| Title | Watchman: Monitoring Dependency Conflicts for Python Library Ecosystem |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Wang, Y., Wen, M., Liu, Y., Wang, Y., Li, Z., Wang, C., Yu, H., Cheung, S.-C., Xu, C., Zhu, Z. |
| Conference Name | 2020 IEEE/ACM 42nd International Conference on Software Engineering (ICSE) |
| Keywords | Automation, compositionality, Cyber Dependencies, dependency conflicts, Ecosystems, human factors, Libraries, Metrics, Monitoring, pubcrawl, python, Resiliency, Scalability, software ecosystem, software engineering, Tools |
| Abstract | The PyPI ecosystem has indexed millions of Python libraries to allow developers to automatically download and install dependencies of their projects based on the specified version constraints. Despite the convenience brought by automation, version constraints in Python projects can easily conflict, resulting in build failures. We refer to such conflicts as Dependency Conflict (DC) issues. Although DC issues are common in Python projects, developers lack tool support to gain a comprehensive knowledge for diagnosing the root causes of these issues. In this paper, we conducted an empirical study on 235 real-world DC issues. We studied the manifestation patterns and fixing strategies of these issues and found several key factors that can lead to DC issues and their regressions. Based on our findings, we designed and implemented Watchman, a technique to continuously monitor dependency conflicts for the PyPI ecosystem. In our evaluation, Watchman analyzed PyPI snapshots between 11 Jul 2019 and 16 Aug 2019, and found 117 potential DC issues. We reported these issues to the developers of the corresponding projects. So far, 63 issues have been confirmed, 38 of which have been quickly fixed by applying our suggested patches. |
| DOI | 10.1145/3377811.3380426 |
| Citation Key | wang_watchman_2020 |
Watchman: Monitoring Dependency Conflicts for Python Library Ecosystem