Article

When It Breaks, It Breaks: How Ecosystem Developers Reason about the Stability of Dependencies

Authors:

ASEW '15: Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)

Pages 86 - 89

https://doi.org/10.1109/ASEW.2015.21

Published: 09 November 2015 Publication History

Abstract

Dependencies among software projects and libraries are an indicator of the often implicit collaboration among many developers in software ecosystems. Negotiating change can be tricky: changes to one module may cause ripple effects to many other modules that depend on it, yet insisting on only backward-compatible changes may incur significant opportunity cost and stifle change. We argue that awareness mechanisms based on various notions of stability can enable developers to make decisions that are independent yet wise and provide stewardship rather than disruption to the ecosystem. In ongoing interviews with developers in two software ecosystems (CRAN and Node.js), we are finding that developers in fact struggle with change, that they often use adhoc mechanisms to negotiate change, and that existing awareness mechanisms like Github notification feeds are rarely used due to information overload. We study the state of the art and current information needs and outline a vision toward a change-based awareness system.

Cited By

View all

Paulin A(2024)Measuring Impact on Confidence in Institutions by their Use of Software ComponentsProceedings of the Central and Eastern European eDem and eGov Days 202410.1145/3670243.3670249(119-124)Online publication date: 12-Sep-2024
https://dl.acm.org/doi/10.1145/3670243.3670249
Bifolco DNocera SRomano SDi Penta MFrancese RScanniello G(2024)On the Accuracy of GitHub's Dependency GraphProceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering10.1145/3661167.3661175(242-251)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3661167.3661175
Weeraddana NAlfadel MMcIntosh S(2024)Dependency-Induced Waste in Continuous Integration: An Empirical Study of Unused Dependencies in the npm EcosystemProceedings of the ACM on Software Engineering10.1145/36608231:FSE(2632-2655)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660823
Show More Cited By

Recommendations

Java without the coffee breaks: a nonintrusive multiprocessor garbage collector
PLDI '01: Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation

The deployment of Java as a concurrent programming language has created a critical need for high-performance, concurrent, and incremental multiprocessor garbage collection. We present the Recycler, a fully concurrent pure reference counting garbage ...
Java without the coffee breaks: a nonintrusive multiprocessor garbage collector

The deployment of Java as a concurrent programming language has created a critical need for high-performance, concurrent, and incremental multiprocessor garbage collection. We present the Recycler, a fully concurrent pure reference counting garbage ...
Preventing Spam Email by Delivery Limitation in RMX
IDEAS '15: Proceedings of the 19th International Database Engineering & Applications Symposium

On the rule-based email exchange system called RMX, similar to general mailing lists, anyone can send emails by sending to an address unique to RMX. However, there is a security problem that we cannot prevent spam emails and accidentally sending email ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ASEW '15: Proceedings of the 2015 30th IEEE/ACM International Conference on Automated Software Engineering Workshop (ASEW)

November 2015

124 pages

ISBN:9781467397759

Publisher

IEEE Computer Society

United States

Publication History

Published: 09 November 2015

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Paulin A(2024)Measuring Impact on Confidence in Institutions by their Use of Software ComponentsProceedings of the Central and Eastern European eDem and eGov Days 202410.1145/3670243.3670249(119-124)Online publication date: 12-Sep-2024
https://dl.acm.org/doi/10.1145/3670243.3670249
Bifolco DNocera SRomano SDi Penta MFrancese RScanniello G(2024)On the Accuracy of GitHub's Dependency GraphProceedings of the 28th International Conference on Evaluation and Assessment in Software Engineering10.1145/3661167.3661175(242-251)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3661167.3661175
Weeraddana NAlfadel MMcIntosh S(2024)Dependency-Induced Waste in Continuous Integration: An Empirical Study of Unused Dependencies in the npm EcosystemProceedings of the ACM on Software Engineering10.1145/36608231:FSE(2632-2655)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660823
Cheng KDavis MZhang XZhou SOlechowski A(2023)In the Age of Collaboration, the Computer-Aided Design Ecosystem is Behind: An Interview Study of Distributed CAD PracticeProceedings of the ACM on Human-Computer Interaction10.1145/35796137:CSCW1(1-29)Online publication date: 16-Apr-2023
https://dl.acm.org/doi/10.1145/3579613
Venturini DCogo FPolato IGerosa MWiese I(2023)I Depended on You and You Broke Me: An Empirical Study of Manifesting Breaking Changes in Client PackagesACM Transactions on Software Engineering and Methodology10.1145/357603732:4(1-26)Online publication date: 26-May-2023
https://dl.acm.org/doi/10.1145/3576037
Alfadel MCosta DShihab EAdams B(2023)On the Discoverability of npm Vulnerabilities in Node.js ProjectsACM Transactions on Software Engineering and Methodology10.1145/357184832:4(1-27)Online publication date: 26-May-2023
https://dl.acm.org/doi/10.1145/3571848
Rombaut BCogo FAdams BHassan A(2023)There’s no Such Thing as a Free Lunch: Lessons Learned from Exploring the Overhead Introduced by the Greenkeeper Dependency Bot in NpmACM Transactions on Software Engineering and Methodology10.1145/352258732:1(1-40)Online publication date: 13-Feb-2023
https://dl.acm.org/doi/10.1145/3522587
Dann AHermann BBodden EGrundy JPollock LPenta M(2023)UpCy: Safely Updating Outdated DependenciesProceedings of the 45th International Conference on Software Engineering10.1109/ICSE48619.2023.00031(233-244)Online publication date: 14-May-2023
https://dl.acm.org/doi/10.1109/ICSE48619.2023.00031
Xu MWang YCheung SYu HZhu Z(2022)Insight: Exploring Cross-Ecosystem Vulnerability ImpactsProceedings of the 37th IEEE/ACM International Conference on Automated Software Engineering10.1145/3551349.3556921(1-13)Online publication date: 10-Oct-2022
https://dl.acm.org/doi/10.1145/3551349.3556921
Tan XGao KZhou MZhang LDwyer MDamian DZeller A(2022)An exploratory study of deep learning supply chainProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510199(86-98)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510199
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Recommendations

Java without the coffee breaks: a nonintrusive multiprocessor garbage collector

Java without the coffee breaks: a nonintrusive multiprocessor garbage collector

Preventing Spam Email by Delivery Limitation in RMX

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations