{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,25]],"date-time":"2026-02-25T17:10:54Z","timestamp":1772039454770,"version":"3.50.1"},"reference-count":34,"publisher":"Wiley","issue":"8","license":[{"start":{"date-parts":[[2019,3,19]],"date-time":"2019-03-19T00:00:00Z","timestamp":1552953600000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/onlinelibrary.wiley.com\/termsAndConditions#vor"}],"funder":[{"name":"Fonds de Recherche du Qu\u00e9bec - Sant\u00e9 and Fonds de recherche du Qu\u00e9bec - Nature et technologies","award":["R.60.04.18.F"],"award-info":[{"award-number":["R.60.04.18.F"]}]},{"name":"Fonds Wetenschappelijk Onderzoek and Fondation National de Recherche Scientique - Fonds de Recherche Scientifique","award":["30446992"],"award-info":[{"award-number":["30446992"]}]},{"DOI":"10.13039\/100010665","name":"H2020 Marie Sk\u0142odowska-Curie Actions","doi-asserted-by":"crossref","award":["642954"],"award-info":[{"award-number":["642954"]}],"id":[{"id":"10.13039\/100010665","id-type":"DOI","asserted-by":"crossref"}]}],"content-domain":{"domain":["onlinelibrary.wiley.com"],"crossmark-restriction":true},"short-container-title":["J Software Evolu Process"],"published-print":{"date-parts":[[2019,8]]},"abstract":"<jats:title>Abstract<\/jats:title><jats:p>Reusable Open Source Software (OSS) components for major programming languages are available in package repositories. Developers rely on package management tools to automate deployments, specifying which package releases satisfy the needs of their applications. However, these specifications may lead to deploying package releases that are outdated, or otherwise undesirable, because they do not include bug fixes, security fixes, or new functionality. In contrast, automatically updating to a more recent release may introduce incompatibility issues. To capture this delicate balance, we formalise a generic model of <jats:italic>technical lag<\/jats:italic>, a concept that quantifies to which extent a deployed collection of components is outdated, with respect to the <jats:italic>ideal<\/jats:italic> deployment. We operationalise this model for the <jats:styled-content>npm<\/jats:styled-content> package manager. We empirically analyze the history of package update practices and technical lag for more than 500<jats:italic>K<\/jats:italic> packages with about 4<jats:italic>M<\/jats:italic> package releases over a seven\u2010year period. We consider both development and runtime dependencies, and study both direct and transitive dependencies. We also analyze the technical lag of external <jats:styled-content>GitHub<\/jats:styled-content> applications depending on <jats:styled-content>npm<\/jats:styled-content> packages. We report our findings, suggesting the need for more awareness of, and integrated tool support for, controlling technical lag in software libraries.<\/jats:p>","DOI":"10.1002\/smr.2157","type":"journal-article","created":{"date-parts":[[2019,3,20]],"date-time":"2019-03-20T04:27:41Z","timestamp":1553056061000},"update-policy":"https:\/\/doi.org\/10.1002\/crossmark_policy","source":"Crossref","is-referenced-by-count":37,"title":["A formal framework for measuring technical lag in component repositories \u2014 and its application to npm"],"prefix":"10.1002","volume":"31","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2676-3730","authenticated-orcid":false,"given":"Ahmed","family":"Zerouali","sequence":"first","affiliation":[{"name":"GSyC\/LibreSoft Universidad Rey Juan Carlos  Madrid Spain"},{"name":"Software Engineering Lab University of Mons  Mons Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3636-5020","authenticated-orcid":false,"given":"Tom","family":"Mens","sequence":"additional","affiliation":[{"name":"Software Engineering Lab University of Mons  Mons Belgium"}]},{"given":"Jesus","family":"Gonzalez\u2010Barahona","sequence":"additional","affiliation":[{"name":"GSyC\/LibreSoft Universidad Rey Juan Carlos  Madrid Spain"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5824-5823","authenticated-orcid":false,"given":"Alexandre","family":"Decan","sequence":"additional","affiliation":[{"name":"Software Engineering Lab University of Mons  Mons Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4242-2581","authenticated-orcid":false,"given":"Eleni","family":"Constantinou","sequence":"additional","affiliation":[{"name":"Software Engineering Lab University of Mons  Mons Belgium"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1442-6761","authenticated-orcid":false,"given":"Gregorio","family":"Robles","sequence":"additional","affiliation":[{"name":"GSyC\/LibreSoft Universidad Rey Juan Carlos  Madrid Spain"}]}],"member":"311","published-online":{"date-parts":[[2019,3,19]]},"reference":[{"key":"e_1_2_10_2_1","first-page":"1","article-title":"An empirical comparison of dependency network evolution in seven software packaging ecosystems","author":"Decan A","year":"2018","journal-title":"Empir Softw Eng"},{"key":"e_1_2_10_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/130844.130856"},{"key":"e_1_2_10_4_1","doi-asserted-by":"crossref","unstructured":"KulaRG GermanDM IshioT InoueK.Trusting a library: a study of the latency to adopt the latest Maven release. In: Int'l Conf. on Software Analysis Evolution and Reengineering;2015;Montreal QC Canada:520\u2010524.","DOI":"10.1109\/SANER.2015.7081869"},{"key":"e_1_2_10_5_1","doi-asserted-by":"crossref","unstructured":"MostafaS RodriguezR XiaoyinW.Experience paper: a study on behavioral backward incompatibilities of Java software libraries. In: Proceedings of the 26th ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA 2017). Santa Barbara CA USA;2017.","DOI":"10.1145\/3092703.3092721"},{"key":"e_1_2_10_6_1","doi-asserted-by":"crossref","unstructured":"Gonzalez\u2010BarahonaJM SherwoodP RoblesG IzquierdoD.Technical lag in software compilations: measuring how outdated a software deployment is. In: IFIP International Conference on Open Source Systems;2017;Aires Argentina:182\u2010192.","DOI":"10.1007\/978-3-319-57735-7_17"},{"key":"e_1_2_10_7_1","doi-asserted-by":"crossref","unstructured":"CoxJ BouwersE van\u00a0EekelenM VisserJ.Measuring dependency freshness in software systems. In: International Conference on Software Engineering;2015;Florence Italy:109\u2010118.","DOI":"10.1109\/ICSE.2015.140"},{"key":"e_1_2_10_8_1","doi-asserted-by":"crossref","unstructured":"ZeroualiA ConstantinouE MensT RoblesG Gonz\u00e1lez\u2010BarahonaJ.An empirical analysis of technical lag in npm package dependencies. In: International Conference on Software Reuse.Springer;2018:95\u2010110. Madrid Spain.","DOI":"10.1007\/978-3-319-90421-4_6"},{"key":"e_1_2_10_9_1","doi-asserted-by":"crossref","unstructured":"DecanA MensT ConstantinouE.On the evolution of technical lag in the npm package dependency network. In: International Conference on Software Maintenance and Evolution.IEEE;2018;Madrid Spain.","DOI":"10.1109\/ICSME.2018.00050"},{"key":"e_1_2_10_10_1","doi-asserted-by":"publisher","DOI":"10.1023\/A:1018964121953"},{"key":"e_1_2_10_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.663784"},{"key":"e_1_2_10_12_1","unstructured":"BohnerSA.Extending software change impact analysis into COTS components. In: 27th annual NASA Software engineering workshop.IEEE;2002:175\u2010182."},{"key":"e_1_2_10_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2005.85"},{"key":"e_1_2_10_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-008-9100-x"},{"key":"e_1_2_10_15_1","doi-asserted-by":"crossref","unstructured":"AbateP Di\u00a0CosmoR BoenderJ ZacchiroliS.Strong dependencies between software components. In: International Symposium on Empirical Software Engineering and Measurement. Florida USA:IEEE Computer Society;2009:89\u201099.","DOI":"10.1109\/ESEM.2009.5316017"},{"key":"e_1_2_10_16_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2012.02.018"},{"key":"e_1_2_10_17_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.scico.2013.06.007"},{"key":"e_1_2_10_18_1","doi-asserted-by":"crossref","unstructured":"MilevaYM DallmeierV BurgerM ZellerA.Mining trends of library usage. In: International Workshop on Principles of Software Evolution.ACM; Amsterdam The Netherlands: ACM;2009:57\u201062.","DOI":"10.1145\/1595808.1595821"},{"key":"e_1_2_10_19_1","doi-asserted-by":"crossref","unstructured":"RaemaekersS DeursenA VisserJ.Semantic versioning versus breaking changes: a study of the Maven repository. In: International Conference on Source Code Analysis and Manipulation;2014;Victoria BC Canada:215\u2010224.","DOI":"10.1109\/SCAM.2014.30"},{"key":"e_1_2_10_20_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"e_1_2_10_21_1","doi-asserted-by":"crossref","unstructured":"MachoC McIntoshS PinzgerM.Automatically repairing dependency\u2010related build breakage. In: International Conference on Software Analysis Evolution and Reengineering.IEEE;2018;Campobasso Italy:106\u2010117.","DOI":"10.1109\/SANER.2018.8330201"},{"key":"e_1_2_10_22_1","doi-asserted-by":"crossref","unstructured":"DecanA MensT ClaesM.An empirical comparison of dependency issues in OSS packaging ecosystems. In: International Conference on Software Analysis Evolution and Reengineering. Klagenfurt Austria:IEEE;2017:2\u201012.","DOI":"10.1109\/SANER.2017.7884604"},{"key":"e_1_2_10_23_1","doi-asserted-by":"crossref","unstructured":"AbdalkareemR NourryO WehaibiS MujahidS ShihabE.Why do developers use trivial packages? An empirical case study on npm. In: International Symposium on Foundations of Software Engineering.ACM;2017:385\u2010395.","DOI":"10.1145\/3106237.3106267"},{"key":"e_1_2_10_24_1","doi-asserted-by":"crossref","unstructured":"LauingerT ChaabaneA ArshadS RobertsonW WilsonC KirdaE.Thou shalt not depend on me: analysing the use of outdated JavaScript libraries on the Web. In: NDSS Symposium;2017;San Diego CA USA.","DOI":"10.14722\/ndss.2017.23414"},{"key":"e_1_2_10_25_1","doi-asserted-by":"crossref","unstructured":"DecanA MensT ConstantinouE.On the impact of security vulnerabilities in the npm package dependency network. In: International Conference on Mining Software Repositories; Gothenburg Sweden;2018.","DOI":"10.1145\/3196398.3196401"},{"key":"e_1_2_10_26_1","doi-asserted-by":"crossref","unstructured":"BogartC K\u00e4stnerC HerbslebJ ThungF.How to break an API: cost negotiation and community values in three software ecosystems. In: Int'l Symp. Foundations of Software Engineering.ACM;2016;Singapore:109\u2010120.","DOI":"10.1145\/2950290.2950325"},{"key":"e_1_2_10_27_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11334-017-0303-4"},{"key":"e_1_2_10_28_1","doi-asserted-by":"crossref","unstructured":"TrockmanA ZhouS K\u00e4stnerC VasilescuB.Adding sparkle to social coding: an empirical study of repository badges in the npm ecosystem. In: Proceedings of the 40th International Conference on Software Engineering.ACM;2018;Gothenburg Sweden:511\u2010522.","DOI":"10.1145\/3183440.3190335"},{"key":"e_1_2_10_29_1","unstructured":"KulaRG OuniA GermanDM InoueK.On the impact of micro\u2010packages: an empirical study of the npm JavaScript ecosystem. arXiv preprint arXiv:1709.04638;2017."},{"key":"e_1_2_10_30_1","unstructured":"NesbittA NickollsB.Libraries.io open source repository and dependency metadata (version 1.2.0). [Data set] Zenodo;2018."},{"key":"e_1_2_10_31_1","unstructured":"BogartC FilippovaA K\u00e4stnerC HerbslebJ.Survey of ecosystem values.http:\/\/doi.org\/breakingapis.org\/survey\/accessed: 28\/10\/2017;2017."},{"key":"e_1_2_10_32_1","doi-asserted-by":"crossref","unstructured":"BogartC K\u00e4stnerC HerbslebJ.When it breaks it breaks: how ecosystem developers reason about the stability of dependencies. In: Automated Software Engineering Workshop.IEEE;2015;Lincoln NE USA:86\u201089.","DOI":"10.1109\/ASEW.2015.21"},{"key":"e_1_2_10_33_1","unstructured":"MezzettiG MollerA TorpMT.Type regression testing to detect breaking changes in node. js Libraries. In: European Conference on Object\u2010Oriented Programming (ECOOP). Amsterdam The Netherlands;2018."},{"key":"e_1_2_10_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACCESS.2017.2682323"},{"key":"e_1_2_10_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/2522920.2522927"}],"container-title":["Journal of Software: Evolution and Process"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.wiley.com\/onlinelibrary\/tdm\/v1\/articles\/10.1002%2Fsmr.2157","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/smr.2157","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/full-xml\/10.1002\/smr.2157","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/pdf\/10.1002\/smr.2157","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,9,2]],"date-time":"2023-09-02T19:48:21Z","timestamp":1693684101000},"score":1,"resource":{"primary":{"URL":"https:\/\/onlinelibrary.wiley.com\/doi\/10.1002\/smr.2157"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2019,3,19]]},"references-count":34,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2019,8]]}},"alternative-id":["10.1002\/smr.2157"],"URL":"https:\/\/doi.org\/10.1002\/smr.2157","archive":["Portico"],"relation":{},"ISSN":["2047-7473","2047-7481"],"issn-type":[{"value":"2047-7473","type":"print"},{"value":"2047-7481","type":"electronic"}],"subject":[],"published":{"date-parts":[[2019,3,19]]},"assertion":[{"value":"2018-09-17","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-01-27","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2019-03-19","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}],"article-number":"e2157"}}