I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages

I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages

Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a dependency release introduces backward-incompatible changes, commo...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:arXiv.org 2023-01
Hauptverfasser: Venturini, Daniel, Cogo, Filipe Roseiro, Polato, Ivanilton, Gerosa, Marco A, Wiese, Igor Scaliante
Format: Artikel
Sprache:eng
Schlagworte:
Computer Science - Software Engineering
Configuration management
Empirical analysis
Packages
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title arXiv.org
container_volume
creator Venturini, Daniel
Cogo, Filipe Roseiro
Polato, Ivanilton
Gerosa, Marco A
Wiese, Igor Scaliante
description Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a dependency release introduces backward-incompatible changes, commonly known as breaking changes, dependent packages may not build anymore. This may indirectly impact downstream packages, but the impact of breaking changes and how dependent packages recover from these breaking changes remain unclear. To close this gap, we investigated the manifestation of breaking changes in the npm ecosystem, focusing on cases where packages' builds are impacted by breaking changes from their dependencies. We measured the extent to which breaking changes affect dependent packages. Our analyses show that around 12% of the dependent packages and 14% of their releases were impacted by a breaking change during updates of non-major releases of their dependencies. We observed that, from all of the manifesting breaking changes, 44% were introduced both in minor and patch releases, which in principle should be backward compatible. Clients recovered themselves from these breaking changes in half of the cases, most frequently by upgrading or downgrading the provider's version without changing the versioning configuration in the package manager. We expect that these results help developers understand the potential impact of such changes and recover from them.
doi_str_mv 10.48550/arxiv.2301.04563
format Article
fullrecord <record><control><sourceid>proquest_arxiv</sourceid><recordid>TN_cdi_arxiv_primary_2301_04563</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2764780742</sourcerecordid><originalsourceid>FETCH-LOGICAL-a953-c944c5a69365b972e6060d4516b0fd741e90a6bc163916390913bb260567c7963</originalsourceid><addsrcrecordid>eNotkMtqwzAQRUWh0JDmA7qqoGuno3fUXQh9BALdZG9kSU4V27Irx6X5-9pJF8MdhsMwcxB6ILDkKyHg2aTf8LOkDMgSuJDsBs0oYyRbcUrv0KLvjwBApaJCsBkKW-x856PzDrcRn9sBm-guWaS28rjxL3gdsW-6kII1Ne5PgzvjtsSNiaH0_SnEw8h6U02N_TLx4HscIrZ18PGEO2MrM47u0W1p6t4v_nOO9m-v-81Htvt8327Wu8xowTKrObfCSM2kKLSiXoIExwWRBZROceI1GFlYIpmeCjRhRUElCKms0pLN0eN17cVD3qXQmHTOJx_5xcdIPF2JLrXfw_hAfmyHFMebcqokVytQnLI_20hhmw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2764780742</pqid></control><display><type>article</type><title>I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages</title><source>arXiv.org</source><source>Free E- Journals</source><creator>Venturini, Daniel ; Cogo, Filipe Roseiro ; Polato, Ivanilton ; Gerosa, Marco A ; Wiese, Igor Scaliante</creator><creatorcontrib>Venturini, Daniel ; Cogo, Filipe Roseiro ; Polato, Ivanilton ; Gerosa, Marco A ; Wiese, Igor Scaliante</creatorcontrib><description>Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a dependency release introduces backward-incompatible changes, commonly known as breaking changes, dependent packages may not build anymore. This may indirectly impact downstream packages, but the impact of breaking changes and how dependent packages recover from these breaking changes remain unclear. To close this gap, we investigated the manifestation of breaking changes in the npm ecosystem, focusing on cases where packages' builds are impacted by breaking changes from their dependencies. We measured the extent to which breaking changes affect dependent packages. Our analyses show that around 12% of the dependent packages and 14% of their releases were impacted by a breaking change during updates of non-major releases of their dependencies. We observed that, from all of the manifesting breaking changes, 44% were introduced both in minor and patch releases, which in principle should be backward compatible. Clients recovered themselves from these breaking changes in half of the cases, most frequently by upgrading or downgrading the provider's version without changing the versioning configuration in the package manager. We expect that these results help developers understand the potential impact of such changes and recover from them.</description><identifier>EISSN: 2331-8422</identifier><identifier>DOI: 10.48550/arxiv.2301.04563</identifier><language>eng</language><publisher>Ithaca: Cornell University Library, arXiv.org</publisher><subject>Computer Science - Software Engineering ; Configuration management ; Empirical analysis ; Packages</subject><ispartof>arXiv.org, 2023-01</ispartof><rights>2023. This work is published under http://arxiv.org/licenses/nonexclusive-distrib/1.0/ (the “License”). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,784,885,27925</link.rule.ids><backlink>$$Uhttps://doi.org/10.48550/arXiv.2301.04563$$DView paper in arXiv$$Hfree_for_read</backlink><backlink>$$Uhttps://doi.org/10.1145/3576037$$DView published paper (Access to full text may be restricted)$$Hfree_for_read</backlink></links><search><creatorcontrib>Venturini, Daniel</creatorcontrib><creatorcontrib>Cogo, Filipe Roseiro</creatorcontrib><creatorcontrib>Polato, Ivanilton</creatorcontrib><creatorcontrib>Gerosa, Marco A</creatorcontrib><creatorcontrib>Wiese, Igor Scaliante</creatorcontrib><title>I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages</title><title>arXiv.org</title><description>Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a dependency release introduces backward-incompatible changes, commonly known as breaking changes, dependent packages may not build anymore. This may indirectly impact downstream packages, but the impact of breaking changes and how dependent packages recover from these breaking changes remain unclear. To close this gap, we investigated the manifestation of breaking changes in the npm ecosystem, focusing on cases where packages' builds are impacted by breaking changes from their dependencies. We measured the extent to which breaking changes affect dependent packages. Our analyses show that around 12% of the dependent packages and 14% of their releases were impacted by a breaking change during updates of non-major releases of their dependencies. We observed that, from all of the manifesting breaking changes, 44% were introduced both in minor and patch releases, which in principle should be backward compatible. Clients recovered themselves from these breaking changes in half of the cases, most frequently by upgrading or downgrading the provider's version without changing the versioning configuration in the package manager. We expect that these results help developers understand the potential impact of such changes and recover from them.</description><subject>Computer Science - Software Engineering</subject><subject>Configuration management</subject><subject>Empirical analysis</subject><subject>Packages</subject><issn>2331-8422</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2023</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><sourceid>GOX</sourceid><recordid>eNotkMtqwzAQRUWh0JDmA7qqoGuno3fUXQh9BALdZG9kSU4V27Irx6X5-9pJF8MdhsMwcxB6ILDkKyHg2aTf8LOkDMgSuJDsBs0oYyRbcUrv0KLvjwBApaJCsBkKW-x856PzDrcRn9sBm-guWaS28rjxL3gdsW-6kII1Ne5PgzvjtsSNiaH0_SnEw8h6U02N_TLx4HscIrZ18PGEO2MrM47u0W1p6t4v_nOO9m-v-81Htvt8327Wu8xowTKrObfCSM2kKLSiXoIExwWRBZROceI1GFlYIpmeCjRhRUElCKms0pLN0eN17cVD3qXQmHTOJx_5xcdIPF2JLrXfw_hAfmyHFMebcqokVytQnLI_20hhmw</recordid><startdate>20230111</startdate><enddate>20230111</enddate><creator>Venturini, Daniel</creator><creator>Cogo, Filipe Roseiro</creator><creator>Polato, Ivanilton</creator><creator>Gerosa, Marco A</creator><creator>Wiese, Igor Scaliante</creator><general>Cornell University Library, arXiv.org</general><scope>8FE</scope><scope>8FG</scope><scope>ABJCF</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L6V</scope><scope>M7S</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><scope>PTHSS</scope><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20230111</creationdate><title>I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages</title><author>Venturini, Daniel ; Cogo, Filipe Roseiro ; Polato, Ivanilton ; Gerosa, Marco A ; Wiese, Igor Scaliante</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a953-c944c5a69365b972e6060d4516b0fd741e90a6bc163916390913bb260567c7963</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2023</creationdate><topic>Computer Science - Software Engineering</topic><topic>Configuration management</topic><topic>Empirical analysis</topic><topic>Packages</topic><toplevel>online_resources</toplevel><creatorcontrib>Venturini, Daniel</creatorcontrib><creatorcontrib>Cogo, Filipe Roseiro</creatorcontrib><creatorcontrib>Polato, Ivanilton</creatorcontrib><creatorcontrib>Gerosa, Marco A</creatorcontrib><creatorcontrib>Wiese, Igor Scaliante</creatorcontrib><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>Materials Science &amp; Engineering Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Engineering Collection</collection><collection>Engineering Database</collection><collection>Access via ProQuest (Open Access)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><collection>Engineering Collection</collection><collection>arXiv Computer Science</collection><collection>arXiv.org</collection><jtitle>arXiv.org</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Venturini, Daniel</au><au>Cogo, Filipe Roseiro</au><au>Polato, Ivanilton</au><au>Gerosa, Marco A</au><au>Wiese, Igor Scaliante</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages</atitle><jtitle>arXiv.org</jtitle><date>2023-01-11</date><risdate>2023</risdate><eissn>2331-8422</eissn><abstract>Complex software systems have a network of dependencies. Developers often configure package managers (e.g., npm) to automatically update dependencies with each publication of new releases containing bug fixes and new features. When a dependency release introduces backward-incompatible changes, commonly known as breaking changes, dependent packages may not build anymore. This may indirectly impact downstream packages, but the impact of breaking changes and how dependent packages recover from these breaking changes remain unclear. To close this gap, we investigated the manifestation of breaking changes in the npm ecosystem, focusing on cases where packages' builds are impacted by breaking changes from their dependencies. We measured the extent to which breaking changes affect dependent packages. Our analyses show that around 12% of the dependent packages and 14% of their releases were impacted by a breaking change during updates of non-major releases of their dependencies. We observed that, from all of the manifesting breaking changes, 44% were introduced both in minor and patch releases, which in principle should be backward compatible. Clients recovered themselves from these breaking changes in half of the cases, most frequently by upgrading or downgrading the provider's version without changing the versioning configuration in the package manager. We expect that these results help developers understand the potential impact of such changes and recover from them.</abstract><cop>Ithaca</cop><pub>Cornell University Library, arXiv.org</pub><doi>10.48550/arxiv.2301.04563</doi><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier EISSN: 2331-8422
ispartof arXiv.org, 2023-01
issn 2331-8422
language eng
recordid cdi_arxiv_primary_2301_04563
source arXiv.org; Free E- Journals
subjects Computer Science - Software Engineering
Configuration management
Empirical analysis
Packages
title I depended on you and you broke me: An empirical study of manifesting breaking changes in client packages
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-28T13%3A25%3A11IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_arxiv&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=I%20depended%20on%20you%20and%20you%20broke%20me:%20An%20empirical%20study%20of%20manifesting%20breaking%20changes%20in%20client%20packages&rft.jtitle=arXiv.org&rft.au=Venturini,%20Daniel&rft.date=2023-01-11&rft.eissn=2331-8422&rft_id=info:doi/10.48550/arxiv.2301.04563&rft_dat=%3Cproquest_arxiv%3E2764780742%3C/proquest_arxiv%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2764780742&rft_id=info:pmid/&rfr_iscdi=true