An Empirical Study of Redundant Dependencies in Open-Source Java Projects

doi:10.19678/j.issn.1000-3428.00 EC0252768

Abstract

Abstract: Redundant dependencies in software projects can lead to increased build size, performance overhead, and long-term maintenance burden. Although existing studies have investigated redundant dependencies in the Maven ecosystem, there remains a lack of analysis regarding their distribution across different dependency scopes (e.g., compile and test), their evolutionary patterns, and their impact on project popularity. To address this gap, we select 2,214 Java Maven open-source projects from GitHub as our study subjects. We employ a mvn command to identify dependencies that are declared but not actually used, and conduct a quantitative analysis of redundancy ratios based on their scopes. Furthermore, we apply the Mann-Kendall non-parametric trend test on 3,817 historical versions from 698 projects to identify trends in the evolution of redundant dependencies. To assess the relationship between redundant dependencies and project popularity or community activity, we construct five GitHub-based popularity and activity metrics, including star growth rate, fork growth rate, and issue closing rate, and perform Pearson correlation analysis. Experimental results show that redundant dependencies are primarily concentrated in the compile and test scopes, with median redundancy ratios of 33.33% and 30.00%, respectively. In terms of evolutionary trends, 48.1% of the projects maintained a stable redundancy ratio, 36.2% exhibited fluctuations, and a small proportion showed an increasing or decreasing trend. In the correlation analysis, only the issue closing rate shows a significantly weak negative correlation with the redundancy ratio. These findings provide developers with a detailed perspective on dependency management and can help optimize project configurations and improve software maintainability.

摘要： 软件项目中的冗余依赖可能导致构建体积增加、性能开销上升以及维护负担加重。尽管已有研究关注Maven生态系统中的冗余依赖问题，但对冗余依赖在不同依赖作用域（如编译和测试）中的分布特征、演化模式及其对项目受欢迎程度等的影响仍缺乏分析。为此，选取GitHub平台上2,214个Java Maven开源项目作为研究对象，采用mvn命令识别各项目中引入但未被实际使用的冗余依赖，并结合依赖的作用域信息进行冗余比例的定量分析。接着，在698个项目的3,817个历史版本中采用Mann-Kendall非参数趋势检验方法，识别冗余依赖的演变趋势。此外，为评估冗余依赖与项目受欢迎程度和社区活跃度之间的关系，构建包括Star增长率、Fork增长率、Issue关闭率等在内的五种GitHub流行度和活跃度指标，并进行皮尔逊相关性分析。实验结果显示，冗余依赖主要分布在编译和测试作用域，其冗余比例中位数分别为33.33%和30.00%；在演化趋势上，48.1%的项目冗余比例保持稳定，36.2%的项目冗余比例波动，少数呈现增加或减少趋势；在相关性分析中，仅Issue关闭率与冗余依赖比例表现出显著弱负相关性。研究结果可为开发者提供细致的依赖管理视角，助力优化项目配置与提升软件可维护性。

Liu Meigui, Zhang Neng, Li Jiale, Zhao Yuqi, Li Zengyang. An Empirical Study of Redundant Dependencies in Open-Source Java Projects[J]. Computer Engineering, doi: 10.19678/j.issn.1000-3428.00 EC0252768.

刘玫瑰, 张能, 李佳乐, 赵玉琦, 李增扬. 开源Java项目中冗余依赖的实证研究[J]. 计算机工程, doi: 10.19678/j.issn.1000-3428.00 EC0252768.

/ Recommend / Download Citations

URL: https://www.ecice06.com/EN/10.19678/j.issn.1000-3428.00 EC0252768

References

[1] 王莹, 伍盈欣, 高天, 陈子莺, 许畅, 于海, 张成志. 开源软件库生态治理技术研究综述: 二十年进展[J]. 软件学报, 2024, 35(2): 629–674. http://www.jos.org.cn/1000-9825/6983.htm [doi: 10.13328/j.cnki.jos.006983] Wang Y, Wu YX, Gao T, Chen ZY, Xu C, Yu H, Cheung SC. Survey on governance technology of open-source software library ecosystem: Twenty years of progress. Ruan Jian Xue Bao/Journal of Software, 2024, 35(2): 629–674 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6983.htm [doi: 10.13328/j.cnki.jos.006983]
[2] COX R. Surviving software dependencies[J]. Communications of the ACM, 2019, 62(9): 36-43.
[3] SOTO-VALERO C, BENELALLAM A, HARRAND N, et al. The emergence of software diversity in Maven Central[C]//Proceedings of the 16th IEEE/ACM International Conference on Mining Software Repositories. Piscataway, USA: IEEE, 2019: 333-343.
[4] Bavota G, Canfora G, Di Penta M, et al. How the Apache community upgrades dependencies: An evolutionary study[J]. Empirical Software Engineering, 2015, 20(5): 1275-1317.
[5] 高恺, 何昊, 谢冰, 等. 开源软件供应链研究综述[J]. 软件学报, 2024, 35(2): 581–603. http://www.jos.org.cn/1000-9825/6975.htm [doi: 10.13328/j.cnki.jos.006975] Gao K, He H, Xie B, et al. A survey on open source software supply chain. Ruan Jian Xue Bao/Journal of Software, 2024, 35(2): 581–603 (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/6975.htm [doi: 10.13328/j.cnki.jos.006975]
[6] Soto-Valero C, Harrand N, Monperrus M, et al. A comprehensive study of bloated dependencies in the Maven ecosystem[J]. Empirical Software Engineering, 2021, 26(3): 45.
[7] Gkortzis A, Feitosa D, Spinellis D. A double-edged sword? Software reuse and potential security vulnerabilities[C]//Proceedings of the 18th International Conference on Software and Systems Reuse (ICSR). Cincinnati, USA: Springer, 2019: 187-203.
[8] Qian C X, Hu H, Alharthi M, et al. RAZOR: A framework for post-deployment software debloating[C]//Proceedings of the 28th USENIX Security Symposium. [S.l.]: USENIX Association, 2019: 1733-1750.
[9] Porter C, Mururu G, Barua P, et al. BlankIt library debloating: Getting what you want instead of cutting what you don’t[C]//Proceedings of the 41st ACM SIGPLAN Conference on Programming Language Design and Implementation. New York, USA: ACM Press, 2020: 164-180.
[10] Soto-Valero C, Durieux T, Harrand N, et al. Coverage-based debloating for Java bytecode[J]. ACM Transactions on Software Engineering and Methodology, 2023, 32(2): 1-34.
[11] Macias K, Mathur M, Bruce B R, et al. WebJShrink: A web service for debloating Java bytecode[C]//Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York, USA: ACM Press, 2020: 1665-1669.
[12] Vázquez H C, Bergel A, Vidal S, et al. Slimming javascript applications: An approach for removing unused functions from javascript libraries[J]. Information and software technology, 2019, 107: 18-29.
[13] Tang Y T, Zhou H, Luo X P, et al. XDebloat: Towards Automated Feature-Oriented App Debloating[J]. IEEE Transactions on Software Engineering, 2022, 48(12): 4501-4520.
[14] Agadakos I, Demarinis N, Jin D, et al. Large-scale debloating of binary shared libraries[J]. Digital Threats: Research and Practice, 2020, 1(4): 1-28.
[15] Soto-Valero C, Durieux T, Baudry B. A longitudinal analysis of bloated Java dependencies[C]//Proceedings of the 29th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering. New York, USA: ACM Press, 2021: 1021-1031.
[16] 李天然, 朴勇, 孔子涵. 一种面向软件成分分析的轻量化依赖分析方法[J/OL]. 计算机工程, 1-11 [2025-08-12]. https://doi.org/10.19678/j.issn.1000-3428.0070637 Li T R, Piao Y, Kong Z H. A lightweight dependency analysis method for software composition analysis. Computer Engineering, 1–11 [2025-06-25] (in Chinese with English abstract).
[17] 孙伟杰, 许畅, 王莹. Java依赖异味的实证研究与统一检测技术[J]. 软件学报, 2025, 36(07): 3041-3086. DOI:10.13328/j.cnki.jos.007338. Sun W J, Xu C, Wang Y. Empirical study and unified detection technology of Java dependency smell. Ruan Jian Xue Bao/Journal of Software, 1–46 [2025-06-25] (in Chinese with English abstract). http://www.jos.org.cn/1000-9825/7338.htm [doi: 10.13328/j.cnki.jos.007338]
[18] Zhao Y T, Xiao L, Bondi A B, et al. A large-scale empirical study of real-life performance issues in open source projects[J]. IEEE Transactions on Software Engineering, 2023, 49(2): 924-946.
[19] Yang Z, Wang C Y, Shi J K, et al. What do users ask in open-source AI repositories? An empirical study of GitHub issues[C]//Proceedings of the 20th IEEE/ACM International Conference on Mining Software Repositories (MSR). Washington D.C., USA: IEEE Press, 2023: 79-91.
[20] Barrak A, Eghan E E, Adams B. On the co-evolution of ML pipelines and source code: Empirical study of DVC projects[C]//Proceedings of the 2021 IEEE International Conference on Software Analysis, Evolution and Reengineering (SANER). Washington D.C., USA: IEEE Press, 2021: 422-433.
[21] Alfadel M, Costa D E, Shihab E. Empirical analysis of security vulnerabilities in Python packages[J]. Empirical Software Engineering, 2023, 28(3): 59.
[22] Zerouali A, Mens T, Decan A, et al. On the impact of security vulnerabilities in the npm and RubyGems dependency networks[J]. Empirical Software Engineering, 2022, 27(5): 107.
[23] Ma Z Y, Mondal S, Chen T H, et al. VulNet: Towards improving vulnerability management in the Maven ecosystem[J]. Empirical Software Engineering, 2024, 29(4): 83.
[24] GitHub. GitHub REST API[EB/OL]. (2022-11-28)[2025-08-30]. https://docs.github.com/en/rest?apiVersion=2022-11-28.
[25] Moonshot AI. kimi-k2-0711-preview大模型[EB/OL]. [2025-08-30]. https://platform.moonshot.cn/docs/api/tool_use.
[26] GitHub. GitHub Releases API[EB/OL]. (2022-11-28)[2025-08-30]. https://docs.github.com/en/rest?apiVersion=2022-11-28.
[27] Fleiss J L. Measuring nominal scale agreement among many raters[J]. Psychological Bulletin, 1971, 76(5): 378.
[28] Wikipedia. Coefficient of variation[EB/OL]. [2025-08-30]. https://en.wikipedia.org/wiki/Coefficient_of_variation.
[29] Aronhime S, Calcagno C, Jajamovich G H, et al. DCE‐MRI of the liver: effect of linear and nonlinear conversions on hepatic perfusion quantification and reproducibility[J]. Journal of Magnetic Resonance Imaging, 2014, 40(1): 90-98.
[30] SixSigma.us. Coefficient of Variation[EB/OL]. [2025-08-30]. https://www.6sigma.us/six-sigma-in-focus/coefficient-of-variation/.
[31] Borges H, Hora A, Valente M T. Understanding the factors that impact the popularity of GitHub repositories[C]//Proceedings of the 2016 IEEE International Conference on Software Maintenance and Evolution (ICSME). Washington D.C., USA: IEEE Press, 2016: 334-344.

Please choose a citation manager

Content to export