papers.md

Academic papers related to package management and package ecosystems

(Technical) papers about the design of package managers

Papers presenting specific package managers

• (1993) LUDE: A Distributed Software Library
• (1993) The Comprehensive TeX Archive Network
• (2004) Nix: A Safe and Policy-Free System for Software Deployment
• (2007) An adaptive package management system for Scheme
• (2007) OPIUM: Optimal Package Install/Uninstall Manager
• (2008) NixOS: a purely functional Linux distribution
• (2012) The Comprehensive R Archive Network
• (2012) EasyBuild: Building Software With Ease
• (2013) Possible directions for improving dependency versioning in R
• (2014) maintaineR: A web-based dashboard for maintainers of CRAN packages
• (2015) The Spack Package Manager: Bringing Order to HPC Software Chaos
• (2017) SPAM: a Secure Package Manager

Technical comparisons of existing package managers

• (2008) A Look In the Mirror: Attacks on Package Managers

General design papers (including papers with prototype package managers)

• (2006) Managing the Complexity of Large Free and Open Source Package-Based Software Distributions
• (2009) Package upgrades in FOSS distributions: details and challenges
• (2011) Toward Decentralized Package Management
• (2011) MPM: a modular package manager
• (2012) Dependency solving: a separate concern in component evolution management
• (2013) A modular package manager architecture
• (2013) On software component co-installability
• (2014) Towards efficient optimization in package management systems
• (2018) Automatic Software Dependency Management using Blockchain
• (2018) PubGrub: Next-Generation Version Solving
• (2018) Contour: A Practical System for Binary Transparency
• (2018) Change Impact Analysis for Package Management Systems

Papers studying package ecosystems

Papers studying / comparing multiple package ecosystems

• (2012) Why do software packages conflict?
• (2015) Mining component repositories for installability issues
• (2015) When It Breaks, It Breaks: How Ecosystem Developers Reason about the Stability of Dependencies
• (2016) How to Break an API: Cost Negotiation and Community Values in Three Software Ecosystems
• (2016) An ecosystemic and socio-technical view on software maintenance and evolution
• (2016) On the topology of package dependency networks: a comparison of three programming language ecosystems
• (2017) Structure and Evolution of Package Dependency Networks
• (2017) An Empirical Comparison of Developer Retention in the RubyGems and npm Software Ecosystems
• (2017) Culture and Breaking Change: A Survey of Values and Practices in 18 Open Source Software Ecosystems
• (2017) An Empirical Comparison of Dependency Network Evolution in Seven Software Packaging Ecosystems
• (2018) A generalized model for visualizing library popularity, adoption, and diffusion within a software ecosystem
• (2019) Dependency versioning in the wild
• (2019) What do package dependencies tell us about semantic versioning?

Papers on the Apache ecosystem

• (2013) The Evolution of Project Inter-dependencies in a Software Ecosystem: The Case of Apache
• (2015) How the Apache community upgrades dependencies: an evolutionary study

Papers on the Debian ecosystem

• (2011) Influences on developer participation in the Debian software ecosystem
• (2015) A historical analysis of Debian package incompatibilities

Papers on the Java / Maven ecosystem

• (2017) An Exploratory Study on Library Aging by Monitoring Client Usage in a Software Ecosystem
• (2018) Do developers update their library dependencies?
• (2019) The emergence of software diversity in maven central

Papers on the Javascript / Node.js / npm ecosystem

• (2016) A look at the dynamics of the JavaScript package ecosystem
• (2017) Why Do Developers Use Trivial Packages? An Empirical Case Study on npm
• (2018) On the evolution of technical lag in the npm package dependency network
• (2018) On the impact of security vulnerabilities in the npm package dependency network
• (2018) Towards Smoother Library Migrations: A Look at Vulnerable Dependency Migrations at Function Level for npm JavaScript Packages
• (2019) On the diversity of software package popularity metrics: An empirical study of npm
• (2019) Small World with High Risks: A Study of Security Threats in the npm Ecosystem

Papers on the Pharo ecosystem

• (2011) A study of ripple effects in software ecosystems
• (2015) How do developers react to API evolution? The Pharo ecosystem case
• (2018) How do developers react to API evolution? A large-scale empirical study

Papers on the Python / PyPI ecosystem

• (2018) Ecosystem-Level Determinants of Sustained Activity in Open-Source Projects: A Case Study of the PyPI Ecosystem
• (2019) An Empirical Analysis of the Python Package Index (PyPI)

Papers on the R / CRAN ecosystem

• (2012) Are There Too Many R Packages?
• (2013) The Evolution of the R Software Ecosystem
• (2014) On the Maintainability of CRAN Packages
• (2015) On the Development and Distribution of R Packages: An Empirical Analysis of the R Ecosystem
• (2016) When GitHub meets CRAN: An analysis of inter-repository package dependency problems

Papers on the Ruby ecosystem

• (2011) Steering insight: An exploration of the ruby software ecosystem
• (2017) Socio-technical evolution of the Ruby ecosystem in GitHub

Papers on other specific ecosystems

• (2012) How do developers react to API deprecation? The case of a Smalltalk ecosystem
• (2018) On the use of package managers by the C++ open-source community
• (2019) Release synchronization in software ecosystems

Miscellaneous papers (on themes related to package management)

• (1984) Reflections on Trusting Trust
• (1997) Software engineering with reusable components
• (2019) A method to generate traverse paths for eliciting missing requirements