What About Our Bug? A Study on the Responsiveness of NPM Package Maintainers

TL;DR

This study analyzes the responsiveness of npm package maintainers to bug reports, revealing a generally high responsiveness rate and identifying key reasons why some bugs remain unresolved, which can inform better open-source practices.

Contribution

It provides the first large-scale analysis of maintainer responsiveness in npm, including a taxonomy of reasons for unaddressed bugs, combining quantitative and qualitative methods.

Findings

Median project responsiveness is 70%.

Responsiveness varies due to contribution practices and dependency constraints.

A taxonomy of reasons for unresolved bugs is proposed.

Abstract

Background: Widespread use of third-party libraries makes ecosystems like Node Package Manager (npm) critical to modern software development. However, this interconnected chain of dependencies also creates challenges: bugs in one library can propagate downstream, potentially impacting many other libraries that rely on it. We hypothesize that maintainers may not always decide to fix a bug, especially if the maintainer decides it falls out of their responsibility within the chain of dependencies. Aims: To confirm this hypothesis, we investigate the responsiveness of 30,340 bug reports across 500 of the most depended-upon npm packages. Method: We adopt a mixed-method approach to mine repository issue data and perform qualitative open coding to analyze reasons behind unaddressed bug reports. Results: Our findings show that maintainers are generally responsive, with a median project-level responsiveness of 70% (IQR: 55%-89%), reflecting their commitment to support downstream developers. Conclusions: We present a taxonomy of the reasons some bugs remain unresolved. The taxonomy includes contribution practices, dependency constraints, and library-specific standards as reasons for not being responsive. Understanding maintainer behavior can inform practices that promote a more robust and responsive open-source ecosystem that benefits the entire community.