Print Email Facebook Twitter Uncovering Secrets of the Maven Repository Title Uncovering Secrets of the Maven Repository: Maven packaging Author Rungta, Priyam (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Keshani, M. (mentor) Proksch, S. (mentor) Chakraborty, S.S. (graduation committee) Degree granting institution Delft University of Technology Corporate name Delft University of Technology Programme Computer Science and Engineering Project CSE3000 Research Project Date 2023-06-29 Abstract Maven, a widely adopted software ecosystem for Java libraries, plays a critical role in the development and deployment of software applications. However, there exists a limited understanding of the composition and characteristics of the Maven repository, leaving users and contributors unaware of the contents they interact with. This research aims to address this knowledge gap by conducting a comprehensive analysis of Maven packaging and informing developers, library maintainers, security analysts, and the open-source community about Maven library practices. The research investigates the secrets of the Maven repository, focusing on Maven packaging. Using data from the POM file, Maven index file, and Maven repository, we analyze the distribution of packaging types, checksums, qualifiers, and file types within Maven libraries. The experiment involves examining 479,915 packages from the Maven repository, utilizing the POM file, the Maven index, the Maven repository and manual requests to the Maven repository. The results reveal that JAR is the packaging type in more than 75% packages across all sources, and inconsistencies are found among different data sources, highlighting the need for improved data consistency and reliability within the Maven ecosystem. Furthermore, the adoption of the sha256 and sha512 checksum algorithms remains limited, with only 1.4% of packages utilizing these secure hash functions. In terms of qualifiers, sources and Javadoc exhibit the highest prevalence, with adoption rates of 82% and 76% respectively. Moreover, class files and XML are identified as the most frequently packaged file types, encompassing 71% and 61% of the packages, respectively among a very diverse classification. These findings provide insights into Maven library characteristics and inform optimization of library usage. Subject Maven CentralMaven RepositoryPackagingPackaging typeChecksumQualifierExecutable To reference this document use: http://resolver.tudelft.nl/uuid:b945ed27-1ad2-4815-aac1-ee5276977192 Part of collection Student theses Document type bachelor thesis Rights © 2023 Priyam Rungta Files PDF Rungta_Maven_packaging.pdf 1003.67 KB Close viewer /islandora/object/uuid:b945ed27-1ad2-4815-aac1-ee5276977192/datastream/OBJ/view