Software ecosystems, such as npm, Maven, and PyPI, have completely changed how we develop software. By providing a platform of reusable libraries and packages, software ecosystems have enabled developers to write less code, increasing productivity and improving the quality of delivered software. However, this level of code reuse has created significant challenges in software maintenance: developers struggle to select well-maintained libraries among the myriad of options, dependency maintenance issues abound, and vulnerable dependencies are widespread, risking the integrity of delivered software.
In this talk, I will present the challenges of dependency management in the era of software ecosystems, how my past research has contributed to the field and my vision for a more transparent and proactive approach to dependency management.
Diego Elias Costa is an Assistant Professor in the Department of Computer Science at the Université du Québec à Montréal (UQAM), Canada. Prior to his position at UQAM, Diego was a Postdoctoral Researcher at Concordia University and earned his Ph.D. in Computer Science from Heidelberg University, Germany. His research interests cover various software engineering topics, including dependency management, performance testing, and engineering AI systems. His work has been published in major journals such as TSE, EMSE, and TOSEM, and at premier venues such as ICSE, ASE, and ICSE. You can find more about him at https://diegoeliascosta.github.io/.