Analysis of dependency graphs of third party libraries in different package managers

Abstract

Code development can be a complicated and lengthy process. One option to speed up development is to use third party packages. Third party libraries are generally managed with a package manager. Considering that libraries can use other libraries to build their own functionalities, then the dependency graphs for third party libraries can get extensive. Mistakes or security issues in one library can also affect other libraries in which it is used. Package managers have already been analysed from many different perspectives. One popular dataset is the libraries.io dataset. Previous research using the 2017 libraries.io dataset concluded that package manager ecosystems grow either linearly or exponentially. The goal of this thesis is to use the newer 2020 version of the libraries.io dataset to analyse growth trends in the number of libraries, versions and dependencies for each package manager. The results are then compared with previous research. It was discovered that not all package managers showed growing trends. Of the selected package managers, three were slowing down istead. In one case this trend was due to incorrect data. Additionally, experiences and potential problems with using the popular libraries.io dataset are described.