skip to main content
10.1145/3106237.3121278acmconferencesArticle/Chapter ViewAbstractPublication PagesfseConference Proceedingsconference-collections
short-paper

Reasons and drawbacks of using trivial npm packages: the developers' perspective

Published:21 August 2017Publication History

ABSTRACT

Code reuse is traditionally seen as good practice. Recent trends have pushed the idea of code reuse to an extreme, by using packages that implement simple and trivial tasks, which we call ‘trivial packages’. A recent incident where a trivial package led to the breakdown of some of the most popular web applications such as Facebook and Netflix, put the spotlight on whether using trivial packages should be encouraged. Therefore, in this research, we mine more than 230,000 npm packages and 38,000 JavaScript projects in order to study the prevalence of trivial packages. We found that trivial packages are common, making up 16.8% of the studied npm packages. We performed a survey with 88 Node.js developers who use trivial packages to understand the reasons for and drawbacks of their use. We found that trivial packages are used because they are perceived to be well-implemented and tested pieces of code. However, developers are concerned about maintaining and the risks of breakages due to the extra dependencies trivial packages introduce.

References

  1. Rabe Abdalkareem, Olivier Nourry, Sultan Wehaibi, Suhaib Mujahid, and Emad Shihab. 2017. Why Do Developers Use Trivial Packages? An Empirical Case Study on npm. In Proceedings of the 11th Joint Meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE’17). ACM. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. Rabe Abdalkareem, Emad Shihab, and Juergen Rilling. 2017. On Code Reuse from StackOverflow: An exploratory study on Android apps. Information and Software Technology 88 (2017), 148–158. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. Victor R. Basili, Lionel C. Briand, and Walcélio L. Melo. 1996. How Reuse Influences Productivity in Object-oriented Systems. Commun. ACM 39, 10 (October 1996), 104–116. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. Gabriele Bavota, Gerardo Canfora, Massimiliano Di Penta, Rocco Oliveto, and Sebastiano Panichella. 2013. The Evolution of Project Inter-dependencies in a Software Ecosystem: The Case of Apache. In Proceedings of the 2013 IEEE International Conference on Software Maintenance (ICSM ’13). IEEE Computer Society, 280–289. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. Remco Bloemen, Chintan Amrit, Stefan Kuhlmann, and Gonzalo Ordóñez Matamoros. 2014. Gentoo Package Dependencies over Time. In Proceedings of the 11th Working Conference on Mining Software Repositories (MSR ’14). ACM, 404–407. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. Christopher Bogart, Christian Kästner, James Herbsleb, and Ferdian Thung. 2016. How to Break an API: Cost Negotiation and Community Values in Three Software Ecosystems. In Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE ’16). ACM, 109–120. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. Alexandre Decan, Tom Mens, and Maelick Claes. 2016. On the Topology of Package Dependency Networks: A Comparison of Three Programming Language Ecosystems. In Proccedings of the 10th European Conference on Software Architecture Workshops (ECSAW ’16). ACM, Article 21, 4 pages. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Alexandre Decan, Tom Mens, and Maëlick Claes. 2017. An Empirical Comparison of Dependency Issues in OSS Packaging Ecosystems. In Proccedings of the 24th International Conference on Software Analysis, Evolution, and Reengineering (SANER ’17). IEEE.Google ScholarGoogle ScholarCross RefCross Ref
  9. Alexandre Decan, Tom Mens, Philippe Grosjean, and others. 2016. When GitHub Meets CRAN: An Analysis of Inter-Repository Package Dependency Problems. In Proceedings of the 23rd IEEE International Conference on Software Analysis, Evolution, and Reengineering (SANER ’16), Vol. 1. IEEE, 493–504.Google ScholarGoogle ScholarCross RefCross Ref
  10. Roberto Di Cosmo, Davide Di Ruscio, Patrizio Pelliccione, Alfonso Pierantonio, and Stefano Zacchiroli. 2011. Supporting software evolution in component-based FOSS systems. Science of Computer Programming 76, 12 (2011), 1144–1160. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Mehdi Dogguy, Stephane Glondu, Sylvain Le Gall, and Stefano Zacchiroli. 2011. Enforcing Type-Safe Linking using Inter-Package Relationships. Studia Informatica Universalis. 9, 1 (2011), 129–157.Google ScholarGoogle Scholar
  12. David Haney. 2016. NPM & left-pad: Have We Forgotten How To Program? http: //www.haneycodes.net/npm-left-pad-have-we-forgotten-how-to-program/. (March 2016). (accessed on 08/10/2016).Google ScholarGoogle Scholar
  13. Hemanth.HM. 2015. One-line node modules -Issue#10sindresorhus/ama. https: //github.com/sindresorhus/ama/issues/10. (2015). (accessed on 08/10/2016).Google ScholarGoogle Scholar
  14. Katsuro Inoue, Yusuke Sasaki, Pei Xia, and Yuki Manabe. 2012. Where Does This Code Come from and Where Does It Go? - Integrated Code History Tracker for Open Source Systems -. In Proceedings of the 34th International Conference on Software Engineering (ICSE ’12). IEEE Press, 331–341. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. Wayne C. Lim. 1994. Effects of Reuse on Quality, Productivity, and Economics. IEEE Software 11, 5 (1994), 23–30. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Fiona Macdonald. 2016. A programmer almost broke the Internet last week by deleting 11 lines of code. &+#http://www.sciencealert.com/how-a-programmeralmost-broke-the-internet-by-deleting-11-lines-of-code. (March 2016). (accessed on 08/24/2016).Google ScholarGoogle Scholar
  17. Konstantinos Manikas. 2016. Revisiting software ecosystems research: a longitudinal literature study. Journal of Systems and Software 117 (2016), 84–103. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. Stephen McCamant and Michael D. Ernst. 2003. Predicting Problems Caused by Component Upgrades. In Proceedings of the 9th European Software Engineering Conference Held Jointly with 11th ACM SIGSOFT International Symposium on Foundations of Software Engineering (ESEC/FSE ’03). ACM, 287–296. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. Audris Mockus. 2007. Large-Scale Code Reuse in Open Source Software. In Proceedings of the First International Workshop on Emerging Trends in FLOSS Research and Development (FLOSS ’07). IEEE Computer Society, 7–. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. Parastoo Mohagheghi, Reidar Conradi, Ole M. Killi, and Henrik Schwarz. 2004. An Empirical Study of Software Reuse vs. Defect-Density and Stability. In Proceedings of the 26th International Conference on Software Engineering (ICSE ’04). IEEE Computer Society, 282–292. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. npm. 2016. What is npm? | Node Package Managment Documentation. https: //docs.npmjs.com/getting-started/what-is-npm. (July 2016). (accessed on 08/14/2016).Google ScholarGoogle Scholar
  22. The npm Blog. 2016. The npm Blog changes to npm’s unpublish policy. http:// blog.npmjs.org/post/141905368000/changes-to--unpublish-policy. (March 2016). (accessed on 08/11/2016).Google ScholarGoogle Scholar
  23. Heikki Orsila, Jaco Geldenhuys, Anna Ruokonen, and Imed Hammouda. 2008. Update propagation practices in highly reusable open source components. In Proceedings of the 4th IFIP WG 2.13 International Conference on Open Source Systems (OSS ’08). 159–170.Google ScholarGoogle ScholarCross RefCross Ref
  24. Brian Rinaldi, TJ VanToll, and Cody Lindley. 2016. Is left-pad Indicative of a Fragile JavaScript Ecosystem? http://developer.telerik.com/featured/ left-pad-indicative-fragile-javascript-ecosystem/. (March 2016). (accessed on 08/24/2016).Google ScholarGoogle Scholar
  25. Manuel Sojer and Joachim Henkel. 2010. Code Reuse in Open Source Software Development: Quantitative Evidence, Drivers, and Impediments. Journal of the Association for Information Systems 11, 12 (2010), 868–901.Google ScholarGoogle ScholarCross RefCross Ref
  26. Chris Williams. 2016. How one developer just broke Node, Babel and thousands of projects in 11 lines of JavaScript. http://www.theregister.co.uk/2016/03/23/ npm_left_pad_chaos. (March 2016). (accessed on 08/24/2016).Google ScholarGoogle Scholar
  27. Erik Wittern, Philippe Suter, and Shriram Rajagopalan. 2016. A Look at the Dynamics of the JavaScript Package Ecosystem. In Proceedings of the 13th International Conference on Mining Software Repositories (MSR ’16). ACM, 351–361. Abstract 1 Introduction 2 Methodology 3 Results 3.1 How Prevalent are Trivial Packages? 3.2 Reasons of Using Trivial Packages 3.3 Drawbacks of Using Trivial Packages 4 Related Work 5 Conclusion References Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Reasons and drawbacks of using trivial npm packages: the developers' perspective

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in
      • Published in

        cover image ACM Conferences
        ESEC/FSE 2017: Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering
        August 2017
        1073 pages
        ISBN:9781450351058
        DOI:10.1145/3106237

        Copyright © 2017 ACM

        Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

        Publisher

        Association for Computing Machinery

        New York, NY, United States

        Publication History

        • Published: 21 August 2017

        Permissions

        Request permissions about this article.

        Request Permissions

        Check for updates

        Qualifiers

        • short-paper

        Acceptance Rates

        Overall Acceptance Rate112of543submissions,21%

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader