Dependency Update Adoption Patterns in the Maven Software Ecosystem
By: Baltasar Berretta, Augustus Thomas, Heather Guarnera
Potential Business Impact:
Helps software stay safe from bugs.
Regular dependency updates protect dependent software components from upstream bugs, security vulnerabilities, and poor code quality. Measures of dependency updates across software ecosystems involve two key dimensions: the time span during which a release is being newly adopted (adoption lifespan) and the extent of adoption across the ecosystem (adoption reach). We examine correlations between adoption patterns in the Maven software ecosystem and two factors: the magnitude of code modifications (extent of modifications affecting the meaning or behavior of the code, henceforth called ``semantic change") in an upstream dependency and the relative maintenance rate of upstream packages. Using the Goblin Weaver framework, we find adoption latency in the Maven ecosystem follows a log-normal distribution while adoption reach exhibits an exponential decay distribution.
Similar Papers
Structural and Connectivity Patterns in the Maven Central Software Dependency Network
Software Engineering
Finds key parts of software that can break everything.
The Ripple Effect of Vulnerabilities in Maven Central: Prevalence, Propagation, and Mitigation Challenges
Software Engineering
Fixes hidden computer code problems in apps.
Dependency Dilemmas: A Comparative Study of Independent and Dependent Artifacts in Maven Central Ecosystem
Software Engineering
Finds hidden gems that make code safer.