What are the characteristics of highly-used packages? A case study on the npm ecosystem

With the popularity of software ecosystems, the number of open source components (a.k.a. “packages”) has been growing rapidly. Identifying high-quality and well-maintained packages from a large pool of packages to depend on is a basic and important problem, as it is beneficial for various applications, such as package recommendation, package search, etc. However, there is no systematic and comprehensive work so far that focuses on addressing this problem except in online discussions or in informal literature and interviews. To fill this gap, in this paper, we conduct a mixed qualitative and quantitative analysis to understand how developers identify and select relevant open source packages. In particular, we start by surveying 118 JavaScript developers from the npm ecosystem to qualitatively understand the factors that make a package to be highly-used within the ecosystem. The survey results show that JavaScript developers believe that highly-used packages are well-documented, receive a high number of stars on GitHub, have a large number of downloads, and do not suffer from vulnerabilities. Then, we conduct an experiment to quantitatively validate the developers' perception of the factors that make a highly-used package. In this analysis, we collect and mine historical data from 2,427 packages divided into highly-used and low-used packages. For each package in the dataset, we collect quantitative data to present the factors studied in the developers' survey. Next, we use regression analysis to quantitatively explain which of the studied factors are the most important. Our regression analysis support developers' believe about highly-used packages. In particular, the results show that highly-used packages tend to be impacted by the number of downloads, stars, and how larger is readme file of the package.