TY - GEN
T1 - On the Instability of Software Dependency Graphs
T2 - 2025 IEEE International Conference on Emerging Technologies and Computing, IC_ETC 2025
AU - Hinge, Divya
AU - Deo, Soham
AU - Alomar, Eman Abdullah
AU - Chaaben, Amal
AU - Mkaouer, Mohamed Wiem
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - The widespread use of third-party libraries is a cornerstone of modern software development, with Maven Central serving as a critical repository for managing dependencies. This paper examines the relationships between artifacts, their releases, and dependencies within the Maven Central ecosystem, focusing on popular libraries with high influence. The Neo4jbased dataset containing 658,078 artifacts, 14,459,139 releases, and 44,035,495 added values was analyzed, identifying trends in artifact popularity, stability, and vulnerability. Instability metrics and dependency relationships were explored to assess adherence to design principles. In addition, the impact of critical vulnerabilities on ecosystem health was evaluated, demonstrating their adverse effects on dependent libraries. This study underscores the importance of stability, proactive vulnerability management, and robust dependency practices to ensure the resilience of Maven Central and its role in software development.
AB - The widespread use of third-party libraries is a cornerstone of modern software development, with Maven Central serving as a critical repository for managing dependencies. This paper examines the relationships between artifacts, their releases, and dependencies within the Maven Central ecosystem, focusing on popular libraries with high influence. The Neo4jbased dataset containing 658,078 artifacts, 14,459,139 releases, and 44,035,495 added values was analyzed, identifying trends in artifact popularity, stability, and vulnerability. Instability metrics and dependency relationships were explored to assess adherence to design principles. In addition, the impact of critical vulnerabilities on ecosystem health was evaluated, demonstrating their adverse effects on dependent libraries. This study underscores the importance of stability, proactive vulnerability management, and robust dependency practices to ensure the resilience of Maven Central and its role in software development.
KW - CVE
KW - Dependency
KW - Maven Central
UR - https://www.scopus.com/pages/publications/105017622451
UR - https://www.scopus.com/pages/publications/105017622451#tab=citedBy
U2 - 10.1109/IC_ETC65981.2025.11141182
DO - 10.1109/IC_ETC65981.2025.11141182
M3 - Conference contribution
AN - SCOPUS:105017622451
T3 - Proceedings - 2025 IEEE International Conference on Emerging Technologies and Computing, IC_ETC 2025
BT - Proceedings - 2025 IEEE International Conference on Emerging Technologies and Computing, IC_ETC 2025
Y2 - 23 June 2025 through 26 June 2025
ER -