research-article

Dependency Smells in JavaScript Projects

Authors:

Nikolaos TsantalisAuthors Info & Claims

IEEE Transactions on Software Engineering, Volume 48, Issue 10

Pages 3790 - 3807

https://doi.org/10.1109/TSE.2021.3106247

Published: 01 October 2022 Publication History

Abstract

Dependency management in modern software development poses many challenges for developers who wish to stay up to date with the latest features and fixes whilst ensuring backwards compatibility. Project maintainers have opted for varied, and sometimes conflicting, approaches for maintaining their dependencies. Opting for unsuitable approaches can introduce bugs and vulnerabilities into the project, introduce breaking changes, cause extraneous installations, and reduce dependency understandability, making it harder for others to contribute effectively. In this paper, we empirically examine evidence of recurring dependency management issues (dependency smells). We look at the commit data for a dataset of 1,146 active JavaScript repositories to catalog, quantify and understand dependency smells. Through a series of surveys with practitioners, we identify and quantify seven dependency smells with varying degrees of popularity and investigate why they are introduced throughout project history. Our findings indicate that dependency smells are prevalent in JavaScript projects with two or more distinct smells appearing in 80 percent of the projects, but they generally infect a minority of a project’s dependencies. Our observations show that the number of dependency smells tend to increase over time. Practitioners agree that dependency smells bring about many problems including security threats, bugs, dependency breakage, runtime errors, and other maintenance issues. These smells are generally introduced as developers react to dependency misbehaviour and the shortcomings of the <italic>npm</italic> ecosystem.

Cited By

View all

Yadav AUsman MSati AJain S(2024)Revolutionizing Software Development: Enhancing Quality and Performance Through Code RefactoringProceedings of the 2024 Sixteenth International Conference on Contemporary Computing10.1145/3675888.3676139(715-725)Online publication date: 8-Aug-2024
https://dl.acm.org/doi/10.1145/3675888.3676139
Weeraddana NAlfadel MMcIntosh S(2024)Dependency-Induced Waste in Continuous Integration: An Empirical Study of Unused Dependencies in the npm EcosystemProceedings of the ACM on Software Engineering10.1145/36608231:FSE(2632-2655)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660823
Drosos GSotiropoulos TSpinellis DMitropoulos D(2024)Bloat beneath Python’s Scales: A Fine-Grained Inter-Project Dependency AnalysisProceedings of the ACM on Software Engineering10.1145/36608211:FSE(2584-2607)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660821
Show More Cited By

Index Terms

Dependency Smells in JavaScript Projects
1. Social and professional topics
  1. Professional topics
    1. Management of computing and information systems
      1. Software management
2. Software and its engineering
  1. Software creation and management
    1. Software post-development issues
  2. Software notations and tools
    1. General programming languages
    2. Software configuration management and version control systems

Index terms have been assigned to the content through auto-classification.

Recommendations

Towards Better Dependency Management: A First Look at Dependency Smells in Python Projects
Managing cross-project dependencies is tricky in modern software development. A primary way to manage dependencies is using dependency configuration files, which brings convenience to the entire software ecosystem, including developers, maintainers, and ...
A large-scale empirical study of code smells in JavaScript projects
Abstract
JavaScript is a powerful scripting programming language that has gained a lot of attention this past decade. Initially used exclusively for client-side web development, it has evolved to become one of the most popular programming languages, with ...
Are architectural smells independent from code smells? An empirical study
Highlights
- Case study analyzing the correlations among code smells, groups of code smells and architectural smells.
Abstract
Background. Architectural smells and code smells are symptoms of bad code or design that can cause different quality problems, such as faults, technical debt, or difficulties with maintenance and evolution. Some studies ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image IEEE Transactions on Software Engineering

IEEE Transactions on Software Engineering Volume 48, Issue 10

Oct. 2022

513 pages

ISSN:0098-5589

Issue’s Table of Contents

Publisher

IEEE Press

Publication History

Published: 01 October 2022

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Yadav AUsman MSati AJain S(2024)Revolutionizing Software Development: Enhancing Quality and Performance Through Code RefactoringProceedings of the 2024 Sixteenth International Conference on Contemporary Computing10.1145/3675888.3676139(715-725)Online publication date: 8-Aug-2024
https://dl.acm.org/doi/10.1145/3675888.3676139
Weeraddana NAlfadel MMcIntosh S(2024)Dependency-Induced Waste in Continuous Integration: An Empirical Study of Unused Dependencies in the npm EcosystemProceedings of the ACM on Software Engineering10.1145/36608231:FSE(2632-2655)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660823
Drosos GSotiropoulos TSpinellis DMitropoulos D(2024)Bloat beneath Python’s Scales: A Fine-Grained Inter-Project Dependency AnalysisProceedings of the ACM on Software Engineering10.1145/36608211:FSE(2584-2607)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3660821
Raj RCosta DSpinellis DConstantinou EBacchelli A(2024)The role of library versions in Developer-ChatGPT conversationsProceedings of the 21st International Conference on Mining Software Repositories10.1145/3643991.3645075(172-176)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1145/3643991.3645075
Groot TOchoa Venegas LLazăr BKrüger JRoychoudhury APaiva AAbreu RStorey MAniche MNagappan N(2024)A Catalog of Unintended Software Dependencies in Multi-Lingual Systems at ASMLProceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice10.1145/3639477.3639725(240-251)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639477.3639725
Na YWoo SLee JLee HRoychoudhury APaiva AAbreu RStorey M(2024)CNEPS: A Precise Approach for Examining Dependencies among Third-Party C/C++ Open-Source ComponentsProceedings of the IEEE/ACM 46th International Conference on Software Engineering10.1145/3597503.3639209(1-12)Online publication date: 20-May-2024
https://dl.acm.org/doi/10.1145/3597503.3639209
Huang KChen BWu SCao JMa LPeng XChandra SBlincoe KTonella P(2023)Demystifying Dependency Bugs in Deep Learning StackProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616325(450-462)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616325
Wang HLiu SZhang LXu CChandra SBlincoe KTonella P(2023)Automatically Resolving Dependency-Conflict Building Failures via Behavior-Consistent Loosening of Library Version ConstraintsProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616264(198-210)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616264
Javan Jafari ACosta DShihab EAbdalkareem R(2023)Dependency Update Strategies and Package CharacteristicsACM Transactions on Software Engineering and Methodology10.1145/360311032:6(1-29)Online publication date: 29-Sep-2023
https://dl.acm.org/doi/10.1145/3603110
Soto-Valero CTiwari DToady TBaudry B(2023)Automatic Specialization of Third-Party Java DependenciesIEEE Transactions on Software Engineering10.1109/TSE.2023.332495049:11(5027-5045)Online publication date: 1-Nov-2023
https://dl.acm.org/doi/10.1109/TSE.2023.3324950
Show More Cited By

View Options

View options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

Cited By

Index Terms

Recommendations

Towards Better Dependency Management: A First Look at Dependency Smells in Python Projects

A large-scale empirical study of code smells in JavaScript projects

Are architectural smells independent from code smells? An empirical study

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations