On the Impact of Micro-Packages: An Empirical Study of the npm JavaScript Ecosystem
This work highlights a problem for JavaScript developers regarding dependency management and ecosystem stability, but it is incremental as it provides empirical evidence for known concerns.
The study investigated the impact of micro-packages in the npm JavaScript ecosystem by analyzing 169,964 packages, finding that micro-packages constitute a significant portion and can have long dependency chains and high usage costs similar to other packages.
The rise of user-contributed Open Source Software (OSS) ecosystems demonstrate their prevalence in the software engineering discipline. Libraries work together by depending on each other across the ecosystem. From these ecosystems emerges a minimized library called a micro-package. Micro- packages become problematic when breaks in a critical ecosystem dependency ripples its effects to unsuspecting users. In this paper, we investigate the impact of micro-packages in the npm JavaScript ecosystem. Specifically, we conducted an empirical in- vestigation with 169,964 JavaScript npm packages to understand (i) the widespread phenomena of micro-packages, (ii) the size dependencies inherited by a micro-package and (iii) the developer usage cost (ie., fetch, install, load times) of using a micro-package. Results of the study find that micro-packages form a significant portion of the npm ecosystem. Apart from the ease of readability and comprehension, we show that some micro-packages have long dependency chains and incur just as much usage costs as other npm packages. We envision that this work motivates the need for developers to be aware of how sensitive their third-party dependencies are to critical changes in the software ecosystem.