You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@maven.apache.org by James Green <ja...@gmail.com> on 2015/08/07 12:33:37 UTC
Finding transitive dependencies imported into our code
Hi,
I want to know about any imports within our package base that are resolved
by a transitive dependency.
There must be a command or tool for this - I'm not sure I've ever seen one
though?
This probably should form a report of warnings during the build...
Thanks,
James
RE: Finding transitive dependencies imported into our code
Posted by Endo Alejandro <Al...@grassvalley.com>.
Ben's suggestion should be enough.
dependency:analyze will output declared, unused dependencies and undeclared, used dependencies (what you want)
Mind you, I've had quite a few false positives in the first category. I think things like reflection will fool the analysis. But since you are interested in the second category, at least in my case, I don't remember having any issues with it
Alejandro
-----Original Message-----
From: Ben Podgursky [mailto:bpodgursky@gmail.com]
Sent: Friday, August 7, 2015 08:17 AM
To: Maven Users List
Subject: Re: Finding transitive dependencies imported into our code
I think you want mvn dependency:analyze -DfailOnWarning=true
https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html#failOnWarning
On Fri, Aug 7, 2015 at 4:38 AM, Russell Gold <ru...@oracle.com>
wrote:
> mvn -X compile
>
> Look at the listing; it will show you all of the dependencies.
>
> > On Aug 7, 2015, at 7:14 AM, James Green <ja...@gmail.com>
> wrote:
> >
> > See in-line
> >
> > On 7 August 2015 at 12:05, Björn Raupach
> > <ra...@googlemail.com>
> > wrote:
> >
> >> hi,
> >>
> >>> On 07 Aug 2015, at 12:33, James Green <ja...@gmail.com>
> wrote:
> >>>
> >>> Hi,
> >>>
> >>> I want to know about any imports within our package base that are
> >> resolved
> >>> by a transitive dependency.
> >>>
> >>> There must be a command or tool for this - I'm not sure I've ever
> >>> seen
> >> one
> >>> though?
> >>
> >> Maybe this helps: mvn dependency:resolve
> >>
> >
> > Nope. Allow me to describe my use-case.
> >
> > I have been given a source code project. It has a dependency that we
> > have no clear need for. I remove that dependency. The build now
> > fails because our sources import something the now-removed
> > dependency transitively provided.
> >
> > I want to know I don't have any other source-code dependencies not
> > listed in <dependencies>.
> >
> > I can not see such a command listed under
> > https://maven.apache.org/plugins/maven-dependency-plugin/
> >
> > Thanks,
> >
> > James
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
DISCLAIMER:
Privileged and/or Confidential information may be contained in this
message. If you are not the addressee of this message, you may not
copy, use or deliver this message to anyone. In such event, you
should destroy the message and kindly notify the sender by reply
e-mail. It is understood that opinions or conclusions that do not
relate to the official business of the company are neither given
nor endorsed by the company.
Thank You.
Re: Finding transitive dependencies imported into our code
Posted by Baptiste Mathus <ml...@batmat.net>.
+1 dependency:analyze seems to be the one.
Le 7 août 2015 2:17 PM, "Ben Podgursky" <bp...@gmail.com> a écrit :
> I think you want mvn dependency:analyze -DfailOnWarning=true
>
>
> https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html#failOnWarning
>
> On Fri, Aug 7, 2015 at 4:38 AM, Russell Gold <ru...@oracle.com>
> wrote:
>
> > mvn -X compile
> >
> > Look at the listing; it will show you all of the dependencies.
> >
> > > On Aug 7, 2015, at 7:14 AM, James Green <ja...@gmail.com>
> > wrote:
> > >
> > > See in-line
> > >
> > > On 7 August 2015 at 12:05, Björn Raupach <
> raupach.bjoern@googlemail.com>
> > > wrote:
> > >
> > >> hi,
> > >>
> > >>> On 07 Aug 2015, at 12:33, James Green <ja...@gmail.com>
> > wrote:
> > >>>
> > >>> Hi,
> > >>>
> > >>> I want to know about any imports within our package base that are
> > >> resolved
> > >>> by a transitive dependency.
> > >>>
> > >>> There must be a command or tool for this - I'm not sure I've ever
> seen
> > >> one
> > >>> though?
> > >>
> > >> Maybe this helps: mvn dependency:resolve
> > >>
> > >
> > > Nope. Allow me to describe my use-case.
> > >
> > > I have been given a source code project. It has a dependency that we
> have
> > > no clear need for. I remove that dependency. The build now fails
> because
> > > our sources import something the now-removed dependency transitively
> > > provided.
> > >
> > > I want to know I don't have any other source-code dependencies not
> listed
> > > in <dependencies>.
> > >
> > > I can not see such a command listed under
> > > https://maven.apache.org/plugins/maven-dependency-plugin/
> > >
> > > Thanks,
> > >
> > > James
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> > For additional commands, e-mail: users-help@maven.apache.org
> >
> >
>
Re: Finding transitive dependencies imported into our code
Posted by Ben Podgursky <bp...@gmail.com>.
I think you want mvn dependency:analyze -DfailOnWarning=true
https://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html#failOnWarning
On Fri, Aug 7, 2015 at 4:38 AM, Russell Gold <ru...@oracle.com>
wrote:
> mvn -X compile
>
> Look at the listing; it will show you all of the dependencies.
>
> > On Aug 7, 2015, at 7:14 AM, James Green <ja...@gmail.com>
> wrote:
> >
> > See in-line
> >
> > On 7 August 2015 at 12:05, Björn Raupach <ra...@googlemail.com>
> > wrote:
> >
> >> hi,
> >>
> >>> On 07 Aug 2015, at 12:33, James Green <ja...@gmail.com>
> wrote:
> >>>
> >>> Hi,
> >>>
> >>> I want to know about any imports within our package base that are
> >> resolved
> >>> by a transitive dependency.
> >>>
> >>> There must be a command or tool for this - I'm not sure I've ever seen
> >> one
> >>> though?
> >>
> >> Maybe this helps: mvn dependency:resolve
> >>
> >
> > Nope. Allow me to describe my use-case.
> >
> > I have been given a source code project. It has a dependency that we have
> > no clear need for. I remove that dependency. The build now fails because
> > our sources import something the now-removed dependency transitively
> > provided.
> >
> > I want to know I don't have any other source-code dependencies not listed
> > in <dependencies>.
> >
> > I can not see such a command listed under
> > https://maven.apache.org/plugins/maven-dependency-plugin/
> >
> > Thanks,
> >
> > James
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
> For additional commands, e-mail: users-help@maven.apache.org
>
>
Re: Finding transitive dependencies imported into our code
Posted by Russell Gold <ru...@oracle.com>.
mvn -X compile
Look at the listing; it will show you all of the dependencies.
> On Aug 7, 2015, at 7:14 AM, James Green <ja...@gmail.com> wrote:
>
> See in-line
>
> On 7 August 2015 at 12:05, Björn Raupach <ra...@googlemail.com>
> wrote:
>
>> hi,
>>
>>> On 07 Aug 2015, at 12:33, James Green <ja...@gmail.com> wrote:
>>>
>>> Hi,
>>>
>>> I want to know about any imports within our package base that are
>> resolved
>>> by a transitive dependency.
>>>
>>> There must be a command or tool for this - I'm not sure I've ever seen
>> one
>>> though?
>>
>> Maybe this helps: mvn dependency:resolve
>>
>
> Nope. Allow me to describe my use-case.
>
> I have been given a source code project. It has a dependency that we have
> no clear need for. I remove that dependency. The build now fails because
> our sources import something the now-removed dependency transitively
> provided.
>
> I want to know I don't have any other source-code dependencies not listed
> in <dependencies>.
>
> I can not see such a command listed under
> https://maven.apache.org/plugins/maven-dependency-plugin/
>
> Thanks,
>
> James
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Finding transitive dependencies imported into our code
Posted by Hilco Wijbenga <hi...@gmail.com>.
On 7 August 2015 at 04:14, James Green <ja...@gmail.com> wrote:
> See in-line
>
> On 7 August 2015 at 12:05, Björn Raupach <ra...@googlemail.com>
> wrote:
>
>> hi,
>>
>> > On 07 Aug 2015, at 12:33, James Green <ja...@gmail.com> wrote:
>> >
>> > Hi,
>> >
>> > I want to know about any imports within our package base that are
>> resolved
>> > by a transitive dependency.
>> >
>> > There must be a command or tool for this - I'm not sure I've ever seen
>> one
>> > though?
>>
>> Maybe this helps: mvn dependency:resolve
>>
>
> Nope. Allow me to describe my use-case.
>
> I have been given a source code project. It has a dependency that we have
> no clear need for. I remove that dependency. The build now fails because
> our sources import something the now-removed dependency transitively
> provided.
>
> I want to know I don't have any other source-code dependencies not listed
> in <dependencies>.
Have you looked at Takari ([1])? It enforces stricter rules for
dependencies. I have not gotten around to using it yet but I ran into
similar problems and this seems like the perfect solution.
[1] http://takari.io/book/40-lifecycle.html#enforcing-dependency-usage-during-compilation
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Finding transitive dependencies imported into our code
Posted by James Green <ja...@gmail.com>.
See in-line
On 7 August 2015 at 12:05, Björn Raupach <ra...@googlemail.com>
wrote:
> hi,
>
> > On 07 Aug 2015, at 12:33, James Green <ja...@gmail.com> wrote:
> >
> > Hi,
> >
> > I want to know about any imports within our package base that are
> resolved
> > by a transitive dependency.
> >
> > There must be a command or tool for this - I'm not sure I've ever seen
> one
> > though?
>
> Maybe this helps: mvn dependency:resolve
>
Nope. Allow me to describe my use-case.
I have been given a source code project. It has a dependency that we have
no clear need for. I remove that dependency. The build now fails because
our sources import something the now-removed dependency transitively
provided.
I want to know I don't have any other source-code dependencies not listed
in <dependencies>.
I can not see such a command listed under
https://maven.apache.org/plugins/maven-dependency-plugin/
Thanks,
James
Re: Finding transitive dependencies imported into our code
Posted by Björn Raupach <ra...@googlemail.com>.
hi,
> On 07 Aug 2015, at 12:33, James Green <ja...@gmail.com> wrote:
>
> Hi,
>
> I want to know about any imports within our package base that are resolved
> by a transitive dependency.
>
> There must be a command or tool for this - I'm not sure I've ever seen one
> though?
Maybe this helps: mvn dependency:resolve
>
> This probably should form a report of warnings during the build...
>
> Thanks,
>
> James
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org
Re: Finding transitive dependencies imported into our code
Posted by Ron Wheeler <rw...@artifact-software.com>.
You IDE should do that if it is Maven aware.
Foe example, Eclipse/STS, which the m2e plugin built-in, gives you a
view in the POM editor that shows the origin of the need for each
dependency and shows the whole chain of transitive dependencies.
It shows what versions of dependencies will be dropped because of conflicts.
This lets you see the effects of exclusions immediately without having
to do a build.
This is more useful than a separate cli tool which may be why one does
not exist.
Ron
On 07/08/2015 6:33 AM, James Green wrote:
> Hi,
>
> I want to know about any imports within our package base that are resolved
> by a transitive dependency.
>
> There must be a command or tool for this - I'm not sure I've ever seen one
> though?
>
> This probably should form a report of warnings during the build...
>
> Thanks,
>
> James
>
--
Ron Wheeler
President
Artifact Software Inc
email: rwheeler@artifact-software.com
skype: ronaldmwheeler
phone: 866-970-2435, ext 102
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@maven.apache.org
For additional commands, e-mail: users-help@maven.apache.org