Analysis of dependency graphs of third party libraries in different package managers
Kuupäev
2022
Autorid
Ajakirja pealkiri
Ajakirja ISSN
Köite pealkiri
Kirjastaja
Tartu Ülikool
Abstrakt
Code development can be a complicated and lengthy process. One option to speed up
development is to use third party packages. Third party libraries are generally managed with
a package manager. Considering that libraries can use other libraries to build their own
functionalities, then the dependency graphs for third party libraries can get extensive.
Mistakes or security issues in one library can also affect other libraries in which it is used.
Package managers have already been analysed from many different perspectives. One
popular dataset is the libraries.io dataset. Previous research using the 2017 libraries.io dataset
concluded that package manager ecosystems grow either linearly or exponentially.
The goal of this thesis is to use the newer 2020 version of the libraries.io dataset to analyse
growth trends in the number of libraries, versions and dependencies for each package
manager. The results are then compared with previous research. It was discovered that not all
package managers showed growing trends. Of the selected package managers, three were
slowing down istead. In one case this trend was due to incorrect data. Additionally,
experiences and potential problems with using the popular libraries.io dataset are described.
Kirjeldus
Märksõnad
Dependency networks, package managers, libraries.io