SlideShare a Scribd company logo

A deep dive into measuring dependency freshness with lib year

M. Scott Ford, profile picture
M. Scott Ford

Scott Ford discusses measuring and improving dependency freshness in software projects. He introduces LibYear, a metric that quantifies how out of date a project's dependencies are by calculating the number of years between the latest and current version of each dependency. Automated tools like Freshli and PySpider can compute LibYear over time to identify trends and prioritize which outdated dependencies to upgrade first. Regularly upgrading dependencies improves developer productivity, reduces security risks, and maintains customer trust.

Software
1 of 52
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
@mscottford MEASURING DEPENDENCY FRESHNESS BY M. SCOTT FORD CO-FOUNDER & CHIEF CODE WHISPERER, CORGIBYTES A DEEP DIVE INTO USING LIBYEAR
@mscottford HI.
@mscottford HI. I’M SCOTT.
@mscottford HI. I LOVE TO FIX BUGS. I’M SCOTT.
@mscottford AND DEPENDENCIES. UPGRADE
@mscottford Source: https://arstechnica.com/information-technology/2017/09/massive-equifax-breach-caused-by-failure-to-patch-two-month-old-bug/
@mscottford WHY DOES THIS HAPPEN? Photo credit: https://www.flickr.com/photos/mharrsch/402046838
@mscottford WHY DOES THIS HAPPEN? • Fear Photo credit: https://www.flickr.com/photos/mharrsch/402046838
@mscottford WHY DOES THIS HAPPEN? • Fear • Time Photo credit: https://www.flickr.com/photos/mharrsch/402046838
@mscottford WHY DOES THIS HAPPEN? • Fear • Time • Priorities Photo credit: https://www.flickr.com/photos/mharrsch/402046838
@mscottford WHY DOES THIS HAPPEN? • Fear • Time • Priorities • Perceived difficulty Photo credit: https://www.flickr.com/photos/mharrsch/402046838
@mscottford WHY DOES THIS HAPPEN? • Fear • Time • Priorities • Perceived difficulty • Invisible problem Photo credit: https://www.flickr.com/photos/mharrsch/402046838
@mscottford DEPENDENCY FRESHNESS Source: Measuring Dependency Freshness in Software Systems by J. Cox et al. (ICSE 2015), May 2015 https://ericbouwers.github.io/papers/icse15.pdf @mscottford
@mscottford IT’S LIKE BRUSHING YOUR TEETH @mscottford
@mscottford MINTY FRESH SOFTWARE @mscottford
@mscottford BRUSH YOUR TEETH Source: Measuring Dependency Freshness in Software Systems by J. Cox et al. (ICSE 2015), May 2015 https://ericbouwers.github.io/papers/icse15.pdf @mscottford OUT OF DATE DEPENDENCIES HAVE CONSEQUENCES @mscottford
@mscottford FOR DEVS @mscottford
@mscottford • Difficult to work with FOR DEVS @mscottford
@mscottford • Difficult to work with • Docs are hard to find FOR DEVS @mscottford
@mscottford • Difficult to work with • Docs are hard to find • Support is lacking FOR DEVS @mscottford
@mscottford FOR ORGS
@mscottford FOR ORGS • Developer productivity
@mscottford FOR ORGS • Developer productivity • Significant security risks
@mscottford FOR ORGS • Developer productivity • Significant security risks • PR fallouts or loss of customer trust
@mscottford LIBYEAR Source: https://libyear.com/
@mscottfordSource: https://libyear.com/ @mscottford
@mscottford WHY LIBYEAR?
@mscottford WHY LIBYEAR? • Easy to compute
@mscottford WHY LIBYEAR? • Easy to compute • Distills dependency risk as a single number
@mscottford WHY LIBYEAR? • Easy to compute • Distills dependency risk as a single number • Easy to communicate
@mscottford WHY LIBYEAR? • Easy to compute • Distills dependency risk as a single number • Easy to communicate • Provides even more value when graphed over time
@mscottford HOW TO MEASURE MANUALLY
@mscottford LATEST VERSION: RELEASE DATE CURRENT VERSION: RELEASE DATE – = PACKAGE LIBYEAR LIBYEAR: SINGLE PACKAGE @mscottford
@mscottford PACKAGE(0).LIBYEAR + PACKAGE(1).LIBYEAR + PACKAGE(N).LIBYEAR … = PROJECT LIBYEAR LIBYEAR: ENTIRE PROJECT @mscottford
@mscottford HOW TO MEASURE AUTOMATED
@mscottford Source: https://github.com/nasirhjafri/libyear
@mscottford EXAMPLE PYSPIDER
@mscottford
@mscottford HOW TO MEASURE AUTOMATED – CHANGES OVER TIME
@mscottford Source: https://github.com/corgibytes/freshli
@mscottford EXAMPLE PYSPIDER
@mscottford
@mscottford
@mscottford EXAMPLE FEEDBIN
@mscottford
@mscottford
@mscottford FRESHLI’S FUTURE MISSION VISION Create tools that clearly illustrate the financial risk of deferred software maintenance. Software systems are self-healing and outdated dependencies are a thing of the past.
@mscottford BEST NEXT STEPS • Develop metric that considers security risk • Formulate ways to better compare LibYear across projects • Provide more guidance about “good” values (apps <= 10)
@mscottford GET INVOLVED • github.com/corgibytes/freshli • Add more metrics • Support more ecosystems and dependency formats • Improve graph quality
@mscottford DEPENDENCIES AUTO-UPGRADING IS ACHIEVABLE
@mscottford THANK YOU!
@mscottford CONTACT INFO M. SCOTT FORD scott@corgibytes.com @mscottford in/mscottford 804-596-2375 x701

More Related Content

PDF
Communication is Just as Important as Code
M. Scott Ford
 
PDF
Instagram: Effective Use for Libraries
David King
 
PDF
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_38
Firdika Arini
 
PDF
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_25
Firdika Arini
 
PDF
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_55
AGUS SETIYONO
 
PDF
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_23
Firdika Arini
 
PDF
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_21
Firdika Arini
 
PDF
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_37
Firdika Arini
 
Communication is Just as Important as Code
M. Scott Ford
 
Instagram: Effective Use for Libraries
David King
 
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_38
Firdika Arini
 
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_25
Firdika Arini
 
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_55
AGUS SETIYONO
 
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_23
Firdika Arini
 
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_21
Firdika Arini
 
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_37
Firdika Arini
 

What's hot (17)

PDF
High level concurrency
Robert Brown
 
PDF
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_32
Ayuk Meylanie
 
PPTX
The Common Sense in Digital Marketing
Alexandros R. Besmak
 
PDF
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_39
Firdika Arini
 
PPTX
Cloud Austin 2014 - Lightning Talk Tips and Tricks
joehack3r
 
PDF
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_33
Firdika Arini
 
PDF
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_22
Firdika Arini
 
KEY
Global Vision Twitter Presentation
Brennen Schmidt
 
PDF
Everything you wanted to know about internet of things (IoT) in diagrams
Chris Rigatuso
 
PDF
Soal un-fisika-sma-ipa-2013-kode-fisika ipa-sa_56
Widodo Lumajang
 
KEY
ランチタイム共有サービス 昼会 @ appengine ja night 18
Mitsuhiro Setoguchi
 
PDF
Sistrix - SEO Do's and Don't
Amazon Associates UK
 
PPTX
Apply to Become a 2013 Laureate Global Fellow
YouthActionNet
 
PPTX
Headlines and SEO
Eric Athas
 
PPTX
Index facebookpage app
sam-2015
 
PDF
2015 NISO Forum: The Future of Library Resource Discovery
National Information Standards Organization (NISO)
 
DOCX
บทที่ 1
teeraratWI
 
High level concurrency
Robert Brown
 
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_32
Ayuk Meylanie
 
The Common Sense in Digital Marketing
Alexandros R. Besmak
 
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_39
Firdika Arini
 
Cloud Austin 2014 - Lightning Talk Tips and Tricks
joehack3r
 
Soal un-ekonomi-sma-ips-2013-kode-eko ips-sa_33
Firdika Arini
 
Soal un-sosiologi-sma-ips-2013-kode-sosiologi ips-sa_22
Firdika Arini
 
Global Vision Twitter Presentation
Brennen Schmidt
 
Everything you wanted to know about internet of things (IoT) in diagrams
Chris Rigatuso
 
Soal un-fisika-sma-ipa-2013-kode-fisika ipa-sa_56
Widodo Lumajang
 
ランチタイム共有サービス 昼会 @ appengine ja night 18
Mitsuhiro Setoguchi
 
Sistrix - SEO Do's and Don't
Amazon Associates UK
 
Apply to Become a 2013 Laureate Global Fellow
YouthActionNet
 
Headlines and SEO
Eric Athas
 
Index facebookpage app
sam-2015
 
2015 NISO Forum: The Future of Library Resource Discovery
National Information Standards Organization (NISO)
 
บทที่ 1
teeraratWI
 
Ad

Similar to A deep dive into measuring dependency freshness with lib year (20)

PDF
PyGeekle 2022 - A Deep Dive into Measuring Dependency Freshness with LibYear
M. Scott Ford
 
PDF
MenderCon 2020 Keynote Presentation
M. Scott Ford
 
PDF
Makers and menders - Finding Talent for Legacy Code Projects
M. Scott Ford
 
PDF
Building a Bridge to a Legacy Application: How Hard Can That Be?
M. Scott Ford
 
PPTX
@twitter Mining #Microblogs Using #Semantic Technologies
Martin Ebner
 
PPTX
Swap2010 twitter minining using semantic web technologies and linked data
Selver Softic
 
PDF
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
James Wickett
 
KEY
Bitrzr - Ignite Portugal Tecnológico
bitrzr
 
PDF
The Daily Grind - Milling Stories to Reduce Risk
fuglylogic
 
PDF
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
PDF
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
James Wickett
 
PPTX
Netta Doron - Delivery on steroids - Codemotion Rome 2019
Codemotion
 
PDF
Important metrics for Measuring Code Health
M. Scott Ford
 
PPTX
Viral is a Dirty Word
GlobalStrategies
 
PDF
Mastering C A Beginners Guide Mohamed Musthafa Mc Divya Sachdeva
yosarabasiul
 
PPTX
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...
Chris Bortlik
 
PDF
IBMers at SxSW 2013
Ryan Boyles
 
PPTX
Webinar: CWAF for Mid Market/Enterprise Organizations
Sucuri
 
PDF
Busting the #SocialMedia Silo
Elizabeth Bookhultz
 
PDF
Defense-Oriented DevOps for Modern Software Development
James Wickett
 
PyGeekle 2022 - A Deep Dive into Measuring Dependency Freshness with LibYear
M. Scott Ford
 
MenderCon 2020 Keynote Presentation
M. Scott Ford
 
Makers and menders - Finding Talent for Legacy Code Projects
M. Scott Ford
 
Building a Bridge to a Legacy Application: How Hard Can That Be?
M. Scott Ford
 
@twitter Mining #Microblogs Using #Semantic Technologies
Martin Ebner
 
Swap2010 twitter minining using semantic web technologies and linked data
Selver Softic
 
AppSec California 2018: The Path of DevOps Enlightenment for InfoSec
James Wickett
 
Bitrzr - Ignite Portugal Tecnológico
bitrzr
 
The Daily Grind - Milling Stories to Reduce Risk
fuglylogic
 
Multipathed, Multiplexed, Multilateral Transport Protocols - Decoupling trans...
APNIC
 
Innotech Austin 2017: The Path of DevOps Enlightenment for InfoSec
James Wickett
 
Netta Doron - Delivery on steroids - Codemotion Rome 2019
Codemotion
 
Important metrics for Measuring Code Health
M. Scott Ford
 
Viral is a Dirty Word
GlobalStrategies
 
Mastering C A Beginners Guide Mohamed Musthafa Mc Divya Sachdeva
yosarabasiul
 
Supporting Remote Work While Securing, Governing, and Protecting Your Microso...
Chris Bortlik
 
IBMers at SxSW 2013
Ryan Boyles
 
Webinar: CWAF for Mid Market/Enterprise Organizations
Sucuri
 
Busting the #SocialMedia Silo
Elizabeth Bookhultz
 
Defense-Oriented DevOps for Modern Software Development
James Wickett
 
Ad

Recently uploaded (20)

PDF
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PPTX
Transform Your Business with a Software ERP System
Canada Software Company
 
PDF
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
PPTX
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PPT
Introduction Database Management System for Course Database
ReinertYosua
 
PPTX
history of c programming in notes for students .pptx
Vijayakumari829030
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PPTX
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PDF
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Which alternative to Crystal Reports is best for small or large businesses.pdf
Varsha Nayak
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Transform Your Business with a Software ERP System
Canada Software Company
 
Design an Analysis of Algorithms I-SECS-1021-03
DilanEscobar1
 
Online Work Permit System for Fast Permit Processing
SHEQ Network Limited
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
Introduction Database Management System for Course Database
ReinertYosua
 
history of c programming in notes for students .pptx
Vijayakumari829030
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
CHAPTER 12 - CYBER SECURITY AND FUTURE SKILLS (1) (1).pptx
AnujKumar530915
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
System and Network Administration Chapter 2
jaramharo
 
How Creative Agencies Leverage Project Management Software.pdf
Orangescrum
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 

A deep dive into measuring dependency freshness with lib year