Technical Evolution of the Ruby Ecosystem in GitHubTom Mens
 
When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...
When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...
When GitHub meets CRAN: An Analysis of Inter-Repository Package Dependency Pr...Tom Mens
 
Social and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software EcosystemSocial and Technical Evolution of the Ruby on Rails Software Ecosystem
Social and Technical Evolution of the Ruby on Rails Software Ecosystemeconst
 
Empirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersEmpirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersTom Mens
 
Evolving Software Ecosystems: Health and beyond
Evolving Software Ecosystems: Health and beyondEvolving Software Ecosystems: Health and beyond
Evolving Software Ecosystems: Health and beyondeconst
 
Socio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package EcosystemsSocio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package EcosystemsTom Mens
 
On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsTom Mens
 
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...Fasten Project
 
Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Tom Mens
 
On the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemOn the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemTom Mens
 
Socio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem HealthSocio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem HealthTom Mens
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Tom Mens
 
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...Tom Mens
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
 
Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsComparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsTom Mens
 
P43018691
P43018691P43018691
P43018691IJERA Editor
 
Towards an empirical analysis of the maintainability of CRAN packages
Towards an empirical analysis of the maintainability of CRAN packagesTowards an empirical analysis of the maintainability of CRAN packages
Towards an empirical analysis of the maintainability of CRAN packagesTom Mens
 
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...Ahmed Zerouali
 
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Project
 
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...David Meyer
 
On Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesOn Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesAhmed Zerouali
 
Bodleian Library's DAMS system
Bodleian Library's DAMS systemBodleian Library's DAMS system
Bodleian Library's DAMS systembenosteen
 
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...Amel Bennaceur
 
How to be(come) a successful PhD student
How to be(come) a successful PhD studentHow to be(come) a successful PhD student
How to be(come) a successful PhD studentTom Mens
 
Recognising bot activity in collaborative software development
Recognising bot activity in collaborative software developmentRecognising bot activity in collaborative software development
Recognising bot activity in collaborative software developmentTom Mens
 

Weitere ähnliche Inhalte

Ähnlich wie Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seven Software Packaging Ecosystems

Empirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersEmpirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersTom Mens
 
Evolving Software Ecosystems: Health and beyond
Evolving Software Ecosystems: Health and beyondEvolving Software Ecosystems: Health and beyond
Evolving Software Ecosystems: Health and beyondeconst
 
Socio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package EcosystemsSocio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package EcosystemsTom Mens
 
On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsTom Mens
 
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...Fasten Project
 
Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Tom Mens
 
On the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemOn the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemTom Mens
 
Socio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem HealthSocio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem HealthTom Mens
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Tom Mens
 
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...Tom Mens
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkTom Mens
 
Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsComparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsTom Mens
 
Towards an empirical analysis of the maintainability of CRAN packages
Towards an empirical analysis of the maintainability of CRAN packagesTowards an empirical analysis of the maintainability of CRAN packages
Towards an empirical analysis of the maintainability of CRAN packagesTom Mens
 
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...Ahmed Zerouali
 
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Project
 
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...David Meyer
 
On Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesOn Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesAhmed Zerouali
 
Bodleian Library's DAMS system
Bodleian Library's DAMS systemBodleian Library's DAMS system
Bodleian Library's DAMS systembenosteen
 
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...Amel Bennaceur
 

Ähnlich wie Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seven Software Packaging Ecosystems (20)

Empirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package ManagersEmpirically Analysing the Socio-Technical Health of Software Package Managers
Empirically Analysing the Socio-Technical Health of Software Package Managers
 
Evolving Software Ecosystems: Health and beyond
Evolving Software Ecosystems: Health and beyondEvolving Software Ecosystems: Health and beyond
Evolving Software Ecosystems: Health and beyond
 
Socio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package EcosystemsSocio-Technical Empirical Comparison of Software Package Ecosystems
Socio-Technical Empirical Comparison of Software Package Ecosystems
 
On the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystemsOn the fragility of open source software packaging ecosystems
On the fragility of open source software packaging ecosystems
 
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
FOSDEM 2020 Presentation: Comparing dependency management issues across packa...
 
Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)Comparing dependency issues across software package distributions (FOSDEM 2020)
Comparing dependency issues across software package distributions (FOSDEM 2020)
 
On the health of the npm packaging ecosystem
On the health of the npm packaging ecosystemOn the health of the npm packaging ecosystem
On the health of the npm packaging ecosystem
 
Socio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem HealthSocio-Technical Analysis of Software Ecosystem Health
Socio-Technical Analysis of Software Ecosystem Health
 
Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!Is my software ecosystem healthy? It depends!
Is my software ecosystem healthy? It depends!
 
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
On the Relation between Outdated Docker Containers, Severity Vulnerabilities,...
 
On the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency networkOn the impact of security vulnerabilities in the npm package dependency network
On the impact of security vulnerabilities in the npm package dependency network
 
Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and RubygemsComparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
Comparing semantic versioning practices in Cargo, npm, Packagist and Rubygems
 
P43018691
P43018691P43018691
P43018691
 
Towards an empirical analysis of the maintainability of CRAN packages
Towards an empirical analysis of the maintainability of CRAN packagesTowards an empirical analysis of the maintainability of CRAN packages
Towards an empirical analysis of the maintainability of CRAN packages
 
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency ...
 
Fasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy ManagementFasten Industry Meeting with GitHub about Dependancy Management
Fasten Industry Meeting with GitHub about Dependancy Management
 
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...
Macro Trends, Architecture, and the Hidden Nature of Complexity (and what doe...
 
On Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm PackagesOn Popularity and Quality Metrics of npm Packages
On Popularity and Quality Metrics of npm Packages
 
Bodleian Library's DAMS system
Bodleian Library's DAMS systemBodleian Library's DAMS system
Bodleian Library's DAMS system
 
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...
The Role of Ontologies in Emergent Middleware: Supporting Interoperability in...
 

Mehr von Tom Mens

How to be(come) a successful PhD student
How to be(come) a successful PhD studentHow to be(come) a successful PhD student
How to be(come) a successful PhD studentTom Mens
 
Recognising bot activity in collaborative software development
Recognising bot activity in collaborative software developmentRecognising bot activity in collaborative software development
Recognising bot activity in collaborative software developmentTom Mens
 
A Dataset of Bot and Human Activities in GitHub
A Dataset of Bot and Human Activities in GitHubA Dataset of Bot and Human Activities in GitHub
A Dataset of Bot and Human Activities in GitHubTom Mens
 
The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHub The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHubTom Mens
 
Nurturing the Software Ecosystems of the Future
Nurturing the Software Ecosystems of the FutureNurturing the Software Ecosystems of the Future
Nurturing the Software Ecosystems of the FutureTom Mens
 
Comment programmer un robot en 30 minutes?
Comment programmer un robot en 30 minutes?Comment programmer un robot en 30 minutes?
Comment programmer un robot en 30 minutes?Tom Mens
 
On the rise and fall of CI services in GitHub
On the rise and fall of CI services in GitHubOn the rise and fall of CI services in GitHub
On the rise and fall of CI services in GitHubTom Mens
 
On backporting practices in package dependency networks
On backporting practices in package dependency networksOn backporting practices in package dependency networks
On backporting practices in package dependency networksTom Mens
 
Lost in Zero Space
Lost in Zero SpaceLost in Zero Space
Lost in Zero SpaceTom Mens
 
Evaluating a bot detection model on git commit messages
Evaluating a bot detection model on git commit messagesEvaluating a bot detection model on git commit messages
Evaluating a bot detection model on git commit messagesTom Mens
 
Bot or not? Detecting bots in GitHub pull request activity based on comment s...
Bot or not? Detecting bots in GitHub pull request activity based on comment s...Bot or not? Detecting bots in GitHub pull request activity based on comment s...
Bot or not? Detecting bots in GitHub pull request activity based on comment s...Tom Mens
 
How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...Tom Mens
 
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Tom Mens
 
SecoHealth 2019 Research Achievements
SecoHealth 2019 Research AchievementsSecoHealth 2019 Research Achievements
SecoHealth 2019 Research AchievementsTom Mens
 
SECO-Assist 2019 research seminar
SECO-Assist 2019 research seminarSECO-Assist 2019 research seminar
SECO-Assist 2019 research seminarTom Mens
 
ConPan: Analysing Packages Installed in Docker Containers
ConPan: Analysing Packages Installed in Docker ContainersConPan: Analysing Packages Installed in Docker Containers
ConPan: Analysing Packages Installed in Docker ContainersTom Mens
 
On the diversity of software popularity metrics: An empirical study of npm
On the diversity of software popularity metrics: An empirical study of npmOn the diversity of software popularity metrics: An empirical study of npm
On the diversity of software popularity metrics: An empirical study of npmTom Mens
 
How to increase the technical health of your software?
How to increase the technical health of your software?How to increase the technical health of your software?
How to increase the technical health of your software?Tom Mens
 
"Software Ecosystem Health" lightning talk
"Software Ecosystem Health" lightning talk"Software Ecosystem Health" lightning talk
"Software Ecosystem Health" lightning talkTom Mens
 
On the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkOn the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkTom Mens
 

Mehr von Tom Mens (20)

How to be(come) a successful PhD student
How to be(come) a successful PhD studentHow to be(come) a successful PhD student
How to be(come) a successful PhD student
 
Recognising bot activity in collaborative software development
Recognising bot activity in collaborative software developmentRecognising bot activity in collaborative software development
Recognising bot activity in collaborative software development
 
A Dataset of Bot and Human Activities in GitHub
A Dataset of Bot and Human Activities in GitHubA Dataset of Bot and Human Activities in GitHub
A Dataset of Bot and Human Activities in GitHub
 
The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHub The (r)evolution of CI/CD on GitHub
The (r)evolution of CI/CD on GitHub
 
Nurturing the Software Ecosystems of the Future
Nurturing the Software Ecosystems of the FutureNurturing the Software Ecosystems of the Future
Nurturing the Software Ecosystems of the Future
 
Comment programmer un robot en 30 minutes?
Comment programmer un robot en 30 minutes?Comment programmer un robot en 30 minutes?
Comment programmer un robot en 30 minutes?
 
On the rise and fall of CI services in GitHub
On the rise and fall of CI services in GitHubOn the rise and fall of CI services in GitHub
On the rise and fall of CI services in GitHub
 
On backporting practices in package dependency networks
On backporting practices in package dependency networksOn backporting practices in package dependency networks
On backporting practices in package dependency networks
 
Lost in Zero Space
Lost in Zero SpaceLost in Zero Space
Lost in Zero Space
 
Evaluating a bot detection model on git commit messages
Evaluating a bot detection model on git commit messagesEvaluating a bot detection model on git commit messages
Evaluating a bot detection model on git commit messages
 
Bot or not? Detecting bots in GitHub pull request activity based on comment s...
Bot or not? Detecting bots in GitHub pull request activity based on comment s...Bot or not? Detecting bots in GitHub pull request activity based on comment s...
Bot or not? Detecting bots in GitHub pull request activity based on comment s...
 
How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...How magic is zero? An Empirical Analysis of Initial Development Releases in S...
How magic is zero? An Empirical Analysis of Initial Development Releases in S...
 
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
Measuring Technical Lag in Software Deployments (CHAOSScon 2020)
 
SecoHealth 2019 Research Achievements
SecoHealth 2019 Research AchievementsSecoHealth 2019 Research Achievements
SecoHealth 2019 Research Achievements
 
SECO-Assist 2019 research seminar
SECO-Assist 2019 research seminarSECO-Assist 2019 research seminar
SECO-Assist 2019 research seminar
 
ConPan: Analysing Packages Installed in Docker Containers
ConPan: Analysing Packages Installed in Docker ContainersConPan: Analysing Packages Installed in Docker Containers
ConPan: Analysing Packages Installed in Docker Containers
 
On the diversity of software popularity metrics: An empirical study of npm
On the diversity of software popularity metrics: An empirical study of npmOn the diversity of software popularity metrics: An empirical study of npm
On the diversity of software popularity metrics: An empirical study of npm
 
How to increase the technical health of your software?
How to increase the technical health of your software?How to increase the technical health of your software?
How to increase the technical health of your software?
 
"Software Ecosystem Health" lightning talk
"Software Ecosystem Health" lightning talk"Software Ecosystem Health" lightning talk
"Software Ecosystem Health" lightning talk
 
On the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency networkOn the evolution of technical lag in the npm package dependency network
On the evolution of technical lag in the npm package dependency network
 

Kürzlich hochgeladen

SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICESAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICEayushi9330
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000Sapana Sha
 
Conjugation, transduction and transformation
Conjugation, transduction and transformationConjugation, transduction and transformation
Conjugation, transduction and transformationAreesha Ahmad
 
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...Silpa
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...chandars293
 
300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptxryanrooker
 
module for grade 9 for distance learning
module for grade 9 for distance learningmodule for grade 9 for distance learning
module for grade 9 for distance learninglevieagacer
 
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Silpa
 
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit flypumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit flyPRADYUMMAURYA1
 
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts ServiceJustdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Servicemonikaservice1
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryAlex Henderson
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticssakshisoni2385
 
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxCOST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxFarihaAbdulRasheed
 
The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxseri bangash
 
Sector 62, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Model Escorts | 100% verifiedDelhi Call girls
 
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai YoungDubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Youngkajalvid75
 
Call Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort ServiceCall Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort Serviceshivanisharma5244
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Silpa
 

Kürzlich hochgeladen (20)

SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICESAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
SAMASTIPUR CALL GIRL 7857803690 LOW PRICE ESCORT SERVICE
 
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 60009654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
9654467111 Call Girls In Raj Nagar Delhi Short 1500 Night 6000
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Conjugation, transduction and transformation
Conjugation, transduction and transformationConjugation, transduction and transformation
Conjugation, transduction and transformation
 
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
Locating and isolating a gene, FISH, GISH, Chromosome walking and jumping, te...
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
 
Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .Clean In Place(CIP).pptx .
Clean In Place(CIP).pptx .
 
300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx300003-World Science Day For Peace And Development.pptx
300003-World Science Day For Peace And Development.pptx
 
module for grade 9 for distance learning
module for grade 9 for distance learningmodule for grade 9 for distance learning
module for grade 9 for distance learning
 
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.Molecular markers- RFLP, RAPD, AFLP, SNP etc.
Molecular markers- RFLP, RAPD, AFLP, SNP etc.
 
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit flypumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
 
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts ServiceJustdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
Justdial Call Girls In Indirapuram, Ghaziabad, 8800357707 Escorts Service
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
 
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptxCOST ESTIMATION FOR A RESEARCH PROJECT.pptx
COST ESTIMATION FOR A RESEARCH PROJECT.pptx
 
The Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptxThe Mariana Trench remarkable geological features on Earth.pptx
The Mariana Trench remarkable geological features on Earth.pptx
 
Sector 62, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Model Escorts | 100% verifiedSector 62, Noida Call girls :8448380779 Model Escorts | 100% verified
Sector 62, Noida Call girls :8448380779 Model Escorts | 100% verified
 
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai YoungDubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
Dubai Call Girls Beauty Face Teen O525547819 Call Girls Dubai Young
 
Call Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort ServiceCall Girls Ahmedabad +917728919243 call me Independent Escort Service
Call Girls Ahmedabad +917728919243 call me Independent Escort Service
 
Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.Proteomics: types, protein profiling steps etc.
Proteomics: types, protein profiling steps etc.
 

Towards Laws of Software Ecosystem Evolution: An Empirical Comparison of Seven Software Packaging Ecosystems

  • 1. An Empirical Comparison of Seven Package Dependency Networks NugetnpmCargo CRAN CPAN Packagist RubyGems Towards Laws of Software Ecosystem Evolution
  • 2. An Empirical Comparison of Seven Package Dependency Networks Towards Laws of Software Ecosystem Evolution Tom Mens and Alexandre Decan COMPLEXYS Research Institute University of Mons, Belgium
  • 3. Software Ecosystems Large and coherent collections of software components that are maintained by large and geographically distributed online communities.
  • 4. Software Packaging Ecosystems Collections of software packages distributed by package managers
  • 5. Software Packaging Ecosystems Collections of software packages distributed by package managers
  • 6. Package Dependency Networks Extracted using open source discovery service http://libraries.io (CC BY-SA 4.0) Name Age Language Packages Dependencies Cargo 2014 Rust 9k 150k CPAN 1995 Perl 34k 1,078k CRAN 1997 R 12k 164k npm 2010 JavaScript 462k 1,369k NuGet 2010 .NET 84k 1,665k Packagist 2012 PHP 97k 1,863k RubyGems 2004 Ruby 132k 1,894k
  • 7. Laws of Software Evolution Empirically observed by M. Lehman for large proprietary software systems Continuing Growth Continuing Change Increasing Complexity [ … ] Do they also hold for software ecosystems? Lehman M.M. and Belady L.A., 1985. Software Evolution – Processes of Software Change. Free download from http://informatique.umons.ac.be/genlog/BeladyLehman1985-ProgramEvolution.pdf
  • 8. Evolution of number of packages Continuing Growth
  • 9. Evolution of number of dependencies Continuing Growth
  • 10. Evolution of number of package updates per month Continuing Change Fastest growth for npm, NuGet, Packagist
  • 11. Package releases get updated often Survival probability of a package release Continuing Change Probability > 50% for a package release to be updated within 2 months. For CRAN : within 6 months.
  • 12. Younger packages get updated more often … Continuing Change Over 50% of updates are for packages ... up to 6 months old up to 6 months old up to 3 months old Over 2 years oldOver 2 years old … except for older ecosystems
  • 13. Complexity caused by – high proportion of dependent packages Ecosystem Complexity I had one case where my package heavily depended on another package and after a while that package was removed from CRAN and stopped being maintained. So I had to remove one of the main features of my package. Now I try to minimize dependencies on packages that are not maintained by ‘established’ maintainers or by me.
  • 14. Complexity caused by – high proportion of dependent packages Ecosystem Complexity
  • 15. Most of the complexity is hidden … Ecosystem Complexity
  • 16. Most of the complexity is hidden … … in the transitive dependencies Ecosystem Complexity
  • 17. Complexity increases over time for some ecosystems (npm, nuget, cargo) Evolution of ratio between number of transitive and number of direct dependencies Increasing Complexity
  • 18. Most of the complexity is deeply hidden … … in the transitive dependencies Proportion of top-level packages by depth of dependency tree Over 50% of top-level packages have deep dependency tree. Ecosystem Complexity
  • 19. Impact of transitive dependencies March 2016 Unexpected removal of left-pad caused > 2% of all packages to break (> 5,400 packages) Ecosystem Complexity This impacted many thousands of projects. [...] We began observing hundreds of failures per minute, as dependent projects – and their dependents, and their dependents... – all failed when requesting the now-unpublished package.”
  • 20. Impact of transitive dependencies March 2016 Unexpected removal of left-pad caused > 2% of all packages to break (> 5,400 packages) RubyGems, November 2010 Release 0.5.0 of i18n broke dependent package ActiveRecord, transitively required by >5% of all packages (930) Ecosystem Complexity
  • 21. Impact of transitive dependencies • P-Impact Index = number of packages that are transitively required by at least P% of all packages. Evolution of 5-Impact Index Increasing Complexity
  • 22. Summary Observed evidence of evolution “laws” of software (packaging) ecosystems Increasing growth Continuing change Increasing complexity (How) could we find evidence for other laws?
  • 23. Complex Networks Emergent properties have been observed in complex networks – Small-world phenomenon – Power-law behaviour (unequal, skewed, distributions) – … Do they also hold for package dependency networks?
  • 24. Low proportion of required packages Unequally Distributed Connectivity
  • 25. • Low proportion of required packages concentrates high proportion of reverse deps – From 6% to 17% of required packages concentrate over 80% of all reverse dependencies. • High proportion of package updates is concentrated in a minority of packages. Power Law Behaviour Skewed Distributions Emergent property of complex networks?
  • 26. Skewed distributions of in- and out-degree in package dependency graph • Few packages with many dependents (resp. dependencies) • Many packages with very few dependencies (resp. dependents) Power Law Behaviour Skewed Distributions
  • 27. Summary Observed evidence of complex network behavior (power laws) Unequal distribution of package dependencies Unequal distribution of package updates Other emerging properties from complex networks?
  • 28. Open Questions Many observed similarities across ecosystems … … but also some differences To which extent does the ecosystem policy influence its evolution? Many tools help in supporting package maintainers • DependencyCI, Gemnasium, … • How should they be improved? – E.g. to deal with transitive deps, co-installability issues, …
  • 29. References • A Decan, T Mens, P Grosjean. An empirical comparison of package dependency networks in seven software ecosystems. SUBMITTED • E Constantinou, T Mens. Socio-technical evolution of the Ruby ecosystem in GitHub. SANER 2017 • A Decan, T Mens, M Claes. An empirical comparison of dependency issues in OSS packaging ecosystems. SANER 2017 • E Constantinou, T Mens. Social and technical evolution of software ecosystems: A case study of Rails. WEA 2016 • A Decan, T Mens, M Claes. On the topology of package dependency networks: A comparison of programming language ecosystems. WEA 2016

Hinweis der Redaktion

  1. Logarithmic y-axis
  2. Number of dependencies considering the latest release of each pacakge only.
  3. Logarithmic y-axis
  4. Non-required packages = straight line Required packages = dashed line
  5. Proportion of updates in 2016 by package age
  6. Inspired by h-index Measures the propensity for an ecosystem to change, taking into account the amplitude (number of packages) and the importance (number of package updates).
  7. Pour left-pad, j'ai pris le 1er mars 2016 comme référence. Left-pad avait alors 5407 paquets dépendants, sur 255844 au total (soit 2.11%). Pour i18n, j'ai pris la date de release de la 0.5.0, soit le 28 novembre 2010. A ce moment, il y avait 1435 paquets qui en dépendaient, sur 17869, soit 8.03%. Le paquet activerecord est celui qui a "cassé" suite au changement dans i18n (je n'ai aucune preuve que d'autres paquets ont cassé, ou pas !). ActiveRecord avait alors 930 paquets dépendants, soit 5.2% de l'écosystème.
  8. Pour left-pad, j'ai pris le 1er mars 2016 comme référence. Left-pad avait alors 5407 paquets dépendants, sur 255844 au total (soit 2.11%). Pour i18n, j'ai pris la date de release de la 0.5.0, soit le 28 novembre 2010. A ce moment, il y avait 1435 paquets qui en dépendaient, sur 17869, soit 8.03%. Le paquet activerecord est celui qui a "cassé" suite au changement dans i18n (je n'ai aucune preuve que d'autres paquets ont cassé, ou pas !). ActiveRecord avait alors 930 paquets dépendants, soit 5.2% de l'écosystème.
  9. Emergence: process whereby larger entities, patterns, and regularities arise through interactions among smaller or simpler entities that themselves do not exhibit such properties. “Network thinking is providing novel ways to think about difficult problems such as how to do efficient search on the Web, […] how to manage large organisations, how to preserve ecosystems, […] and, more generally, what kind of resilience and vulnerabilities are intrinsic to natural, social, and technological networks, and how to exploit and protect such systems.”. Melanie Mitchell: Complexity: A Guided Tour.
  10. The concept of a small world was originally observed in the late 1960’s by the social psychologist Stanley Milgram. - S. Milgram, “The Small World Problem,” Psychology Today, 2, 1967 pp. 60–67. J. Travers and S. Milgram, “An Experimental Study of the Small World Problem,” Sociometry, 32(4), 1969 pp. 425–443. The clustering can me measured by the presence of a high clustering coefficient
  11. Connected packages = packages having at least 1 dependent (incoming dependency) or dependency (outgoing dependency) Weakly connected component = subgraph in which each vertex is conntected to every other vertex by an undirected edge path.
  12. Connected packages = packages having at least 1 dependent (incoming dependency) or dependency (outgoing dependency) Weakly connected component = subgraph in which each vertex is connected to every other vertex by an undirected edge path. Lorenz curve computed on January 2017.
  13. Connected packages = packages having at least 1 dependent (incoming dependency) or dependency (outgoing dependency) Weakly connected component = subgraph in which each vertex is connected to every other vertex by an undirected edge path. Lorenz curve computed on January 2017.