npm-Miner: An Infrastructure for Measuring the Quality of the npm Registry

As the popularity of the JavaScript language is constantly increasing, one of the most important challenges today is to assess the quality of JavaScript packages. Developers often employ tools for code linting and for the extraction of static analysis metrics in order to assess and/or improve their code. In this context, we have developed npn-miner, a platform that crawls the npm registry and analyzes the packages using static analysis tools in order to extract detailed quality metrics as well as high-level quality attributes, such as maintainability and security. Our infrastructure includes an index that is accessible through a web interface, while we have also constructed a dataset with the results of a detailed analysis for 2000 popular npm packages.

[1]  Gerardo Canfora,et al.  How Open Source Projects Use Static Code Analysis Tools in Continuous Integration Pipelines , 2017, 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR).

[2]  Philippe Suter,et al.  A Look at the Dynamics of the JavaScript Package Ecosystem , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[3]  Kyriakos C. Chatzidimitriou,et al.  QATCH - An adaptive framework for software product quality assessment , 2017, Expert Syst. Appl..

[4]  Eleni Stroulia,et al.  Co-evolution of project documentation and popularity within github , 2014, MSR 2014.

[5]  Michael S. Bernstein,et al.  Emergent, crowd-scale programming practice in the IDE , 2014, CHI.

[6]  Georgios Gousios,et al.  Structure and Evolution of Package Dependency Networks , 2017, 2017 IEEE/ACM 14th International Conference on Mining Software Repositories (MSR).

[7]  David F. Bacon,et al.  Companion to the 22nd ACM SIGPLAN conference on Object-oriented programming systems and applications companion , 2007, OOPSLA 2007.

[8]  Themistoklis G. Diamantopoulos,et al.  Towards Modeling the User-perceived Quality of Source Code using Static Analysis Metrics , 2017, ICSOFT.

[9]  Ciera Jaspan,et al.  Understanding the value of program analysis tools , 2007, OOPSLA '07.

[10]  Katsuro Inoue,et al.  On the Impact of Micro-Packages: An Empirical Study of the npm JavaScript Ecosystem , 2017, ArXiv.

[11]  Koushik Sen,et al.  TypeDevil: Dynamic Type Inconsistency Analysis for JavaScript , 2015, 2015 IEEE/ACM 37th IEEE International Conference on Software Engineering.

[12]  Joost Visser,et al.  Standardized code quality benchmarking for improving software maintainability , 2011, Software Quality Journal.

[13]  Themistoklis G. Diamantopoulos,et al.  User-Perceived Source Code Quality Estimation Based on Static Analysis Metrics , 2016, 2016 IEEE International Conference on Software Quality, Reliability and Security (QRS).

[14]  Andy Zaidman,et al.  Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software , 2016, 2016 IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER).