Build automation tools and package managers have a profound influence on
software development. They facilitate the reuse of third-party libraries,
support a clear separation between the application's code and its external
dependencies, and automate several software development tasks. However, the
wide adoption of these tools introduces new challenges related to dependency
management. In this paper, we propose an original study of one such challenge:
the emergence of bloated dependencies.
Bloated dependencies are libraries that the build tool packages with the
application's compiled code but that are actually not necessary to build and
run the application. This phenomenon artificially grows the size of the built
binary and increases maintenance effort. We propose a tool, called DepClean, to
analyze the presence of bloated dependencies in Maven artifacts. We analyze
9,639 Java artifacts hosted on Maven Central, which include a total of 723,444
dependency relationships. Our key result is that 75.1% of the analyzed
dependency relationships are bloated. In other words, it is feasible to reduce
the number of dependencies of Maven artifacts up to 1/4 of its current count.
We also perform a qualitative study with 30 notable open-source projects. Our
results indicate that developers pay attention to their dependencies and are
willing to remove bloated dependencies: 18/21 answered pull requests were
accepted and merged by developers, removing 131 dependencies in total.Comment: Manuscript submitted to Empirical Software Engineering (EMSE