Managing project dependencies is a key maintenance issue in software development. Developers need to choose an update strategy that allows them to receive important updates and fixes while protecting them from breaking changes. Semantic Versioning was proposed to address this dilemma but many have opted for more restrictive or permissive alternatives. This empirical study explores the association between package characteristics and the dependency update strategy selected by its dependents to understand how developers select and change their update strategies. We study over 112,000 npm packages and use 19 characteristics to build a prediction model that identifies the common dependency update strategy for each package. Our model achieves a minimum improvement of 72% over the baselines and is much better aligned with community decisions than the npm default strategy. We investigate how different package characteristics can influence the predicted update strategy and find that dependent count, age and release status to be the highest influencing features. We complement the work with qualitative analyses of 160 packages to investigate the evolution of update strategies. While the common update strategy remains consistent for many packages, certain events such as the release of the 1.0.0 version or breaking changes influence the selected update strategy over time.

翻译：管理项目依赖是软件开发中的关键维护问题。开发者需要选择一种既能接收重要更新和修复，又能避免破坏性变更的更新策略。语义化版本控制旨在解决这一困境，但许多人选择了更严格或更宽松的替代方案。本实证研究探讨了包特征与依赖者所选依赖更新策略之间的关联，以理解开发者如何选择及变更其更新策略。我们研究了超过11.2万个npm包，利用19个特征构建了一个预测模型，用于识别每个包的常见依赖更新策略。该模型相比基线方法至少提升72%，并且与社区决策的一致性远优于npm的默认策略。我们研究了不同包特征如何影响预测的更新策略，发现依赖数量、包龄和发布状态是影响最大的特征。通过对160个包的定性分析进一步探究了更新策略的演变过程。虽然许多包的常见更新策略保持稳定，但某些事件（如1.0.0版本的发布或破坏性变更）会随时间推移影响所选更新策略。