Breaking the Borders: An Investigation of Cross-Ecosystem Software Packages

Software ecosystems are collections of projects that are developed and evolve together in the same environment. Existing literature investigates software ecosystems as isolated entities whose boundaries do not overlap and assumes they are self-contained. However, a number of software projects are distributed in more than one ecosystem. As different aspects, e.g., success, security vulnerabilities, bugs, etc., of such cross-ecosystem packages can affect multiple ecosystems, we investigate the presence and characteristics of these cross-ecosystem packages in 12 large software distributions. We found a small number of packages distributed in multiple packaging ecosystems and that such packages are usually distributed in two ecosystems. These packages tend to better support with new releases certain ecosystems, while their evolution can impact a multitude of packages in other ecosystems. Finally, such packages appear to be popular with large developer communities.

[1]  Eleni Constantinou,et al.  Social and technical evolution of software ecosystems: a case study of rails , 2016, ECSA Workshops.

[2]  T. Mens,et al.  Socio-technical evolution of the Ruby ecosystem in GitHub , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[3]  Gregorio Robles,et al.  Developer Turnover in Global, Industrial Open Source Projects: Insights from Applying Survival Analysis , 2017, 2017 IEEE 12th International Conference on Global Software Engineering (ICGSE).

[4]  James D. Herbsleb,et al.  Ecosystem-level determinants of sustained activity in open-source projects: a case study of the PyPI ecosystem , 2018, ESEC/SIGSOFT FSE.

[5]  Eleni Constantinou,et al.  On the Evolution of Technical Lag in the npm Package Dependency Network , 2018, 2018 IEEE International Conference on Software Maintenance and Evolution (ICSME).

[6]  Tom Mens,et al.  An empirical comparison of dependency issues in OSS packaging ecosystems , 2017, 2017 IEEE 24th International Conference on Software Analysis, Evolution and Reengineering (SANER).

[7]  Mircea Lungu,et al.  Towards reverse engineering software ecosystems , 2008, 2008 IEEE International Conference on Software Maintenance.

[8]  Philippe Suter,et al.  A Look at the Dynamics of the JavaScript Package Ecosystem , 2016, 2016 IEEE/ACM 13th Working Conference on Mining Software Repositories (MSR).

[9]  Meiyappan Nagappan,et al.  Diversity in software engineering research , 2016, Perspectives on Data Science for Software Engineering.

[10]  Eleni Constantinou,et al.  An Empirical Analysis of Technical Lag in npm Package Dependencies , 2018, ICSR.

[11]  Eleni Constantinou,et al.  On the Impact of Security Vulnerabilities in the npm Package Dependency Network , 2018, 2018 IEEE/ACM 15th International Conference on Mining Software Repositories (MSR).

[12]  Andrew Nesbitt,et al.  Libraries.io Open Source Repository and Dependency Metadata , 2017 .

[13]  Daniel M. Germán,et al.  The Evolution of the R Software Ecosystem , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[14]  Eleni Constantinou,et al.  An empirical comparison of developer retention in the RubyGems and npm software ecosystems , 2017, Innovations in Systems and Software Engineering.

[15]  Tom Mens,et al.  An empirical comparison of dependency network evolution in seven software packaging ecosystems , 2017, Empirical Software Engineering.