Have you ever had to deal with an abandoned open source dependency? Do you maintain at least one JavaScript npm project? If so, lets talk!
We are a group of researchers from Carnegie Mellon University interested in dependency management in the context of open source sustainability, particularly how maintainers deal with dependencies that no longer receive updates or maintenance. We are also part of the Secure Software Supply Chain Center, a multi-institution research enterprise with the goal of securing the software supply chain.
The interviews would be
- fully anonymous, at most, short anonymized quotes from the interview would be published.
- take no more than 45 minutes.
Sign up for an interview with us or reach out through email if you have any questions!
About This Study
This study aims to undestand how the context of a project’s dependency usage effects whether that dependency’s abandonment would be impactful. With this knowledge, we will operationalize a heuristic to approximate whether a dependency’s abandonment would likley be impactful to a project based on the context of the project’s dependency usage that can then be used to create a tool to support automated tailed notifications about dependency abandonment that minimizes tool-related notification fatigue.
Motivation
From our previous work on the processes used and challenged faced by developers dealing with open source dependency abandonment, we learned that dependency abandonment is an issue developers often struggle with when they face it. Identifying abandonment often requires manual investigation and non-trivial time and effort investments. We also learned in our recently published work that dependency abandonment is a prevalent issue many developers have to face, and that while response rates are low, there are opportunities to support timley downstream responses, e.g., adding notice to top of README to make abandonment status more transparent. We are now interested in helping developers who face dependency abandonment by improving the processes used to identify dependency abandonment.
Interview Participation
We are looking for developers with experience facing open source dependency abandonment who maintain a javascript npm project they can discuss in a (fully anonymized) need-finding interview.
The interviews will take no more than 45 minutes and will include questions about how the project’s usage of various dependencies affects the potential impact of their abandonment on the project. In the interviews we will also elicit design requirements and information needs for a tool to help support the automated identification of abandoned dependencies.
Participants will be offered a $20 Amazon gift card as compensation for their time, and must be 18 years or older to participate.
Research Questions
In this study, we will answer the following research questions:
- How does the context of a project’s dependency usage effect whether that dependency’s abandonment would be impactful?
- How well can we approximate whether a dependency’s abandonment would be impactful to a project using an operationalized heuristic based on the context of the project’s dependency usage?
- What factors influence when a project would want to be made aware of a dependency’s activity-based abandonment? Specifically focused on the context of their dependency usage.
- What are the information and design requirements for a prototype tool to automatically identify dependency abandonment?
Data Handling
We value and appreciate your contribution in our study and are committed to maintaining your privacy and confidentiality of all data you provide. We will only use short quotes from the interviews in our publication with your approval, and will make sure that you cannot be identified from our reporting.
We would like to analyze interview transcripts, for which we would collect the following data:
- A recording of your interview, which would be destroyed after transcription (likely a few days after the interview)
- A fully anonymized and de-identified transcript of the interview, which would be destroyed after completion of our research (likely a few months after the interview)
During the study, data access is restricted to a small number of trained researchers. All data will be handled according to the approved IRB process.
Researchers
| Courtney Miller | PhD Student (Carnegie Mellon University) |
| Hao He | PhD Student (Carnegie Mellon University) |
| Bogdan Vasilescu | Associate Professor (Carnegie Mellon University) |
| Christian Kästner | Associate Professor (Carnegie Mellon University) |