In Eclipse, expand current project in project explorer,
click Java Resources -> libraries -> Maven Dependencies
And I found there are two jar files which in different version, i.e.:
commons-lang-2.1.jar
and
commons-lang3-3.1.jar
but from pom.xml, I cannot tell where commons-lang-2.1.jar come from as it must required by one of the artifacts. But it is too much trouble to check pom file from each artifact...
I heard of dependency-tree can work something similar but don't know how to make it work under this situation. Any hint is appreciated.
mvn dependency:tree
Look for the two instances of commons-lang and see what requires them.
That said, the two versions aren't compatible, and can live in the same application:
http://commons.apache.org/proper/commons-lang/article3_0.html
See this answer of mine regarding deciphering the tree output. The nutshell is that indented libraries are dependencies of the non-indented library above it: a dependency tree.
execute
mvn dependency:tree
if you have very giant dependency tree and hard to read you can use
mvn dependency:tree -Dincludes=org.apache.commons:commons-lang3
to just include occurrence of this artifact
from your pom.xml it will list out all the dependencies being pulled directly or indirectly, and put the <exclusion> to avoid consumption of non desired library
Related
In Eclipse, when I open my pom.xml file and go to the "Dependency Hierarchy" tab, it shows two windows: Dependency Hierarchy and Resolved Dependencies.
Is there a way to copy/paste or export the list of dependencies shown in the Resolved Dependencies window into a text file, or a way to have maven print out an equivalent list on the command line?
Background: our team has been told we need to provide a list of all our dependencies and their versions, and it'd be a lot faster if there's a way to easily get a textual list of them vs having to manually type out each dependency and its version one by one into a spreadsheet. We have a lot of services and they all have a ton of dependencies when you need to list out the entire dependency tree.
You can try mvn dependency:tree -Doutput=<path_to_file> to get dependencies in a file.
It's more than just a list, but if you generate a Site it's all nicely documented. Just run
mvn site:site
inside the directory of your POM. You'll find the Site under target/site.
Little suggestion:
If your company wants to track the dependencies of applications, you shouldn't rely on lists or the like. Have a look into things like the dependency-check-maven plugin to scan for vulnerabilities during development and SBOM to track dependencies later.
I was going to migrate an old Ant project existing of multiple single java projects to a multi-module maven project. All the libraries for have been stored in one local folder.
For building up the dependency management I wanted to go the way to add all dependencies to the parent pom.xml (dependency management section) and also do my best by adding the correct ones to the children (Java Maven projects) until compilation is working.
I then want to streamline the pom.xmls by using "mvn dependency:tree -X" to see if I have added some transitive dependencies to the single Maven projects which aren't not needed to be explicitly added to the pom.xmls
Now when comparing the dependency hierarchy for a Maven project shown in Eclipse with that shown by using "mvn dependency:tree -X", there are some differences:
Maven will not show that "jetty-http" is actually a transitive dependency of jetty-server - mostly because I already added it as direct dependency in the pom.xml before.
While Eclipse does show that relationship and this is the correct result (also checked it manually using Maven central dependency list).
So in the end when using Maven I would have left "jetty-http" as direct dependency in my pom.xml, although I don't have to. This is kind of useless.
Does anyone know why the Maven dependency tree is so limited? I want to understand what is going on here. Is there any alternative using Maven commands?
Or is there even a better way to check for/identify transitive dependencies added to the pom.xml by mistake?
Best practise is to add all dependencies to the POM that are used directly in your source code (and at runtime).
So if X is used in your source code, but is already present as transitive dependency of Y, you should nevertheless add X as direct dependency.
You can check this with mvn dependency:analyze
https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html
I have a Maven based project, and I use IntelliJ. The pom.xml file probably contains dependencies that I don't need. How can I find which Java files (in particular the import statements) that need a specific dependency in the pom.xml file? Alternatively, how can I find which dependencies I don't need in the pom.xml?
I have tried to comment out a dependency from pom.xml, build the project and look what breaks. In at least one case, I saw no compile time problems, but there was a runtime problem. This method is also more effort than I want.
I have also tried to find information in the IntelliJ Project explorer, section "External Libraries". But the items listed there are not always present in the pom.xml file. Each versioned item there expands to a tree with a jar file on top, and I can ask IntelliJ about the usage of the contained items. I have found the usage of some packages contained in jar files, but the number of packages to investigate simply becomes too large.
Here is a dependency that I want to know if I need or not:
<!-- https://mvnrepository.com/artifact/com.googlecode.soundlibs/mp3spi -->
<dependency>
<groupId>com.googlecode.soundlibs</groupId>
<artifactId>mp3spi</artifactId>
<version>1.9.5.4</version>
</dependency>
This particular dependency results in three items in the External Libraries list (there are two sub dependencies apparently). Asking IntelliJ for usage of these libraries, I can't find any usage in my own files. But if I remove the dependency from the pom.xml file, I get runtime problems.
Maven offers you the dependency:analyze goal which gives you the artifacts that are declared in your pom but not used by any part of your source code. Beware, though, that there may be dependencies that are only used at runtime.
We have multi module environment where in we have lot of poms that uses numerous dependencies.
1) How to see which dependency in our pom causing a specific jar to download into repository.
Eg : I have commons-lang3 in all my poms .But some included dependency in pom's is downloading older jars into my repo which I need to avoid.I did
mvn dependency:tree but this didn't helped me.
Since my application is a mammoth its very difficult to go and see all the dependencies that are included.
Is there any way we can check which included dependency is causing older
versions of jar to download
Any one who can shed some light would be appreciated.
Thanks
Praveen
This is a bit crazy, you're right but I still use most often:
mvn dependency:tree -Dverbose
It's even crazier to read than the normal you mentioned. I do, however, agree with JF Meier here, dumping it into a text file is the way to go.
You can also search for certain things:
mvn dependency:tree -Dverbose -Dincludes=project-c
Sometimes to get a cleaner picture though I use
mvn clean dependency:tree -DskipTest
Got these when solving another problem from here.
If you want to know where a dependency comes from, use dependency:tree. I do not understand why it did not help you. Dump the result to a Text file and search for the artifacts you are interested in. Then you will immediately see where they come from.
If you want to set the version of a given dependency, use <dependencyManagement> to set the version to the one you like.
There are, of course, dependencies in your local repository which are not dependencies of your project, but are dependencies of Maven plugins.
I want to read classes within dependency jars getting downloaded during maven build(dynamically) and write them in a file inside resources folder. Is there a way to do it? I am new to maven and I tried all possibilities to do this but couldn't find a way. Any help would be appreciated.
You can try using the maven-dependency-plugin and generating a dependency tree with an outputFile. I don't have a running example, but you can take a look of the plugin documentation here: http://maven.apache.org/plugins/maven-dependency-plugin/tree-mojo.html
On the usage section you have configuration approaches that may be useful to achieve what you need.
You can also generate the dependency tree in a separate maven run with this command:
mvn dependency:tree -Doutput=/path/to/file
as is told in the usage section of the plugin documentation.
Hope this helps