Published January 20, 2023 | Version v1
Software Open

Artifact for Flexible and Optimal Dependency Management via Max-SMT

  • 1. Northeastern University
  • 2. Northeastern University and Roblox Research
  • 3. np-complete, S.r.l.
  • 4. Lawrence Livermore National Laboratory


We present PacSolve, a semantics of dependency solving that we use to highlight the essential features and differences between NPM, PIP, and Cargo. We use PacSolve to implement MaxNPM, a drop-in replacement for NPM that allows the user to customize dependency solving with a variety of global objectives and consistency criteria. Using MaxNPM, developers can optimize dependency resolution to achieve goals that npm is unable to, such as: reduce the presence of vulnerabilities, resolve newer packages and reduce bloat.

We evaluate MaxNPM on the top 1,000 packages in the NPM ecosystem, finding that our prototype introduces a median overhead of less than two seconds. We find that MaxNPM produces solutions with fewer dependencies and newer dependencies for many packages.


Files (609.9 MB)

Name Size Download all
609.9 MB Download