Reproduced maven's mvn dependency dependency analysis and common command introduction - short book
Maven's mvn dependency dependency analysis and introduction to common commands
During the project development process, we often have the need to analyze project dependencies, find jar dependency paths, find jar conflicts, and so on. At this time, the dependency command will be very useful. Here we introduce some usages of the dependency command of maven.
1. mvn dependency:list
---- List all jar packages of the project
mvn dependency:list -Dverbose
This command can list all the jar packages that the project depends on. The -Dverbose parameter will also list the ignored jars, that is, the introduction of different versions of the same jar package.
Example output:
[INFO] org.springframework:spring-aop:jar:5.0.6.RELEASE:compile
[INFO] org.hibernate.validator:hibernate-validator:jar:6.0.9.Final:compile
[INFO] com.fasterxml.jackson.core:jackson-core:jar:2.9.5:compile
[INFO] com.fasterxml.jackson.datatype:jackson-datatype-jsr310:jar:2.9.5:compile
[INFO] org.springframework:spring-expression:jar:5.0.6.RELEASE:compile
[INFO] org.springframework.boot:spring-boot-starter:jar:2.0.2.RELEASE:compile
[INFO] org.springframework.boot:spring-boot-starter-logging:jar:2.0.2.RELEASE:compile
[INFO] org.yaml:snakeyaml:jar:1.19:runtime
[INFO] org.springframework.boot:spring-boot:jar:2.0.2.RELEASE:compile
[INFO] junit:junit:jar:3.8.1:test
2. mvn dependency:tree
---- List the package dependency tree of the project
mvn dependency:tree -Dverbose
The difference between this command and the previous command is that the dependencies of this command are output as a tree, which makes it easier to see the dependencies.
Example output:
[INFO] \- org.springframework.boot:spring-boot-starter-web:jar:2.0.2.RELEASE:compile
[INFO] +- org.springframework.boot:spring-boot-starter:jar:2.0.2.RELEASE:compile
[INFO] | \- org.springframework:spring-core:jar:5.0.6.RELEASE:compile
[INFO] | \- org.springframework:spring-jcl:jar:5.0.6.RELEASE:compile
[INFO] +- org.springframework:spring-web:jar:5.0.6.RELEASE:compile
[INFO] | \- org.springframework:spring-beans:jar:5.0.6.RELEASE:compile
[INFO] \- org.springframework:spring-webmvc:jar:5.0.6.RELEASE:compile
[INFO] +- org.springframework:spring-aop:jar:5.0.6.RELEASE:compile
[INFO] +- org.springframework:spring-context:jar:5.0.6.RELEASE:compile
[INFO] \- org.springframework:spring-expression:jar:5.0.6.RELEASE:compile
dependency:tree
There are several important parameters that are very useful:
- includes
- Description: This parameter can list the specified jars, and others are ignored
- Example:
-Dincludes=velocity:velocity
, to list only the dependencies of velocity - Parameter value:
[groupId]:[artifactId]:[type]:[version]
, the parameter format is like this, the value without it can be left blank, for example-Dincludes=:spring-aop
,-Dincludes=:::5.0.6.RELEASE
,-Dincludes=org.springframework
- Wildcards: Wildcards can be used in parameters, for example
org.apache.*
,:::*-SNAPSHOT
- Multiple parameter values: The parameter can be followed by multiple parameter values, separated by commas, for example
-Dincludes=org.apache.maven*,org.codehaus.plexus
- excludes
- Explanation: The usage of this parameter is
includes
the same as that, but the function of this parameter is to exclude the specified jar
- Explanation: The usage of this parameter is
Example: view package conflicts
For example, let's check the commons-collections
conflict of the package
command: mvn dependency:tree -Dverbose -Dincludes=commons-collections
output:
[INFO] [dependency:tree]
[INFO] org.apache.maven.plugins:maven-dependency-plugin:maven-plugin:2.0-alpha-5-SNAPSHOT
[INFO] +- org.apache.maven.reporting:maven-reporting-impl:jar:2.0.4:compile
[INFO] | \- commons-validator:commons-validator:jar:1.2.0:compile
[INFO] | \- commons-digester:commons-digester:jar:1.6:compile
[INFO] | \- (commons-collections:commons-collections:jar:2.1:compile - omitted for conflict with 2.0)
[INFO] \- org.apache.maven.doxia:doxia-site-renderer:jar:1.0-alpha-8:compile
[INFO] \- org.codehaus.plexus:plexus-velocity:jar:1.1.3:compile
[INFO] \- commons-collections:commons-collections:jar:2.0:compile
We can see that the 2.1 version of the jar is ignored, because maven resolves dependencies based on the principle of the nearest path, the 2.0 version has a shorter path, so version 2.0 is introduced, and the 2.1 version has a longer path than 2.0, so it is ignored.
Use this command to easily view the import path of the package and the conflict of the package.
Do not omit -Dverbose
the parameters here, otherwise the ignored packages will not be displayed
3. dependency:analyze-only
---- Analyzing dependencies
dependency:analyze-only
The command can analyze the entire project and find out the following dependencies in the project:
- Dependencies declared and used
- Dependencies not declared but used
- Dependencies declared but not used
Example output:
[INFO] Used declared dependencies found:
[INFO] cn.hutool:hutool-all:jar:4.3.1:compile
[INFO] com.google.guava:guava:jar:27.0.1-jre:compile
[WARNING] Used undeclared dependencies found:
[WARNING] org.slf4j:slf4j-api:jar:1.7.25:compile
[WARNING] org.springframework:spring-context:jar:4.3.22.RELEASE:compile
[WARNING] org.springframework.boot:spring-boot-autoconfigure:jar:1.5.19.RELEASE:compile
[WARNING] org.springframework.boot:spring-boot:jar:1.5.19.RELEASE:compile
[WARNING] org.springframework:spring-beans:jar:4.3.22.RELEASE:compile
[WARNING] junit:junit:jar:4.12:test
[WARNING] Unused declared dependencies found:
[WARNING] org.springframework.boot:spring-boot-starter-test:jar:1.5.19.RELEASE:test
[WARNING] com.h2database:h2:jar:1.4.197:test
[WARNING] org.springframework.boot:spring-boot-starter:jar:1.5.19.RELEASE:compile
[WARNING] com.fasterxml.jackson.core:jackson-databind:jar:2.8.11.3:compile
[WARNING] org.projectlombok:lombok:jar:1.16.22:compile
[WARNING] com.alibaba:fastjson:jar:1.2.55:compile
It should be noted that if you want to view the declared and used dependencies, you must add parameters -Dverbose
.
4. dependency:analyze-duplicate
---- Analyze <dependencies/> and <dependencyManagement/>
This command will find <dependencies/> 和 <dependencyManagement/>
duplicate declared dependencies in
5. dependency:list-repositories
---- List all remote repositories
Order:mvn dependency:list-repositories
output:
[INFO] id: sonatype-nexus-snapshots
url: https://oss.sonatype.org/content/repositories/snapshots
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => false, update => daily]
[INFO] id: apache.snapshots
url: https://repository.apache.org/snapshots
layout: default
snapshots: [enabled => true, update => daily]
releases: [enabled => false, update => daily]
[INFO] id: central
url: https://repo.maven.apache.org/maven2
layout: default
snapshots: [enabled => false, update => daily]
releases: [enabled => true, update => daily]
6. dependency:purge-local-repository
---- Clean up the local repository
This command will first resolve the dependencies of the entire project, then clean up these dependencies from the local repository, and re-download them from the remote repository.
- Direct dependencies
One thing to be clear, this command operates on all dependencies by default. So it will download some missing dependencies to collect the complete dependency tree information before the purge operation. In order to avoid these pre-download operations, you can set parameters-DactTransitively=false
to only operate on the direct dependencies of the project. - Specify/exclude dependencies
You can also only operate certain packages in a targeted manner. You need to add parameters-Dincludes
and clearly declare the package. This can pass multiple values, separated by commas, for example:dependency:purge-local-repository -Dincludes=org.slf4j:slf4j-api,org.slf4j:log4j-over-slf4j
.-Dexcludes
The same is true, except that certain dependencies are excluded. - Custom cleanup
If you want to clean up dependencies that are not in this project, you can also use this, but the parameters are different.mvn dependency:purge-local-repository -DmanualIncludes=org.apache:apache
, the parameter-DmanualInclude
allows you to clean up dependencies that are not in this project, but will not re-parse dependencies, because these dependencies are not needed in this project. This is very useful for cleaning parent pom, imported pom, maven plugin.