Is it still good practice handling your dependencies so that
mvn dependency:analyze
does not show any warning ?
it complains when code is explicitly using dependency wothout it being declared, or in case code is not using a declared dependency
For the latter case I can think of more than a couple of scenarios when
we actually need to have "unused" dependencies.
But for the first case, should we always make sure we have no warnings ?
There are exceptions where you need an artifact as dependency, but it is not "used" in the classical sense by your source code. In this case, you can define an exception by settings the <ignoredDependencies> parameter for dependency:analyze.
it's used to find out dependencies which are not used in your project. In other words, you may have had added some dependencies to your project in the development phase but eventually, you do not have any use for those in your code. this command helps you to find and remove them to have a lighter jar file.
Related
I have some dependency which behaviour looks suspicious. I suppose there is a data race problem in it: one of my calls to the class sets some internal variable to null, while other call is still being processed. This causes an exception.
I want to insert logging into some classes of that dependency to be sure I am right.
The problem is that I cannot modify the sources of that dependency directly. I get them via Maven and can see them in my Idea, but thats all. The only idea I have is to replace that classes with the modified versions via classpath. But probably there is a better way? Can I make a kind of a "hot redeploy" for this?
You can use AOP but I think following alternate is much better for just debugging your problem and having more control for just one time.
Maven downloads the dependencies in local .m2 directory
Go and decompile the dependency
modify as per your requirements
recompile the dependency and do "maven install" it will again install it in your local .m2
now build your maven project with maven offline mode, it won't be get replaced and you will see the logs etc which you have added during modification
I'm starting to fix a java project that has used maven and while I've got the project to build, at runtime it fails with missing dependencies. I've had a look and the errors are missing optional dependencies of included compile time dependencies. I can go through and add these but it seems to me that I can have everything building and running nicely only for some piece of code that I missed to use a missing dependency and the whole thing falls apart.
What I really want to know is whether there is an automated way to find optional dependencies that I have chosen to not include. I have used mvn dependency:tree but this only shows the dependencies I have (not sure of the scope it checks) and I have tried mvn dependency:analyze but this seems to show dependencies it thinks I don't use and those that have been pulled down indirectly. What I cannot see is how to see a list of optionals I don't include.
Currently my method of working around this is to read the poms and try to work it out from there, but I don't see this as particularly robust.
For reference, I am fairly new to maven style dependency management and on the face of it like it, but this optional thing is a bit of a stumbling block for me. I understand that optionals stop me pullin down dependencies I won't be using, but it hasn't clicked for me how I can workout what optionals are available and that I do need.
I am using Eclipse Juno, m2Eclipse (also have maven 3.0.5 cli), java 6/7.
Anyone got any ideas of how I can do this better, or what I am completely overlooking?
No the things are - somewhat - just this way. Maven does not do dependency management, it allows you to do dependency management by offering tools to use and analyze them. So the work still is on the developers side. People often mix that up.
This is mainly caused by the fact that projects often have different deployment targets. As a result sometimes they collect a bunch of jar files which are copied once into tomcat and a different set of files for weblogic. So there might be a readme in your project that states what to copy prior to deployment of the maven artifacts. Or it is implicit knowledge - then you're doomed.
dependency:analyze works on bytecode not on sources. therefore it does not see what maven knows.
Maybe mvn help:effective-pom gives a better basis to analyze the whole thing? Or you could try to modify the dependency plugin to show that information as well. Maven plugins are not so hard to work with.
I'm not aware of a plugin that displays all optional transitive dependencies. But since the pom.xml files of dependencies are downloaded into the local maven repo you could do a text search there.
A while ago there was a discussion on optional dependencies as well: Best strategy for dealing with optional dependencies - it might be helpful too.
I am working on a big project that consists of about 40 sub-projects with very not optimized dependencies. There are declared dependencies that are not in use as well as used but undeclared dependencies. The second case is possible when dependency is added via other dependency.
I want to remove redundant and add required dependencies. I ran mvn dependency:analyze and got a long list of warnings I have to fix now.
I wonder whether there is maven plugin or any other utility that can update my pom.xml files automatically. I tried to do it manually but it takes a lot of time. It seems it will take a couple of days of copy/paste to complete the task.
In worse case I can write such script myself but probably ready stuff exists?
Here is how mvn dependency:analyze reports dependency warnings:
[WARNING] Used undeclared dependencies found:
[WARNING] org.apache.httpcomponents:httpcore:jar:4.1:compile
[WARNING] Unused declared dependencies found:
[WARNING] commons-lang:commons-lang:jar:2.4:compile
[WARNING] org.json:json:jar:20090211:compile
I would not say: with very not optimized dependencies. it's simply someone has not done his job well, cause defining dependencies which are not used shows someone didn't understand what a build tools is and how its working. That can be compared with a Java file which contains many unused imports. In the case of the unused imports in a Java sources this can simply be handle by the IDE but for dependencies in Maven there does not exist such a simple way as already been expressed the problem are kinds of DI etc. which makes this job hard. You can try to output the result of dependency:analyze into a script (there exist an option for that goal) and afterwards test the resulting build after cleaning up the dependencies.
It might be a good idea to run
mvn dependency:analyze -DscriptableOutput=true
which produces output which can be very simple extracted from the output and can be used for further processing like using as input for the versions-maven-plugin (with some pre conversion).
I would not recommend to clean-up dependencies automatically.
Adding of all 'Used undeclared...' lead to duplication of most of transitive dependencies that lead to spending of more time to reading and managing them.
Removing of all 'Unused declared...' can lead to errors in run-time because they are: called by reflection or specially declared to override version of the same artifact that already used in 3rd party dependencies (changing their compile scope to runtime is preferable, while test scope should be untouched to avoid leak them to production package) or added to declare usage of an optional transitive dependency of some 3rd party library etc.
Is there a way to tell maven to continue the build although a dependency ist missing?
I tried <optional>true</optional> but this doesn't seem to do it in this scenario.
I have build a costum Maven Plugin for the package phase and it does still have to package even if one or multiple dependencies could not be found.
Thanks in advance.
<optional>true</optional>
Optional means that a client using your library does not necessarily need that dependency. An example is Spring's ORM module, that has optional dependencies to Hibernate, JDO, JPA and mybatis. Nobody will ever use all of these in a project, so each is marked as optional.
Your case is completely different, you are trying to compile something, and you can only do that if the libraries you compile against are present. Sorry, it don't work like that.
If you are trying to build something while the rest of the team finishes their parts, you could use a Mocking framework that creates something that looks like the classes you need . Check out, for example mockito
Otherwise, the only thing you can do is run mvn with -fn (fail-never) but that will mask all your errors and not just the missing dependencies
I want to do some clean up in POM.XML. How can I check which dependencies aren't used at all by my code and if one is used then how tell which one is it?
Of course I don't want to simply delete dependency and then search for errors in IDE, because that could take ages when pom has got about 80+ dependencies.
I'm using SpringSource Tools Suite version of Eclipse.
Greetz
Have a look at the Maven Dependency Plugin. When running, it should list the dependencies that you declared but do not use, but also which intransitive dependencies you use without explicitly declaring them. Note that it you use reflection, the report may not be accurate.