graphs to be compared to each other with regards to the
shape of the distribution. The three histograms at the
bottom of Figure 5 illustrate the distribution of the dif-
ferences in popularity measures of packages.
As can be seen, all three comparisons result in a rel-
atively normal distribution of differences in popularity
ranks. On the one hand, this result may seem predictable,
given the large size of data points we considered. On
the other hand, all comparisons exhibit extreme cases
where packages rank considerably higher in one measure
as compared to the other and vice versa.
Takeaways. Different package popularity measures pro-
duce different outcomes. All comparisons of the three
measures considered in this work reveal packages that
perform strongly in the first measure and poorly in the
second as well as packages for which the opposite is true.
This finding has implications on package recommenda-
tion tools making use of PageRank within npm, e.g., [21].
While their recommendations may be useful for package
developers, they might not be suited for application de-
velopers.
4.2 Differentiating Package Types
Section 4.1 revealed that there are packages with signif-
icantly different ranks regarding the different popularity
measures. To gain insight into the nature of these pack-
ages, we now focus on two measures, npm rank and the
GitHub rank. We dismiss download ranks because we
cannot with certainty explain their origin or exclude in-
fluences, for example, through web miners or crawlers.
Focusing on the npm rank and GitHub rank, we pro-
pose to explain their differences by defining the follow-
ing types of packages:
• End user packages are used commonly in applica-
tions, but not necessarily by other packages. Exam-
ples are database drivers like bookshelf (GitHub
rank: 399, npm rank: 2950), or authentication
libraries like passport (GitHub rank: 65, npm
rank: 718). We expect end-user packages have
high GitHub ranks, but a comparatively low npm
ranks. Given that many recommendation systems
filter down packages based on user-input, these ex-
emplary differences in rank can make the difference
between a package being displayed in the top re-
sults or not. For example, among all packages in
npm with the keyword “authentication” assigned,
passport ranks 1st based on the GitHub rank, but
only ranks 3rd based on the npm rank.
• Core utility packages are mostly used by other
packages but seldom by applications outside of
npm. Examples are packages providing low-level
functionalities like ieee754 (GitHub rank: 37287,
npm rank: 2258) for reading/writing floating point
numbers to buffers or is-relative (GitHub rank:
20299, npm rank: 434) for detecting relative pack-
age dependencies. We expect core utility packages
have high npm ranks, but low GitHub ranks.
In order to assess whether we find evidence for this
classification of packages, we look further into the na-
ture of packages with highly different ranks. Packages
in npm can be categorized by any number of keywords,
which package developers may assign, as shown in List-
ing 1, line 13. We assess the keywords assigned to the
1000 packages with the highest npm and GitHub rank.
We count the appearances of every observed keyword
and calculate the Pearson correlation coefficient between
these counts. The resulting correlation coefficient of
0.823 is relatively strong.
Thus, to look into more detail, we focus our analysis
on those packages that reveal the highest difference in
npm rank as compared to the GitHub rank. Table 2 shows
the keywords with the highest difference in count in “npm
strong” packages as compared to “GitHub strong” pack-
ages. “npm strong” denotes the set of the 1000 pack-
ages that perform comparatively the best in npm while
performing the worst in GitHub. On the other hand,
“GitHub strong” denotes the set of 1000 packages that
perform comparatively the best in GitHub while per-
forming the worst in npm. As we can see, the keywords
most unilaterally used to describe “npm strong” packages
relate to low-level capabilities such as dealing with ar-
rays, buffers, or strings. These keywords are assigned to
core utility packages, as introduced above.
In contrast, Table 3 shows the opposite, that is, the
keywords with the highest different in count in “GitHub
strong” packages as compared to “npm strong” packages.
As we can see, the keywords most unilaterally used to
describe “GitHub strong” packages are related to capa-
bilities typically used in application development. grunt
and gulp are plug-in-supporting tools to build applica-
tions. express is a server-side web application frame-
work, and react is a library used to render views. These
keywords are assigned to user packages, as introduced
above.
Takeaways. We assumed that there are qualitative differ-
ences between packages with either high npm ranks and
low GitHub ranks or vice versa. Our analysis of the key-
words used uniquely to describe these packages confirms
this suspicion. We find indications for both core utility
packages and end user packages. This finding strength-
ens our above takeaway that package recommendation
requires choosing an appropriate popularity measure de-
pending on the intended outcome.
6