Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
The web of dependencies a complex network analysis of the NPM
Open-source software development is a collaborative effort resulting in complex dependencies betweensoftwarepackages. Unlikeproprietarysoftware,theopen-sourcemodeloffersaunique opportunity to analyse and trace these dependencies due to its public availability. This thesis maps out the complex depend...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English English |
| Published: |
School of Economics
2025
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613293173014528 |
|---|---|
| access_status_str | Open Access |
| author | Oldnall, Emilie-Rose |
| author2 | Georg, Co-Pierre |
| author_browse | Georg, Co-Pierre Oldnall, Emilie-Rose |
| author_facet | Georg, Co-Pierre Oldnall, Emilie-Rose |
| author_sort | Oldnall, Emilie-Rose |
| collection | Thesis |
| description | Open-source software development is a collaborative effort resulting in complex dependencies betweensoftwarepackages. Unlikeproprietarysoftware,theopen-sourcemodeloffersaunique opportunity to analyse and trace these dependencies due to its public availability. This thesis maps out the complex dependency network within the npm ecosystem, the package manager for JavaScript. JavaScript is the world's most widely used programming language, and its pack age manager is a tool responsible for storing and distributing thousands of third-party software packages to the developer community. Yet, with greater interconnectivity comes greater vulner ability, a reality sharply highlighted in 2016 when removing the small utility left-pad package from the npm registry. This event precipitated widespread software breakage as many web ap plications transitively and unknowingly depended on it for functionality. This thesis uses complex network science to demonstrate how network measures can be used to determine the structure and level of complexity of the npm network and, more interestingly, howthese parameters evolve over time. I analyse the npm network over five years, from 2012 to 2016. To the author's knowledge, no study at the time of writing has analysed the npm package ecosystem at a version level from the perspective of complex network science. This thesis finds that the npm network exhibits small-world behaviour and a scale-free archi tecture, concurring with existing studies on open-source software systems. It underscores the pivotal role of hierarchical software design in moulding npm's network topology and identifies versioned packages that disproportionately influence the network's functionality. Notably, it re veals that central nodes can have up to 200,000 reverse transitive dependencies, highlighting the ecosystem's vulnerability to cascading failures. By providing a detailed exploration of npm's complex dependency network, this research deepens our understanding of npm's infrastruc ture and highlights the critical network dynamics at play in open-source software development. These insights pave the way for further research on mitigating potential vulnerabilities and im proving the resilience of software dependency networks. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/41222 |
| institution | University of Cape Town (South Africa) |
| language | English eng |
| last_indexed | 2026-06-10T12:33:49.949Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2025 |
| publishDateRange | 2025 |
| publishDateSort | 2025 |
| publisher | School of Economics |
| publisherStr | School of Economics |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/41222 The web of dependencies a complex network analysis of the NPM Oldnall, Emilie-Rose Georg, Co-Pierre economics Open-source software development is a collaborative effort resulting in complex dependencies betweensoftwarepackages. Unlikeproprietarysoftware,theopen-sourcemodeloffersaunique opportunity to analyse and trace these dependencies due to its public availability. This thesis maps out the complex dependency network within the npm ecosystem, the package manager for JavaScript. JavaScript is the world's most widely used programming language, and its pack age manager is a tool responsible for storing and distributing thousands of third-party software packages to the developer community. Yet, with greater interconnectivity comes greater vulner ability, a reality sharply highlighted in 2016 when removing the small utility left-pad package from the npm registry. This event precipitated widespread software breakage as many web ap plications transitively and unknowingly depended on it for functionality. This thesis uses complex network science to demonstrate how network measures can be used to determine the structure and level of complexity of the npm network and, more interestingly, howthese parameters evolve over time. I analyse the npm network over five years, from 2012 to 2016. To the author's knowledge, no study at the time of writing has analysed the npm package ecosystem at a version level from the perspective of complex network science. This thesis finds that the npm network exhibits small-world behaviour and a scale-free archi tecture, concurring with existing studies on open-source software systems. It underscores the pivotal role of hierarchical software design in moulding npm's network topology and identifies versioned packages that disproportionately influence the network's functionality. Notably, it re veals that central nodes can have up to 200,000 reverse transitive dependencies, highlighting the ecosystem's vulnerability to cascading failures. By providing a detailed exploration of npm's complex dependency network, this research deepens our understanding of npm's infrastruc ture and highlights the critical network dynamics at play in open-source software development. These insights pave the way for further research on mitigating potential vulnerabilities and im proving the resilience of software dependency networks. 2025-03-20T11:13:34Z 2025-03-20T11:13:34Z 2024 2025-03-20T11:09:57Z Thesis / Dissertation Masters MCom http://hdl.handle.net/11427/41222 en eng application/pdf School of Economics Faculty of Commerce University of Cape Town |
| spellingShingle | economics Oldnall, Emilie-Rose The web of dependencies a complex network analysis of the NPM |
| thesis_degree_str | Master's |
| title | The web of dependencies a complex network analysis of the NPM |
| title_full | The web of dependencies a complex network analysis of the NPM |
| title_fullStr | The web of dependencies a complex network analysis of the NPM |
| title_full_unstemmed | The web of dependencies a complex network analysis of the NPM |
| title_short | The web of dependencies a complex network analysis of the NPM |
| title_sort | web of dependencies a complex network analysis of the npm |
| topic | economics |
| url | http://hdl.handle.net/11427/41222 |
| work_keys_str_mv | AT oldnallemilierose thewebofdependenciesacomplexnetworkanalysisofthenpm AT oldnallemilierose webofdependenciesacomplexnetworkanalysisofthenpm |