Lost in Zero Space – An Empirical Comparison of 0.y.z Releases in Software Package Distributions

01/04/2021
by   Alexandre Decan, et al.
0

Distributions of open source software packages dedicated to specific programming languages facilitate software development by allowing software projects to depend on the functionality provided by such reusable packages. The health of a software project can be affected by the maturity of the packages on which it depends. The version numbers of the used package releases provide an indication of their maturity. Packages with a 0.y.z version number are commonly assumed to be under initial development, suggesting that they are likely to be less stable, and depending on them may be considered as less healthy. In this paper, we empirically study, for four open source package distributions (Cargo, npm, Packagist and RubyGems) to which extent 0.y.z package releases and >=1.0.0 package releases behave differently. We quantify the prevalence of 0.y.z releases, we explore how long packages remain in the initial development stage, we compare the update frequency of 0.y.z and >=1.0.0 package releases, we study how often 0.y.z releases are required by other packages, we assess whether semantic versioning is respected for dependencies towards them, and we compare some characteristics of 0.y.z and >=1.0.0 package repositories hosted on GitHub. Among others, we observe that package distributions are more permissive than what semantic versioning dictates for 0.y.z releases, and that many of the 0.y.z releases can actually be regarded as mature packages. As a consequence, the version number does not provide a good indication of the maturity of a package release.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
06/12/2021

On the Impact of Security Vulnerabilities in the npm and RubyGems Dependency Networks

The increasing interest in open source software has led to the emergence...
research
08/28/2023

Accelerating package expansion in Rust through development of a semantic versioning tool

In many programming languages there exist countless nuances, making deve...
research
02/10/2009

Package upgrades in FOSS distributions: details and challenges

The upgrade problems faced by Free and Open Source Software distribution...
research
07/31/2020

On Package Freshness in Linux Distributions

The open-source Linux operating system is available through a wide varie...
research
12/13/2021

Open or Sneaky? Fast or Slow? Light or Heavy?: Investigating Security Releases of Open Source Packages

Vulnerabilities in open source packages can be a security risk for the c...
research
01/14/2019

On the Diversity of Software Package Popularity Metrics: An Empirical Study of npm

Software systems often leverage on open source software libraries to reu...
research
09/20/2019

Equivalence Checking of Non-deterministic Operations

Checking the semantic equivalence of operations is an important task in ...

Please sign up or login with your details

Forgot password? Click here to reset