- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- What about our bug? : a study on the responsiveness...
Open Collections
UBC Theses and Dissertations
UBC Theses and Dissertations
What about our bug? : a study on the responsiveness of package maintainers in the node package manager (npm) ecosystem Saeidi, Mohammadreza
Abstract
The Node Package Manager (npm) ecosystem is foundational to modern JavaScript development, enabling developers to rapidly build software by leveraging a vast array of third-party packages. However, this heavy reliance also introduces critical risks, particularly when bugs in upstream packages cascade down the dependency chain, affecting numerous downstream projects. This thesis investigates how maintainers of the 500 most depended-upon npm packages handle bug reports submitted by downstream developers. We adopt a mixed-methods approach to answer three research questions. First, we manually analyze 1,729 bug report issues to assess maintainer responsiveness and develop a taxonomy of reasons why certain bugs remain unresolved. Our manual classification reveals that while most upstream developers are responsive, some bugs remain unaddressed due to contributor practices, dependency boundaries, library-specific standards, and lack of engagement from upstream developers. To scale the analysis, we evaluate the use of instruction-tuned Large Language Models (LLMs) in a zero-shot setting. Using a manually labeled ground truth dataset, we assess the effectiveness of LLMs in classifying issues as bug reports, determining maintainer responsiveness, and classifying unresolved bug reports. Our results show that LLMs can accurately replicate human classification, enabling large-scale analysis across 47,883 GitHub issues. The automated approach calculated a median per-package responsiveness ratio of 72%, further confirming that the majority of maintainers are actively addressing reported bugs. Finally, we conduct a regression analysis to explore the relationship between maintainer responsiveness and package popularity, as measured by monthly downloads and GitHub stars. We find a positive correlation between responsiveness and downloads, suggesting that active maintenance supports widespread adoption. However, we observe a negative correlation with GitHub stars, indicating that visibility does not necessarily imply active bug handling.
Item Metadata
Title |
What about our bug? : a study on the responsiveness of package maintainers in the node package manager (npm) ecosystem
|
Creator | |
Supervisor | |
Publisher |
University of British Columbia
|
Date Issued |
2025
|
Description |
The Node Package Manager (npm) ecosystem is foundational to modern JavaScript development, enabling developers to rapidly build software by leveraging a vast array of third-party packages. However, this heavy reliance also introduces critical risks, particularly when bugs in upstream packages cascade down the dependency chain, affecting numerous downstream projects. This thesis investigates how maintainers of the 500 most depended-upon npm packages handle bug reports submitted by downstream developers. We adopt a mixed-methods approach to answer three research questions. First, we manually analyze 1,729 bug report issues to assess maintainer responsiveness and develop a taxonomy of reasons why certain bugs remain unresolved. Our manual classification reveals that while most upstream developers are responsive, some bugs remain unaddressed due to contributor practices, dependency boundaries, library-specific standards, and lack of engagement from upstream developers.
To scale the analysis, we evaluate the use of instruction-tuned Large Language Models (LLMs) in a zero-shot setting. Using a manually labeled ground truth dataset, we assess the effectiveness of LLMs in classifying issues as bug reports, determining maintainer responsiveness, and classifying unresolved bug reports. Our results show that LLMs can accurately replicate human classification, enabling large-scale analysis across 47,883 GitHub issues. The automated approach calculated a median per-package responsiveness ratio of 72%, further confirming that the majority of maintainers are actively addressing reported bugs.
Finally, we conduct a regression analysis to explore the relationship between maintainer responsiveness and package popularity, as measured by monthly downloads and GitHub stars. We find a positive correlation between responsiveness and downloads, suggesting that active maintenance supports widespread adoption. However, we observe a negative correlation with GitHub stars, indicating that visibility does not necessarily imply active bug handling.
|
Genre | |
Type | |
Language |
eng
|
Date Available |
2025-07-23
|
Provider |
Vancouver : University of British Columbia Library
|
Rights |
Attribution-NonCommercial-NoDerivatives 4.0 International
|
DOI |
10.14288/1.0449470
|
URI | |
Degree (Theses) | |
Program (Theses) | |
Affiliation | |
Degree Grantor |
University of British Columbia
|
Graduation Date |
2025-09
|
Campus | |
Scholarly Level |
Graduate
|
Rights URI | |
Aggregated Source Repository |
DSpace
|
Item Media
Item Citations and Data
Rights
Attribution-NonCommercial-NoDerivatives 4.0 International