Session

M. Scott Ford

M. Scott Ford

Co-Founder & Chief Code Whisperer (CTO)

Corgibytes

A Deep Dive into Measuring Dependency Freshness with LibYear

LibYear is a dependency freshness measure which helps you learn how out of date your project’s dependencies are. While LibYear has considerable value when used as a “spot” metric, something that you just measure once, there is even more power that can be unlocked when you observe how the metric has trended over time. In this talk, we’ll explore a tool, libmetrics, which is able to compute this metric across a project’s history. The libmetrics tool supports many different dependency management tools from many different frameworks. Also during this talk, we’re going to look at graphs of LibYear over time for many different open source projects. By analyzing these graphs, we can see the long-term impacts of different decisions, such as when a team decides to start using Dependabot.

I’ve taken a deep dive into LibYear ever since I learned about it from a guest on the podcast that I host. That lead me to start building the libmetrics tool for computing LibYear. I wanted a tool that would help collect this metric in a historical fashion, since all of the tools that have been developed to date only compute the metric at the time that the tool is run. I also wanted the tool to be able to support dependency managers from multiple language ecosystems, and eventually be able to analyze projects that are using more than one language.