SPECIFICS AND COMPLEXITY OF THIRD-PARTY LIBRARY MIGRATIONS IN IT-PROJECTS
DOI:
https://doi.org/10.20998/2413-3000.2024.8.4Keywords:
library migration, third-party dependency migration, library recommendation, multi-metric ranking, library adoption, library selectionAbstract
An analysis has been conducted on the relevance of the problem of migrating third-party tools in IT projects, which is characterized by regularity and presents challenges for developers in terms of decision-making. The analysis shows that the migration of third-party tools requires developers not only to have technical knowledge and skills but also a deep understanding of migration management strategies, risk assessment methods, and the ability to integrate new tools into existing projects without negatively impacting the workflow. The necessity of migrating third-party tools in the IT field, which is a crucial aspect for ensuring the relevance, efficiency, and innovation of software in a rapidly changing technological landscape, is directly considered. Main attention is given to the review of modern research and methodologies aimed at simplifying the process of tool migration, reducing development and support costs, and enhancing software security. Proposals regarding comprehensive approaches to managing migrations are considered, including the use of automated systems for analyzing large volumes of data about the history of changes in projects, risk assessment, and effective communication among all project participants. The justification for the significance of migrating third-party tools to ensure the sustainable development of software in a dynamically changing technological environment is discussed. The need for further research in this field is highlighted, aimed at developing new tools and methodologies to optimize the migration process, with the goal of enhancing developer productivity and ensuring the high quality of final software products. The importance of a systematic and comprehensive approach to migrating third-party tools, based on detailed data analysis, a deep understanding of risks, effective communication, and the application of modern technological solutions, is emphasized.
References
He H., He R., Gu H., Zhou M. A Large-Scale Empirical Study on Java Library Migrations: Prevalence, Trends, and Rationales. Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2021) (Athens, Greece). New York, NY, USA: Association for Computing Machinery, 2021. P. 478–490.
Larios Vargas E., Aniche M., Treude C., Bruntink M., Gousios G. Selecting Third-Party Libraries: The Practitioners’ Perspective. Proceedings of the 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE ’20), November 8–13, 2020, Virtual Event, USA. New York, NY, USA: ACM, 2020. 12 pages. Available from: https://doi.org/10.1145/3368089.3409711
Mohagheghi Parastoo, Conradi Reidar. Quality, Productivity and Economic Benefits of Software Reuse: A review of Industrial Studies. Empir. Softw. Eng. 2007. Vol. 12, No. 5. P. 471–516. Available from: https://doi.org/10.1007/s10664-007-9040-x
Mojica I. J., Adams B., Nagappan M., Dienst S., Berger T., Hassan A. E. A Large-Scale Empirical Study on Software Reuse in Mobile Apps. IEEE Software. March 2014. Vol. 31, No. 2. P. 78–86. Available from: https://doi.org/10.1109/MS.2013.142
Li M., Wang W., Wang P., Wang S., Wu D., Liu J., Xue R., Huo W. LibD: Scalable and Precise Third-Party Library Detection in Android Markets. 2017 IEEE/ACM 39th International Conference on Software Engineering (ICSE). 2017. P. 335–346. Available from: https://doi.org/10.1109/ICSE.2017.38
Nguyen P. T., Di Rocco J., Di Ruscio D., Di Penta M. CrossRec: Supporting software developers by recommending third-party libraries. Journal of Systems and Software. 2020. Vol. 161.
Article 110460. Available from: https://doi.org/10.1016/j.jss.2019.110460
MvnRepository. Maven Central Repository [Electronic resource]. 2021. Available from: https://mvnrepository.com/repos/central
Github [Electronic resource]. Available at: https://github.com/
npm, Inc. npm | Build amazing things [Electronic resource]. 2021. Available at: https://www.npmjs.com/
Python Software Foundation. PyPI: the Python package index [Electronic resource]. 2021. Available at: https://pypi.org/
Cox Russ. Surviving software dependencies. Commun. ACM. 2019. Vol. 62, No. 9. P. 36-43. Available from: https://doi.org/10.1145/3347446
Pano Amantia, Graziotin Daniel, Abrahamsson Pekka. Factors and actors leading to the adoption of a JavaScript framework. Empir. Softw. Eng. 2018. Vol. 23, No. 6. P. 3503–3534. Available from: https://doi.org/10.1007/s10664-018-9613-x
Larios Vargas Enrique, Aniche Maurício Finavaro, Treude Christoph, Bruntink Magiel, Gousios Georgios. Selecting third-party libraries: the practitioners’ perspective. ESEC/FSE ’20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, USA, November 8-13, 2020. ACM, 2020. P. 245–256. Available from: https://doi.org/10.1145/3368089.3409711
Alfadel Mahmoud, Costa Diego Elias, Shihab Emad. Empirical Analysis of Security Vulnerabilities in Python Packages. 28th IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER 2021), Honolulu, HI, USA, March 9-12, 2021. IEEE, 2021. P. 446–457. Available from: https://doi.org/10.1109/SANER50967.2021.00048
Decan Alexandre, Mens Tom, Constantinou Eleni. On the impact of security vulnerabilities in the npm package dependency network. Proceedings of the 15th International Conference on Mining Software Repositories (MSR 2018), Gothenburg, Sweden, May 28-29, 2018. ACM, 2018. P. 181–191. Available from: https://doi.org/10.1145/3196398.3196401
Pashchenko Ivan, Plate Henrik, Ponta Serena Elisa, Sabetta Antonino, Massacci Fabio. Vulnerable open source dependencies: counting those that matter. Proceedings of the 12th ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM 2018), Oulu, Finland, October 11-12, 2018. ACM, 2018. P. 42:1–42:10. Available from: https://doi.org/10.1145/3239235.3268920
Zimmermann Markus, Staicu Cristian-Alexandru, Tenny Cam, Pradel Michael. Small World with High Risks: A Study of Security Threats in the npm Ecosystem. 28th USENIX Security Symposium, USENIX Security 2019, Santa Clara, CA, USA, August 14-16, 2019. USENIX Association, 2019. P. 995–1010.
He Hao, Xu Yulin, Cheng Xiao, Liang Guangtai, Zhou Minghui. MigrationAdvisor: Recommending Library Migrations from Large-Scale Open-Source Data. 43rd IEEE/ACM International Conference on Software Engineering: Companion Proceedings, ICSE Companion 2021, Madrid, Spain, May 25-28, 2021. IEEE, 2021. P. 9–12. Available from: https://doi.org/10.1109/ICSE-Companion52605.2021.00023
He Hao, Xu Yulin, Ma Yixiao, Xu Yifei, Liang Guangtai, Zhou Minghui. A Multi-Metric Ranking Approach for Library Migration Recommendations. 28th IEEE International Conference on Software Analysis, Evolution and Reengineering, SANER 2021, Honolulu, HI, USA, March 9-12, 2021. IEEE, 2021. P. 72–83. Available from: https://doi.org/10.1109/SANER50967.2021.00016
Kabinna Suhas, Bezemer Cor-Paul, Shang Weiyi, Hassan Ahmed E. Logging library migrations: A case study for the Apache Software Foundation projects. Proceedings of the 13th International Conference on Mining Software Repositories, MSR 2016, Austin, TX, USA, May 14-22, 2016. ACM, 2016. P. 154–164. Available from: https://doi.org/10.1145/2901739.2901769
Teyton Cédric, Falleri Jean-Rémy, Blanc Xavier. Mining Library Migration Graphs. 19th Working Conference on Reverse Engineering, WCRE 2012, Kingston, ON, Canada, October 15-18, 2012. IEEE Computer Society, 2012. P. 289–298. Available from: https://doi.org/10.1109/WCRE.2012.38
Teyton Cédric, Falleri Jean-Rémy, Palyart Marc, Blanc Xavier. A study of library migrations in Java. J. Softw. Evol. Process. 2014. Vol. 26, No. 11. P. 1030–1052. Available from: https://doi.org/10.1002/smr.1660
Bavota Gabriele, Canfora Gerardo, Di Penta Massimiliano, Oliveto Rocco, Panichella Sebastiano. How the Apache community upgrades dependencies: an evolutionary study. Empir. Softw. Eng. 2015. Vol. 20, No. 5. P. 1275–1317. Available from: https://doi.org/10.1007/s10664-014-9325-9
Kula Raula Gaikovina, Germán Daniel M., Ouni Ali, Ishio Takashi, Inoue Katsuro. Do developers update their library dependencies? - An empirical study on the impact of security advisories on library migration. Empir. Softw. Eng. 2018. Vol. 23, No. 1. P. 384–417. Available from: https://doi.org/10.1007/s10664-017-9521-5
Zerouali Ahmed, Constantinou Eleni, Mens Tom, Robles Gregorio, González-Barahona Jesús M. An Empirical Analysis of Technical Lag in npm Package Dependencies. New Opportunities for Software Reuse - 17th International Conference, ICSR 2018, Madrid, Spain, May 21-23, 2018, Proceedings. Springer, 2018. P. 95–110. Available from: https://doi.org/10.1007/978-3-319-90421-4_6
López de la Mora Fernando, Nadi Sarah. An Empirical Study of Metric-based Comparisons of Software Libraries. Proceedings of the 14th International Conference on Predictive Models and Data Analytics in Software Engineering, PROMISE 2018, Oulu, Finland, October 10, 2018. ACM, 2018. P. 22–31. Available from: https://doi.org/10.1145/3273934.3273937
Kavaler David, Trockman Asher, Vasilescu Bogdan, Filkov Vladimir. Tool choice matters: JavaScript quality assurance tools and usage outcomes in GitHub projects. Proceedings of the 41st International Conference on Software Engineering,
ICSE 2019, Montreal, QC, Canada, May 25-31, 2019. IEEE / ACM, 2019. P. 476–487. Available from: https://doi.org/10.1109/ICSE.2019.00060
Lamba Hemank, Trockman Asher, Armanios Daniel, Kästner Christian, Miller Heather, Vasilescu Bogdan. Heard it through the Gitvine: an empirical study of tool diffusion across the npm ecosystem. ESEC/FSE ’20: 28th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Virtual Event, USA, November 8-13, 2020. ACM, 2020. P. 505–517. Available from: https://doi.org/10.1145/3368089.3409705
Ma Yuxing, Mockus Audris, Zaretzki Russell, Bichescu Bogdan, Bradley Randy. A Methodology for Analyzing Uptake of Software Technologies Among Developers. IEEE Transactions on Software Engineering. 2020. P. 1–1. Available from: https://doi.org/10.1109/TSE.2020.2993758
Pano Amantia, Graziotin Daniel, Abrahamsson Pekka. Factors and actors leading to the adoption of a JavaScript framework. Empir. Softw. Eng. 2018. Vol. 23, No. 6. P. 3503–3534. Available from: https://doi.org/10.1007/s10664-018-9613-x
Xu Bowen, An Le, Thung Ferdian, Khomh Foutse, Lo David. Why reinventing the wheels? An empirical study on library reuse and re-implementation. Empir. Softw. Eng. 2020. Vol. 25, No. 1. P. 755–789. Available from: https://doi.org/10.1007/s10664-019-09771-0
Yin Likang, Filkov Vladimir. Team Discussions and Dynamics During DevOps Tool Adoptions in OSS Projects. 35th IEEE/ACM International Conference on Automated Software Engineering, ASE 2020, Melbourne, Australia, September 21-25, 2020. IEEE, 2020. P. 697–708. Available from: https://doi.org/10.1145/3324884.3416640
Cogo Filipe Roseiro, Oliva Gustavo Ansaldi, Hassan Ahmed E. An empirical study of dependency downgrades in the npm ecosystem. IEEE Transactions on Software Engineering. 2019. Available from: https://doi.org/10.1109/TSE.2019.2952130
Cox Joel, Bouwers Eric, van Eekelen Marko C. J. D., Visser Joost. Measuring Dependency Freshness in Software Systems. 37th IEEE/ACM International Conference on Software Engineering, ICSE 2015, Florence, Italy, May 16-24, 2015, Volume 2. IEEE Computer Society, 2015. P. 109–118. Available from: https://doi.org/10.1109/ICSE.2015.140
Decan Alexandre, Mens Tom, Constantinou Eleni. On the Evolution of Technical Lag in the npm Package Dependency Network. 2018 IEEE International Conference on Software Maintenance and Evolution, ICSME 2018, Madrid, Spain, September 23-29, 2018. IEEE Computer Society, 2018. P. 404–414. Available from: https://doi.org/10.1109/ICSME.2018.00050
Dietrich Jens, Pearce David J., Stringer Jacob, Tahir Amjed, Blincoe Kelly. Dependency versioning in the wild. Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, Montreal, Canada, May 26-27, 2019. IEEE / ACM, 2019. P. 349–359. Available from: https://doi.org/10.1109/MSR.2019.00061
Kula Raula Gaikovina, Germán Daniel M., Ishio Takashi, Inoue Katsuro. Trusting a library: A study of the latency to adopt the latest Maven release. 22nd IEEE International Conference on Software Analysis, Evolution, and Reengineering, SANER 2015, Montreal, QC, Canada, March 2-6, 2015. IEEE Computer Society, 2015. P. 520–524. Available from: https://doi.org/10.1109/SANER.2015.7081869
Kula Raula Gaikovina, Germán Daniel M., Ouni Ali, Ishio Takashi, Inoue Katsuro. Do developers update their library dependencies? - An empirical study on the impact of security advisories on library migration. Empir. Softw. Eng. 2018. Vol. 23, No. 1. P. 384–417. Available from: https://doi.org/10.1007/s10664-017-9521-5
Mirhosseini Samim, Parnin Chris. Can automated pull requests encourage software developers to upgrade out-of-date dependencies?. Proceedings of the 32nd IEEE/ACM International Conference on Automated Software Engineering, ASE 2017, Urbana, IL, USA, October 30 - November 03, 2017. IEEE Computer Society, 2017. P. 84–94. Available from: https://doi.org/10.1109/ASE.2017.8115621
Soto-Valero César, Benelallam Amine, Harrand Nicolas, Barais Olivier, Baudry Benoit. The emergence of software diversity in Maven Central. Proceedings of the 16th International Conference on Mining Software Repositories, MSR 2019, Montreal, Canada, May 26-27, 2019. IEEE / ACM, 2019. P. 333–343. Available from: https://doi.org/10.1109/MSR.2019.00059
Snyk Limited. Snyk | Developer security | Develop fast. Stay secure [Electronic resource]. 2021. Available from: https://snyk.io/
WhiteSource Software. WhiteSource: Open Source Security and License Management Solution [Electronic resource]. 2021. Available from: https://www.whitesourcesoftware.com/
GitHub, Inc. GitHub Advisory Database [Electronic resource]. 2021. Available from: https://github.com/advisories
Alrubaye Hussein, Alshoaibi Deema, AlOmar Eman Abdullah, Mkaouer Mohamed Wiem, Ouni Ali. How Does Library Migration Impact Software Quality and Comprehension? An Empirical Study. Reuse in Emerging Software Engineering Practices - 19th International Conference on Software and Systems Reuse, ICSR 2020, Hammamet, Tunisia, December 2-4, 2020, Proceedings. Springer, 2020. P. 245–260. Available from: https://doi.org/10.1007/978-3-030-64694-3_15
Bartolomei Thiago Tonelli, Czarnecki Krzysztof, Lämmel Ralf, van der Storm Tijs. Study of an API Migration for Two XML APIs. Software Language Engineering, Second International Conference, SLE 2009, Denver, CO, USA, October 5-6, 2009, Revised Selected Papers. Springer, 2009. P. 42–61. Available from: https://doi.org/10.1007/978-3-642-12107-4_5
Alrubaye Hussein, Mkaouer Mohamed Wiem, Ouni Ali. On the use of information retrieval to automate the detection of third-party Java library migration at the method level. Proceedings of the 27th International Conference on Program Comprehension, ICPC 2019, Montreal, QC, Canada, May 25-31, 2019. IEEE / ACM, 2019. P. 347–357. Available from: https://doi.org/10.1109/ICPC.2019.00053
Teyton C., Falleri J., Blanc X. Mining library migration graphs. 19th Working Conference on Reverse Engineering, WCRE 2012, Kingston, ON, Canada, 2012.
Chen C., Gao S., Xing Z. Mining analogical libraries in Q&A discussions - Incorporating relational and categorical knowledge into word embedding. IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering, SANER 2016, Suita, Osaka, Japan, March 14-18, 2016. Volume 1. IEEE Computer Society, 2016. P. 338–348.
de la Mora F. L., Nadi S. An empirical study of metric-based comparisons of software libraries. Proceedings of the 14th International Conference on Predictive Models and Data Analytics in Software Engineering, PROMISE 2018, Oulu, Finland, October 10, 2018. 2018. P. 22–31.
Awesome java: A curated list of awesome frameworks, libraries, and software for the Java programming language [Electronic resource]. Available from: https://github.com/akullpp/awesome-java
Alternativeto: Crowd-sourced software recommendations [Electronic resource]. Available from: https://alternativeto.net/
Larios-Vargas E., Aniche M., Treude C., Bruntink M., Gousios G. Selecting third-party libraries: The practitioners’ perspective. ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE 2020). 2020.
Kabinna S., Bezemer C., Shang W., Hassan A. E. Logging library migrations: A case study for the Apache Software Foundation projects. Proceedings of the 13th International Conference on Mining Software Repositories, MSR 2016, Austin, TX, USA, May 14-22, 2016. 2016. P. 154–164.
Huang E.H., Socher R., Manning C.D., Ng A.Y. Improving word representations via global context and multiple word prototypes // Proc. 50th Annual Meeting of the Association for Computational Linguistics: Long Papers. vol.1. 2012. P. 873–882.
Koren Y. Factor in the neighbors: Scalable and accurate collaborative filtering. ACM Transactions on Knowledge Discovery from Data (TKDD). 2010. Vol. 4, No. 1, P. 1.
Mccarey F., Cinnéide M.O., Kushmerick N. Rascal: A recommender agent for agile reuse. Artificial Intelligence Review. 2005. Vol. 24, No. 3-4. P. 253–276.
Zhao X., Li S., Yu H., Wang Y., Qiu W. Accurate Library Recommendation Using Combining Collaborative Filtering and Topic Model for Mobile Development. IEICE Transactions. 2019. Vol. 102-D, No. 3. P. 522–536.
Chen C., Gao S., Xing Z. Mining analogical libraries in q&a discussions–incorporating relational and categorical knowledge into word embedding. IEEE 23rd International Conference on Software Analysis, Evolution, and Reengineering (SANER), vol.1. IEEE, 2016. P. 338–348.
Chen C., Xing Z. Similartech: Automatically recommend analogical libraries across different programming languages. Proc. 31st IEEE/ACM International Conference on Automated Software Engineering. ACM, 2016. P. 834–839.
Thung F., Lo D., Lawall J. Automated library recommendation. 20th Working Conference on Reverse Engineering (WCRE 2013): Proceedings: Koblenz, Germany, 14-17 Oct. 2013. 2013. P. 182–191.
Agrawal R., Srikant R. Fast algorithms for mining association rules. Proc. 20th Int. Conf. Very Large Data Bases, VLDB, vol.1215. 1994. P. 487–499.
Blei D.M., Ng A.Y., Jordan M.I. Latent dirichlet allocation. Journal of Machine Learning Research. 2003. Vol. 3, No. Jan. P. 993–1022.
Koren Y. Factor in the neighbors: Scalable and accurate collaborative filtering. ACM Transactions on Knowledge Discovery from Data (TKDD). 2010. Vol. 4, No. 1, P. 1.
Burke R. Hybrid recommender systems: Survey and experiments. User modeling and user-adapted interaction. 2002. Vol. 12, No. 4. P. 331–370.
Terveen L., Hill W. Beyond recommender systems: Helping people help each other. HCI in the New Millennium. Vol. 1. 2001. P. 487–509.
Downloads
Published
Issue
Section
License
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
Our journal abides by the Creative Commons copyright rights and permissions for open access journals.
Authors who publish with this journal agree to the following terms:
Authors hold the copyright without restrictions and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
Authors are able to enter into separate, additional contractual arrangements for the non-commercial and non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
Authors are permitted and encouraged to post their published work online (e.g., in institutional repositories or on their website) as it can lead to productive exchanges, as well as earlier and greater citation of published work.
