Abstract

Open source software ecosystems are essential to software development. Developers depend on packages from the ecosystems to utilize their functionalities and avoid having to reinvent the wheel. On the one hand, this allows developers to write less code, increasing productivity, improving quality, and delivering more features. On the other hand, the package dependencies themselves must be maintained. The overhead starts with the process of selecting a quality package to use out of a large set of packages, going through updating the dependencies and avoiding breakage-inducing versions, ending with replacing obsolete dependencies and finding better alternatives. Neglecting the maintenance of the dependencies can have an expensive negative impact on the software quality. Hence, in this thesis, we propose facilitating the dependency management activities, encouraging developers to keep healthy dependencies in their projects.

We employ information extracted from the software ecosystem to help developers better manage their software dependencies. We first present an empirical study on the factors used by developers to select dependency packages from the npm software ecosystem. Next, we propose an approach that leverages tests from the ecosystems to help identify breakage-inducing versions, which increase developers' confidence in updating the dependencies and help them to make more informed decisions when they update dependencies. Also, we propose an approach to identify packages in decline as early as possible. The underlying rationale of our approach is that the decline in community interest leads to having packages used less over time, becoming less frequently maintained, and eventually, could become abandoned. Furthermore, we propose an approach to find alternatives to replace packages in decline. Finally, we empirically evaluated our approach and characterized the alternative packages.