Dependency Smells in JavaScript Projects

Dependency management in modern software development poses many challenges for developers who wish to stay up date with the latest features and fixes whilst ensuring backwards compatibility. Project maintainers have opted varied, sometimes conflicting, approaches maintaining their dependencies. Opting unsuitable can introduce bugs vulnerabilities into project, breaking changes, cause extraneous installations, reduce dependency understandability, making it harder others contribute effectively. In this paper, we empirically examine evidence of recurring issues (dependency smells). We look at commit data a dataset 1,146 active JavaScript repositories catalog, quantify understand smells. Through series surveys practitioners, identify seven smells varying degrees popularity investigate why they are introduced throughout project history. Our findings indicate that prevalent projects two or more distinct appearing 80% projects, but generally infect minority project's observations show number tend increase over time. Practitioners agree bring about problems including security threats, bugs, breakage, runtime errors, other maintenance issues. These as react misbehaviour shortcomings npm ecosystem.