{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,22]],"date-time":"2026-01-22T08:52:15Z","timestamp":1769071935763,"version":"3.49.0"},"reference-count":56,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2023,1,31]],"date-time":"2023-01-31T00:00:00Z","timestamp":1675123200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Softw. Eng. Methodol."],"published-print":{"date-parts":[[2023,1,31]]},"abstract":"<jats:p>\n            Dependency management bots are increasingly being used to support the software development process, for example, to automatically update a dependency when a new version is available. Yet, human intervention is often required to either accept or reject any action or recommendation the bot creates. In this article, our objective is to study the extent to which dependency management bots create additional, and sometimes unnecessary, work for their users. To accomplish this, we analyze 93,196 issue reports opened by\n            <jats:sans-serif>Greenkeeper<\/jats:sans-serif>\n            , a popular dependency management bot used in open source software projects in the\n            <jats:sans-serif>npm<\/jats:sans-serif>\n            ecosystem. We find that\n            <jats:sans-serif>Greenkeeper<\/jats:sans-serif>\n            is responsible for half of all issues reported in client projects, inducing a significant amount of overhead that must be addressed by clients, since many of these issues were created as a result of\n            <jats:sans-serif>Greenkeeper<\/jats:sans-serif>\n            taking incorrect action on a dependency update (i.e., false alarms). Reverting a broken dependency update to an older version, which is a potential solution that requires the least overhead and is automatically attempted by\n            <jats:sans-serif>Greenkeeper<\/jats:sans-serif>\n            , turns out to not be an effective mechanism. Finally, we observe that 56% of the commits referenced by\n            <jats:sans-serif>Greenkeeper<\/jats:sans-serif>\n            issue reports only change the client\u2019s dependency specification file to resolve the issue. Based on our findings, we argue that dependency management bots should (i) be configurable to allow clients to reduce the amount of generated activity by the bots, (ii) take into consideration more sources of information than only the pass\/fail status of the client\u2019s build pipeline to help eliminate false alarms, and (iii) provide more effective incentives to encourage clients to resolve dependency issues.\n          <\/jats:p>","DOI":"10.1145\/3522587","type":"journal-article","created":{"date-parts":[[2022,4,30]],"date-time":"2022-04-30T11:15:52Z","timestamp":1651317352000},"page":"1-40","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":12,"title":["There\u2019s no Such Thing as a Free Lunch: Lessons Learned from Exploring the Overhead Introduced by the Greenkeeper Dependency Bot in Npm"],"prefix":"10.1145","volume":"32","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-5947-2684","authenticated-orcid":false,"given":"Benjamin","family":"Rombaut","sequence":"first","affiliation":[{"name":"Software Analysis and Intelligence Lab (SAIL) at Queen\u2019s University, Kingston, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5494-685X","authenticated-orcid":false,"given":"Filipe R.","family":"Cogo","sequence":"additional","affiliation":[{"name":"Centre for Software Excellence (CSE) at Huawei, Kingston, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bram","family":"Adams","sequence":"additional","affiliation":[{"name":"Lab on Maintenance, Construction, and Intelligence of Software (MCIS) at Queen\u2019s University, Kingston, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ahmed E.","family":"Hassan","sequence":"additional","affiliation":[{"name":"Software Analysis and Intelligence Lab (SAIL) at Queen\u2019s University, Kingston, Canada"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2023,2,13]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/3106237.3106267"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-019-09792-9"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR52588.2021.00037"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1111\/opo.12131"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1080\/01621459.1972.10481279"},{"key":"e_1_3_2_7_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASEW.2015.21"},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2950325"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2016.31"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330249"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2018.8330214"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1145\/3387940.3391506"},{"key":"e_1_3_2_13_2","volume-title":"Ordinal Methods for Behavioral Data Analysis.","author":"Cliff Norman","year":"1996","unstructured":"Norman Cliff. 1996. Ordinal Methods for Behavioral Data Analysis.Lawrence Erlbaum Associates, Inc, Hillsdale, NJ. Pages: xiii, 197."},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2952130"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1177\/001316446002000104"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2015.140"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2019.2918315"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1109\/SANER.2017.7884604"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2018.00050"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1109\/MSR.2019.00061"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.pubrev.2012.01.003"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1109\/PACIFICVIS.2017.8031598"},{"key":"e_1_3_2_23_2","doi-asserted-by":"publisher","DOI":"10.1109\/BotSE.2019.00009"},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICST.2017.28"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1177\/001316447303300309"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1145\/3236024.3275535"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2018.2838131"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-57735-7_17"},{"key":"e_1_3_2_29_2","article-title":"Dependency smells in javascript projects","author":"Jafari Abbas Javan","year":"2021","unstructured":"Abbas Javan Jafari, Diego Elias Costa, Rabe Abdalkareem, Emad Shihab, and Nikolaos Tsantalis. 2021. Dependency smells in javascript projects. IEEE Transactions on Software Engineering (2021). DOI:10.1109\/TSE.2021.3106247.","journal-title":"IEEE Transactions on Software Engineering"},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.infsof.2015.02.014"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1007\/s10664-017-9521-5"},{"key":"e_1_3_2_32_2","doi-asserted-by":"publisher","DOI":"10.2307\/2529310"},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/BotSE.2019.00008"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1145\/3213846.3213857"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1145\/2818052.2869117"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1145\/2020390.2020401"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/3359174"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.4230\/LIPICS.ECOOP.2018.7"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2017.8115621"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.1145\/3379597.3387476"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSM.1998.738486"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1145\/3428255"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1145\/3338906.3338940"},{"key":"e_1_3_2_44_2","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2005.1553571"},{"key":"e_1_3_2_45_2","first-page":"12","article-title":"Semantic patches for adaptation of javascript programs to evolving libraries","author":"Nielsen Benjamin Barslev","year":"2021","unstructured":"Benjamin Barslev Nielsen, Martin Toldam Torp, and Anders M\u00f8ller. 2021. Semantic patches for adaptation of javascript programs to evolving libraries. In Proceedings of the 43rd International Conference on Software Engineering (2021), 12.","journal-title":"Proceedings of the 43rd International Conference on Software Engineering"},{"key":"e_1_3_2_46_2","doi-asserted-by":"publisher","DOI":"10.1109\/SCAM.2014.30"},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2016.04.008"},{"key":"e_1_3_2_48_2","unstructured":"Jeanine Romano and Jeffrey Kromrey. 2006. Appropriate statistics for ordinal level data: Should we really be using t-test and cohen\u2019s d for evaluating group differences on the NSSE and other surveys? In Proceedings of the Annual Meeting of the Florida Association of Institutional Research (2006)."},{"key":"e_1_3_2_49_2","unstructured":"Benjamin Rombaut Filipe R. Cogo Bram Adams and Ahmed E. Hassan. 2022. Greenkeeper Overhead - Online Appendix. (Feb.2022). Retrieved from https:\/\/github.com\/SAILResearch\/suppmaterial-22-ben-greenkeeper-overhead."},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1093\/ptj\/85.3.257"},{"key":"e_1_3_2_51_2","doi-asserted-by":"publisher","DOI":"10.1145\/2950290.2983989"},{"key":"e_1_3_2_52_2","doi-asserted-by":"publisher","DOI":"10.1145\/3368089.3418539"},{"key":"e_1_3_2_53_2","doi-asserted-by":"publisher","DOI":"10.1145\/3274451"},{"key":"e_1_3_2_54_2","doi-asserted-by":"publisher","DOI":"10.1145\/3387940.3391504"},{"key":"e_1_3_2_55_2","doi-asserted-by":"publisher","DOI":"10.1145\/2901739.2901743"},{"key":"e_1_3_2_56_2","first-page":"6","article-title":"Bots don\u2019t mind waiting, do they? Comparing the interaction with automatically and manually created pull requests","author":"Wyrich Marvin","year":"2021","unstructured":"Marvin Wyrich, Raoul Ghit, Tobias Haller, and Christian M\u00fcller. 2021. Bots don\u2019t mind waiting, do they? Comparing the interaction with automatically and manually created pull requests. Proceedings of the 3rd International Workshop on Bots in Software Engineering (BotSE\u201921), 6\u201310. arXiv: 2103.03591. 10.1109\/BotSE52550.2021.00009.","journal-title":"Proceedings of the 3rd International Workshop on Bots in Software Engineering (BotSE\u201921)"},{"key":"e_1_3_2_57_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-90421-4_6"}],"container-title":["ACM Transactions on Software Engineering and Methodology"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3522587","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3522587","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T18:09:33Z","timestamp":1750183773000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3522587"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,1,31]]},"references-count":56,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,1,31]]}},"alternative-id":["10.1145\/3522587"],"URL":"https:\/\/doi.org\/10.1145\/3522587","relation":{},"ISSN":["1049-331X","1557-7392"],"issn-type":[{"value":"1049-331X","type":"print"},{"value":"1557-7392","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,1,31]]},"assertion":[{"value":"2021-09-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-02-24","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2023-02-13","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}