Patterns of Effort Contribution and Demand and User Classification based on Participation Patterns in NPM Ecosystem

by   Tapajit Dey, et al.

Background: Open source requires participation of volunteer and commercial developers (users) in order to deliver functional high-quality components. Developers both contribute effort in the form of patches and demand effort from the component maintainers to resolve issues reported against it. Aim: Identify and characterize patterns of effort contribution and demand throughout the open source supply chain and investigate if and how these patterns vary with developer activity; identify different groups of developers; and predict developers' company affiliation based on their participation patterns. Method: 1,376,946 issues and pull-requests created for 4433 NPM packages with over 10,000 monthly downloads and full (public) commit activity data of the 272,142 issue creators is obtained and analyzed and dependencies on NPM packages are identified. Fuzzy c-means clustering algorithm is used to find the groups among the users based on their effort contribution and demand patterns, and Random Forest is used as the predictive modeling technique to identify their company affiliations. Result: Users contribute and demand effort primarily from packages that they depend on directly with only a tiny fraction of contributions and demand going to transitive dependencies. A significant portion of demand goes into packages outside the users' respective supply chains (constructed based on publicly visible version control data). Three and two different groups of users are observed based on the effort demand and effort contribution patterns respectively. The Random Forest model used for identifying the company affiliation of the users gives a AUC-ROC value of 0.68. Conclusion: Our results give new insights into effort demand and supply at different parts of the supply chain of the NPM ecosystem and its users and suggests the need to increase visibility further upstream.


page 1

page 2

page 3

page 4


Where to Go Now? Finding Alternatives for Declining Packages in the npm Ecosystem

Software ecosystems (e.g., npm, PyPI) are the backbone of modern softwar...

On the Impact of Micro-Packages: An Empirical Study of the npm JavaScript Ecosystem

The rise of user-contributed Open Source Software (OSS) ecosystems demon...

Towards Identifying Paid Open Source Developers - A Case Study with Mozilla Developers

Open source development contains contributions from both hired and volun...

What are Weak Links in the npm Supply Chain?

Modern software development frequently uses third-party packages, raisin...

Underproduction: An Approach for Measuring Risk in Open Source Software

The widespread adoption of Free/Libre and Open Source Software (FLOSS) m...

Worrisome Patterns in Developers: A Survey in Cryptography

We surveyed 97 developers who had used cryptography in open-source proje...

Which Pull Requests Get Accepted and Why? A study of popular NPM Packages

Background: Pull Request (PR) Integrators often face challenges in terms...

Please sign up or login with your details

Forgot password? Click here to reset