December 21, 2022
Network analysis to identify open-source software libraries about to become dormant
Researchers from Japan have used socio-technical techniques to measure the congruence between the network of contributors to open-source programming libraries and the dependencies of that library within the ecosystem. This work suggests that the level of matching between the network of contributors and networks of dependencies could be used as an indicator of libraries at risk of becoming inactive.
The modern computer programs that run your favorite apps or websites can be extremely large, often measured in millions of lines of code. This is obviously much more complex than can be handled by any one individual. Most programming languages therefore rely on specialized modules called third-party libraries to accomplish specific tasks. These libraries are often open-source and freely available to anyone who wants to download and use them.
Sustained contributions are crucial, because the dependencies of any one library on others must be constantly updated in response to changes. However, maintainers of these libraries are often overworked and often contribute as unpaid volunteers.
Now, a team of researchers at Nara Institute of Science and Technology (NAIST) studied these networks by defining a metric called "dependency-contribution congruence" (DC congruence), which measures how closely the network of library dependencies matches the network of contributor changes. The congruence metric is largest when the same contributor makes changes to both a library and its dependents.
"Peaks in our generated metrics correlate with important ecosystem events," says senior author Kenichi Matsumoto.
This research may help keep software running and identify fragile points in the dependency network, and may ultimately encourage dependency contributions that support the maintenance of interdependent third-party libraries used in software development.
The study is published in the journal IEEE Transactions on Software Engineering.
More information: Supatsara Wattanakriengkrai et al, Giving Back: Contributions Congruent to Library Dependency Changes in a Software Ecosystem, IEEE Transactions on Software Engineering (2022). DOI: 10.1109/TSE.2022.3225197