Measuring the impact of library dependency on maintenance
| Authors |
|
|---|---|
| Publication date | 2020 |
| Host editors |
|
| Book title | Proceedings of the 13th Seminar Series on Advanced Techniques & Tools for Software Evolution |
| Book subtitle | Amsterdam, Netherlands, July 1-2, 2020 (due to COVID-19: virtual event) |
| Series | CEUR Workshop Proceedings |
| Event | 13th Seminar Series on Advanced Techniques and Tools for Software Evolution, SATToSE 2020 |
| Article number | 5 |
| Number of pages | 7 |
| Publisher | Aachen: CEUR-WS |
| Organisations |
|
| Abstract |
Reusing code from open-source libraries is a useful practice for developers to avoid implementing the same functionalities multiple times. However, when a library is used in another software product, it creates a dependency that may spread the security vulnerabilities of the library to the product. Most package managers have dependency managers which only perform a binary evaluation of the dependencies. Thus, developers have no information about how much products depend on a library or how much effort would be needed to replace a dependency. In this research, we propose a way to measure the degree of library dependency, as well as how much effort would be required to replace the usage of a library with another one. We leverage existing coupling metrics and revisit them in the context of library dependencies. We present two metrics to measure the coupling generated by dependencies: method invocation and aggregation coupling, and briefly discuss the next steps. |
| Document type | Conference contribution |
| Language | English |
| Published at | https://ceur-ws.org/Vol-2754/paper5.pdf |
| Other links | https://ceur-ws.org/Vol-2754/ https://www.scopus.com/pages/publications/85098094486 |
| Downloads |
paper5-3
(Final published version)
|
| Permalink to this page | |
