npm Packages as Ingredients: A Recipe-based Approach Kyriakos C. Chatzidimitriou, Michail D. Papamichail, Themistoklis Diamantopoulos, Napoleon-Christos Oikonomou and Andreas L. Symeonidis Electrical and Computer Engineering Dept., Aristotle University of Thessaloniki, Thessaloniki, Greece Keywords: Dependency Networks, Software Reuse, JavaScript, npm, Node. Abstract: The sharing and growth of open source software packages in the npm JavaScript (JS) ecosystem has been exponential, not only in numbers but also in terms of interconnectivity, to the extend that often the size of de- pendencies has become more than the size of the written code. This reuse-oriented paradigm, often attributed to the lack of a standard library in node and/or in the micropackaging culture of the ecosystem, yields interest- ing insights on the way developers build their packages. In this work we view the dependency network of the npm ecosystem from a “culinary” perspective. We assume that dependencies are the ingredients in a recipe, which corresponds to the produced software package. We employ network analysis and information retrieval techniques in order to capture the dependencies that tend to co-occur in the development of npm packages and identify the communities that have been evolved as the main drivers for npm’s exponential growth. 1 INTRODUCTION The popularity of JS is constantly increasing, and along is increasing the popularity of frameworks for building server (e.g. Node.js), web (e.g. React, Vue.js, Angular, etc.), desktop (e.g. Electron) or mobile ap- plications (e.g. React Native, NativeScript, etc.), even IoT solutions (e.g. Node-RED). A common denom- inator to this explosive growth has been the launch of the npm registry (i.e. the package manager of JS) in 2010. The npm ecosystem is often seen as one of the JS revolutions 1 that have transformed JavaScript from “a language that was adding programming ca- pabilities to HTML” into a full-blown ecosystem. In fact, the growth is so rapid that terms like “JS frame- work fatigue” have become common among develop- ers. Indicatively, the June 2018 Redmonk survey 2 , the GitHub status report 3 , and the 2018 Stack Over- flow survey 4 position JS as the most popular program- ming language, while Module Counts 5 depicts an ex- ponential growth of npm modules against repositories of other languages. Given that dependencies and reusability have be- 1 https://youtu.be/L-fx2xXSVso 2 https://redmonk.com/sogrady/2018/08/10/language- rankings-6-18/ 3 https://octoverse.github.com/ 4 https://insights.stackoverflow.com/survey/2018/ 5 http://www.modulecounts.com/ come very important in today’s software develop- ment process, npm registry has become a “must” place for developers to share packages, defining code reuse as a state-of-the-practice development paradigm (Chatzidimitriou et al., 2018). A white paper by Con- trast Security (Williams and Dabirsiaghi, 2014) men- tions that up to 80% of the code in today’s software applications comes from libraries and frameworks. This is evident in the npm ecosystem, where the num- ber of dependencies for a package has been shown to grow with time (Wittern et al., 2016). There are even extreme cases, where one-liner libraries have more than 70 dependencies (Haney, 2016). Such extreme reusability is usually attributed to the lack of a stan- dard library in node.js and to the micropackaging cul- ture of the npm ecosystem. Against this background, in this work we extract the collective knowledge and preferences when creat- ing JavaScript (node.js) packages through mining the most proliferate module repository, the npm registry. Inspired by (Teng et al., 2012), we treat packages as recipes and dependencies as ingredients. Just like a recipe comprises a list of ingredients along with a pro- cess on how to combine them, one can consider an npm package as a recipe: a list of core dependencies and a list of development dependencies, also known as devDependencies in the npm lingo, that are com- bined together with some code that uses them. And just like online recipes receive reviews and comments, 544 Chatzidimitriou, K., Papamichail, M., Diamantopoulos, T., Oikonomou, N. and Symeonidis, A. npm Packages as Ingredients: A Recipe-based Approach. DOI: 10.5220/0007966805440551 In Proceedings of the 14th International Conference on Software Technologies (ICSOFT 2019), pages 544-551 ISBN: 978-989-758-379-7 Copyright c  2019 by SCITEPRESS – Science and Technology Publications, Lda. All rights reserved