You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@maven.apache.org by Michael Spiegel <mi...@gmail.com> on 2016/04/23 05:04:32 UTC
Get licenses of transitive dependencies
Hello everyone,
Apologies if this is the wrong venue for this question. I'm trying to
retrieve the licenses for all the transitive dependencies for maven
projects. I'm currently using the MavenProject#getArtifacts() API and then
for each Artifact I am using the ProjectBuilder to build a Project from
each Artifact and retrieve the licenses from the Project.
I have two related questions:
(1) From debugging output I think that MavenProject#getArtifacts() returns
all versions of all artifacts. How do I retrieve the artifacts after
dependency mediation has been applied?
(2) Generating a Project from an Artifact is an expensive approach for me
since I only need the <licenses> information. I notice that my plugin
downloads a lot of jars. How do I generate a Model from an Artifact? The
license can be extracted from the Model.
Note that solving problem (1) makes problem (2) less of an issue, as extra
jars will no longer be downloaded.
Thanks,
--Michael
Re: Get licenses of transitive dependencies
Posted by Karl Heinz Marbaise <kh...@gmx.de>.
Hi,
you now that something like..
http://www.mojohaus.org/license-maven-plugin/index.html
already exists ?
On 4/23/16 5:04 AM, Michael Spiegel wrote:
> Hello everyone,
>
> Apologies if this is the wrong venue for this question. I'm trying to
> retrieve the licenses for all the transitive dependencies for maven
> projects. I'm currently using the MavenProject#getArtifacts() API and then
> for each Artifact I am using the ProjectBuilder to build a Project from
> each Artifact and retrieve the licenses from the Project.
>
> I have two related questions:
>
> (1) From debugging output I think that MavenProject#getArtifacts() returns
> all versions of all artifacts. How do I retrieve the artifacts after
> dependency mediation has been applied?
>
> (2) Generating a Project from an Artifact is an expensive approach for me
> since I only need the <licenses> information. I notice that my plugin
> downloads a lot of jars. How do I generate a Model from an Artifact? The
> license can be extracted from the Model.
>
> Note that solving problem (1) makes problem (2) less of an issue, as extra
> jars will no longer be downloaded.
>
> Thanks,
> --Michael
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@maven.apache.org
For additional commands, e-mail: dev-help@maven.apache.org
Re: Get licenses of transitive dependencies
Posted by Anton Tanasenko <at...@gmail.com>.
Hi,
MavenProject#getArtifacts() is returning a resolved list of all
dependencies, each artifact will have only one specific version.
Which scope is resolved - depends on the requiresDependencyResolution
attribute of your @Mojo.
Be aware, that not all of the projects provide licensing infromation in
their poms. In fact as much as half of open source libs from central are
probably missing it.
Some of the dependencies contain at least a license file somewhere inside
the jar which you could hash and compare against some known list of hashes,
but some have nothing at all.
2016-04-23 6:04 GMT+03:00 Michael Spiegel <mi...@gmail.com>:
> Hello everyone,
>
> Apologies if this is the wrong venue for this question. I'm trying to
> retrieve the licenses for all the transitive dependencies for maven
> projects. I'm currently using the MavenProject#getArtifacts() API and then
> for each Artifact I am using the ProjectBuilder to build a Project from
> each Artifact and retrieve the licenses from the Project.
>
> I have two related questions:
>
> (1) From debugging output I think that MavenProject#getArtifacts() returns
> all versions of all artifacts. How do I retrieve the artifacts after
> dependency mediation has been applied?
>
> (2) Generating a Project from an Artifact is an expensive approach for me
> since I only need the <licenses> information. I notice that my plugin
> downloads a lot of jars. How do I generate a Model from an Artifact? The
> license can be extracted from the Model.
>
> Note that solving problem (1) makes problem (2) less of an issue, as extra
> jars will no longer be downloaded.
>
> Thanks,
> --Michael
>
--
Regards,
Anton.