Publication Date

Spring 4-28-2025

Presentation Length

15 minutes

College

College of Sciences & Mathematics

Department

Math and Computer Science, Department of

Student Level

Undergraduate

SPARK Category

Research

Faculty Advisor

Esteban Parra, Mary Goodloe

SPARK Session

MTH/CSC Senior Presentations

Presentation Type

Talk/Oral

Summary

Abstract—This study examines failure propagation patterns within the Maven Central ecosystem, a critical software de- pendency repository, through comprehensive analysis of dependency networks using the Goblin framework. Our dual-sampling methodology, investigating both top dependencies and random libraries, revealed two distinct failure propagation patterns that pose significant risks to ecosystem stability. Core infrastructure failures, particularly evident in cases like the AWS SDK family with 429,800 total dependencies, create immediate and widespread disruption, affecting an average of 20,402 dependent projects and propagating through dependency chains averaging 90.80 levels deep.

Our analysis of peripheral projects reveals their significant cascading effects, with higher average dependency depths of 54.25 levels and chain lengths extending to 116.74 levels, as exemplified by cases like org.apache.camel:camel-swagger-java, which demonstrated a maximum chain length of 647 levels. Our findings highlight specific vulnerabilities in current dependency network structures, showing that ecosystem resilience requires both protecting core infrastructure and managing dependency complexity.

Download

Share

COinS
 
 

To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.