Präzi: From Package-based to Call-based Dependency Networks

by   Joseph Hejderup, et al.

Software reuse has emerged as one of the most crucial elements of modern software development. The standard way to study the dependency networks caused by reuse is to infer relationships between software packages through manifests in the packages' repositories. Such networks can help answer important questions like "How many packages have dependencies to packages with known security issues?" or "What are the most used packages?". However, an important overlooked aspect of current networks is that manifest-inferred relationships do not necessarily describe how or whether these dependencies are actually used in the code. To better model dependencies between packages, we devise Präzi, an approach combining manifests and call graphs of packages. Präzi constructs a fine-grained dependency network at the more fine-grained function-level, instead of at the manifest-level. For this paper, we provide a prototypical Präzi implementation for the popular system programming language Rust. Using it, we replicate a recent evolution study characterizing Rust's package repository, Cratesio, on the function-level. Our results identify new key characteristics and developments of Cratesio: i) 49 Cratesio target a function in a dependency, suggesting prevalent reuse of dependencies, ii) packages call 40 iii) package maintainers make nearly 7 new calls to their dependencies biannually, and iv) packages have two to three times more indirect callers than direct callers of their APIs. These results show that current analyses of manifest-level dependency networks are not sufficient to understand how packages use each other.



There are no comments yet.


page 24

page 31


On the evolution of technical lag in the npm package dependency network

Software packages developed and distributed through package managers ext...

Methodology for Assessing the State of the Practice for Domain X

To improve software development methods and tools for research software,...

Learning Software Constraints via Installation Attempts

Modern software systems are expected to be secure and contain all the la...

Evolution of a Modular Software Network

"Evolution behaves like a tinkerer" (Francois Jacob, Science, 1977). Sof...

Refactoring Software Packages via Community Detection from Stability Point of View

As the complexity and size of software projects increases in real-world ...

A grounded theory of Community Package Maintenance Organizations-Registered Report

a) Context: In many programming language ecosystems, developers rely mor...

Dependency Solving Is Still Hard, but We Are Getting Better at It

Dependency solving is a hard (NP-complete) problem in all non-trivial co...

Code Repositories


Replication Package

view repo
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.