The web of dependencies a complex network analysis of the NPM
| dc.contributor.advisor | Georg, Co-Pierre | |
| dc.contributor.author | Oldnall, Emilie-Rose | |
| dc.date.accessioned | 2025-03-20T11:13:34Z | |
| dc.date.available | 2025-03-20T11:13:34Z | |
| dc.date.issued | 2024 | |
| dc.date.updated | 2025-03-20T11:09:57Z | |
| dc.description.abstract | Open-source software development is a collaborative effort resulting in complex dependencies betweensoftwarepackages. Unlikeproprietarysoftware,theopen-sourcemodeloffersaunique opportunity to analyse and trace these dependencies due to its public availability. This thesis maps out the complex dependency network within the npm ecosystem, the package manager for JavaScript. JavaScript is the world's most widely used programming language, and its pack age manager is a tool responsible for storing and distributing thousands of third-party software packages to the developer community. Yet, with greater interconnectivity comes greater vulner ability, a reality sharply highlighted in 2016 when removing the small utility left-pad package from the npm registry. This event precipitated widespread software breakage as many web ap plications transitively and unknowingly depended on it for functionality. This thesis uses complex network science to demonstrate how network measures can be used to determine the structure and level of complexity of the npm network and, more interestingly, howthese parameters evolve over time. I analyse the npm network over five years, from 2012 to 2016. To the author's knowledge, no study at the time of writing has analysed the npm package ecosystem at a version level from the perspective of complex network science. This thesis finds that the npm network exhibits small-world behaviour and a scale-free archi tecture, concurring with existing studies on open-source software systems. It underscores the pivotal role of hierarchical software design in moulding npm's network topology and identifies versioned packages that disproportionately influence the network's functionality. Notably, it re veals that central nodes can have up to 200,000 reverse transitive dependencies, highlighting the ecosystem's vulnerability to cascading failures. By providing a detailed exploration of npm's complex dependency network, this research deepens our understanding of npm's infrastruc ture and highlights the critical network dynamics at play in open-source software development. These insights pave the way for further research on mitigating potential vulnerabilities and im proving the resilience of software dependency networks. | |
| dc.identifier.apacitation | Oldnall, E. (2024). <i>The web of dependencies a complex network analysis of the NPM</i>. (). University of Cape Town ,Faculty of Commerce ,School of Economics. Retrieved from http://hdl.handle.net/11427/41222 | en_ZA |
| dc.identifier.chicagocitation | Oldnall, Emilie-Rose. <i>"The web of dependencies a complex network analysis of the NPM."</i> ., University of Cape Town ,Faculty of Commerce ,School of Economics, 2024. http://hdl.handle.net/11427/41222 | en_ZA |
| dc.identifier.citation | Oldnall, E. 2024. The web of dependencies a complex network analysis of the NPM. . University of Cape Town ,Faculty of Commerce ,School of Economics. http://hdl.handle.net/11427/41222 | en_ZA |
| dc.identifier.ris | TY - Thesis / Dissertation AU - Oldnall, Emilie-Rose AB - Open-source software development is a collaborative effort resulting in complex dependencies betweensoftwarepackages. Unlikeproprietarysoftware,theopen-sourcemodeloffersaunique opportunity to analyse and trace these dependencies due to its public availability. This thesis maps out the complex dependency network within the npm ecosystem, the package manager for JavaScript. JavaScript is the world's most widely used programming language, and its pack age manager is a tool responsible for storing and distributing thousands of third-party software packages to the developer community. Yet, with greater interconnectivity comes greater vulner ability, a reality sharply highlighted in 2016 when removing the small utility left-pad package from the npm registry. This event precipitated widespread software breakage as many web ap plications transitively and unknowingly depended on it for functionality. This thesis uses complex network science to demonstrate how network measures can be used to determine the structure and level of complexity of the npm network and, more interestingly, howthese parameters evolve over time. I analyse the npm network over five years, from 2012 to 2016. To the author's knowledge, no study at the time of writing has analysed the npm package ecosystem at a version level from the perspective of complex network science. This thesis finds that the npm network exhibits small-world behaviour and a scale-free archi tecture, concurring with existing studies on open-source software systems. It underscores the pivotal role of hierarchical software design in moulding npm's network topology and identifies versioned packages that disproportionately influence the network's functionality. Notably, it re veals that central nodes can have up to 200,000 reverse transitive dependencies, highlighting the ecosystem's vulnerability to cascading failures. By providing a detailed exploration of npm's complex dependency network, this research deepens our understanding of npm's infrastruc ture and highlights the critical network dynamics at play in open-source software development. These insights pave the way for further research on mitigating potential vulnerabilities and im proving the resilience of software dependency networks. DA - 2024 DB - OpenUCT DP - University of Cape Town KW - economics LK - https://open.uct.ac.za PB - University of Cape Town PY - 2024 T1 - The web of dependencies a complex network analysis of the NPM TI - The web of dependencies a complex network analysis of the NPM UR - http://hdl.handle.net/11427/41222 ER - | en_ZA |
| dc.identifier.uri | http://hdl.handle.net/11427/41222 | |
| dc.identifier.vancouvercitation | Oldnall E. The web of dependencies a complex network analysis of the NPM. []. University of Cape Town ,Faculty of Commerce ,School of Economics, 2024 [cited yyyy month dd]. Available from: http://hdl.handle.net/11427/41222 | en_ZA |
| dc.language.iso | en | |
| dc.language.rfc3066 | eng | |
| dc.publisher.department | School of Economics | |
| dc.publisher.faculty | Faculty of Commerce | |
| dc.publisher.institution | University of Cape Town | |
| dc.subject | economics | |
| dc.title | The web of dependencies a complex network analysis of the NPM | |
| dc.type | Thesis / Dissertation | |
| dc.type.qualificationlevel | Masters | |
| dc.type.qualificationlevel | MCom |