I am working in a Maven project which has about 250 jar dependencies. Approximately Four out of five dependecies are not direct dependencies, I mean, they are dependencies of our dependencies (i.e jasperreport has about 8 dependencies).
Also, I suspect that there are some jar which we don't need to the project because they were old dependencies of old tool that we needed in the past but they were replaced by others.
What I need is:
To detect what jars of my pom.xml are not needed by the
project.
A way of removing the indirect jars from my pom.xml.
*Note: I'd swear that some time ago I manage to the indirect jars were downloaded by the direct dependencias, but I can't find how.
You're after mvn dependency:analyze:
Analyzes the dependencies of this project and determines which are: used and declared; used and undeclared; unused and declared.
This will let you remove any dependency which is not directly used from your pom. The dependencies that are used will still bring in their transitive (indirect) dependencies, as required.
I'm not really sure if you need to remove some dependencies of any of your direct dependencies or just want to clean jars downloaded.
If your problem is the first one, you can use "exclude" for that dependencies -> http://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html
If it's the second one, just remove your .m2/repository content and rebuild again your project
Related
I use both Intellij IDEA (2018.3.5) & Eclipse IDEs, but I prefer Intellij. I have a maven based Java project with multiple poms. I added some dependencies to one of the pom files. I need to find out if there are any dependency conflicts which could prevent the build from running when its deployed, and then exclude them. I tried the steps given below to find conflicts which could cause problems. Are they enough or do I need to do more ?
Check if there are any compile time dependency conflicts with mvn clean install -DskipTests. Build was successful with no errors.
Check if Intellij shows no problems under File > Project Structure > Problems. There are no problems.
I also saw the dependency tree with mvn dependency:tree -Dverbose. It has a lot of "omitted for duplicate" and "omitted for conflict with" items, but the build was successful. I don't see any errors though. Does this mean that everything is okay or do I have to do something more about these conflicts ?
The best way to tell if everything is fine with your application is to have good tests.
However normally one doesn't exclude transitive dependencies from project's <dependency> libraries. Doing it can potentially break the dependency in a subtle and hard to notice way. It's usually safer to remove the whole <dependency>.
There are few scenario when one should use <exclude>:
Dealing with incompatible transitive dependencies between different libraries e.g. A requires library C-1.0 but library B requires library C-2.0 while C-1.0 and C-2.0 can't coexist on the classpath.
Having transitive dependencies already provided by system e.g. deploying to Tomcat with additional JARs in the TOMCAT_HOME/lib directory.
If you decide to exclude a dependency it's important that you check the final artifact because sometimes plugins do weird things e.g. there were versions of maven-assembly-plugin affected by a bug that resulted in different dependencies being resolved during shaded JAR creation than maven-dependency-plugin used for compilation.
I have a multi-module maven project that uses some dependencies from netflix. The trouble is that those dependencies are built using gradle and use a runtime scope. When I build my project I then have only the direct dependency loaded but not it's own dependencies.
To fix that I added dependencyManagement entries to transform all the runtime scopes to compile scopes. They usually go in pack of 10 to 20 entries so what I want is to be able to make some pom that would only address this issue and be able to load it any time I need a dependency.
I know this can be done as i've read Maven pull dependencies via middle pom file and How to use POMs as a dependency in Maven? but I was wondering how I may carry those poms inside my current multi-module project.
I'd like to have those in my parent module and avoid needing to create one sub-module per pom. Like pom-dep1.xml, pom-dep2.xml... and have those bundled in my build. Is that possible ?
Thanks
I have a webapp that consists of multiple projects. We assemble using Ant and we suspect that some of the jars in /java directory are unneeded.
To find unneeded jars I ran
mvn dependency:analyze -DignoreNonCompile
to get a list of unused declared jars for each project. However it is possible that a jar unused by one project is still used by another. To check this, I ran
mvn dependency:tree
to get the dependency structure of all projects.
Using information from these commands, I will now use a script to check if a jar exists such that it is unused in all projects that declare it. Is this a reasonable approach for compile-scoped jars? What about jars in other scopes?
Thanks.
However it is possible that a jar unused by one project is still used
by another.
I recommend to declare all needed dependencies as direct dependencies and not rely on transitive dependencies which might get removed in a newer version.
Define the versions of the dependencies in the DependencyManagement section of the common parent POM and omit the versions later when declaring the dependcies. Like this you can make sure you're using the same version of the dependencies in all your projects.
I'm migrating a maven project to ant + ivy (it's an arbitrary decision, and it has to be done ).
The thing is that comparing both WAR files, the ant and the maven one, the former has a lot more 3rd party jars than the first one...
At first I thought that they were transitive dependencies but when I run mvn dependency:tree they don't appear there.
Any ideas?
EDIT:
Just for the record, I'm aware of the scope attribute of maven. I'm excluding all the provided and test dependencies in the ivy.xml file
You can use the ivy:report Ant task to generate a report of the dependencies resolved by Ivy. In this report, you can see where the extra dependencies are comming from.
Maarten
does anyone know the java packages that flickrj is dependent on? I'm going through the slow and painful compile - jarify - run - locate-library - repeat loop.
There's a Maven POM that references flickrj by name, you may find the listed dependencies useful. Note you'd also have to resolve the referenced project's transitive dependencies.
If you use the Maven dependency:copy-dependencies goal you can get all the transitive dependencies downloaded to a directory (you can also use the dependency:sources goal to get their sources)
You can also see the dependencies for flickr-api (a wrapper for flickrj) in its Maven pom.