Best IT Recipes

Force Maven only uses first level dependencies

I have a Maven Java project. I do not want my project dependencies to be randomly satisfied through a chain of sub-dependencies when compiling the project. This is normal for me when you are building the final war, when maven should check all the dependencies used and add the necessary war to the war, but when compiling the code I want to be sure that only direct dependencies are used. Why?

Let's say I have two dependencies:

<dependency> <groupId>com.package</groupId> <artifactId>module-1</artifactId> </dependency> <dependency> <groupId>com.package</groupId> <artifactId>module-2</artifactId> </dependency>

For our project-1 module and module-2, completely different goals are used, but somewhere in the dependency tree of module-2, module-1 is used. I remove the dependency of module-1, but maven continues to build my project without compilation errors, because it allows module-1 from the dependencies of module-2. This change goes unnoticed.

Once we decided to remove module-2, because we do not need it. Strange, but we can no longer compile classes that used import from module-1 and which are not connected to the logic of module-2.

This is a simple case, but in a large project it can create a messy mess.

+3
java maven dependencies
Oct 15 '13 at 13:43 on
source share
4 answers

You can use the Maven dependency plugin : “dependency: analysis” to provide you with a report of all used dependencies that are not declared on the current module (enabled transitively). That way, Maven will still use transitive dependencies (not in the way I expect), but you can force yourself to connect to the plugin to make sure they are also declared. It will also warn you of unnecessary dependencies. Reason, the plugin parses compiled classes. Sometimes you may need to configure the plugin, because sometimes it cannot detect that the dependency is required at compile time, but not at run time, for example. because the constant was built in.

+5
15 Oct '13 at 13:55 on
source share

If you really need to do this, you can configure exceptions in pom.

eg. here is an example of an exception in one of my priests where I do not want it to automatically receive sharing messages because I use a different logging provider.

  <dependency> <groupId>org.springframework</groupId> <artifactId>spring-context</artifactId> <version>${org.springframework-version}</version> <exclusions> <!-- Exclude Commons Logging in favor of SLF4j --> <exclusion> <groupId>commons-logging</groupId> <artifactId>commons-logging</artifactId> </exclusion> </exclusions> </dependency>

You can do something like this (untested)

 <dependency> <groupId>com.package</groupId> <artifactId>module-2</artifactId> <exclusions> <exclusion> <groupId>com.package</groupId> <artifactId>module-1</artifactId> </exclusion> </exclusions> </dependency>

I would not recommend this. This makes sense in case of my registration exception, because I use slf4j instead of registering in communities. I saw other examples when this is used to exclude spring 2 if the project as a whole uses spring 3.

This is a little hard to say from your example, because it is so vague. In general, you should keep your addictions to a minimum. If module-2 depends on module-1, then this means that your application will not compile or run without module-1. If in fact he can live happily without him, then this is not very dependent.

As a side note, it's a little worrying that you don't have a version number for dependencies. You will probably find that maven is warning you about this. It is good practice to always include the version number. If you depend on a module that is currently under development, you must use the suffix .SNAPSHOT for the version to get the latest version for this version.

+2
Oct. 15 '13 at 16:13
source share

There seems to be no way to tell maven not to resolve the dependency transitively: How to eliminate all transitive dependencies of a Maven dependency . One reason that I think is because the user may soon run into runtime problems when they discover that some of the artifacts are not resolved at run time or problems with the version of the artifact. However, if you check the link, you can make each of the deposits "stand-alone" with a wildcard exclusion pattern.

Another option is to use the <optional> dependency for each of your module-X dependencies. This ensures that the project will compile and not your module-X will resolve transitively. How:

 <dependency> <groupId>com.package</groupId> <artifactId>module-1</artifactId> <optional>true</optional> </dependency>

However, dependency tree analysis may be the safest and most predictable choice.

+1
Oct 15 '13 at 15:32
source share

It sounds a little strange what you plan to do. In a way, you are sabotaging the dependency management you want to use.

If your module-2 depends on module-1 and has a dependency on it, then any module that depends on module-2 should only determine it.

You can limit the resolution by using exceptions: Exclude all transitive dependencies of one dependency

Newer versions of maven allow wildcards in them.

But: you will need to re-add the ones you really need, this is a repetition of the dependencies that you have with other modules. This duplicates the work.

If there are artifacts causing strangeness, it is possible to determine the scope: http://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html so that it does not extend to dependent modules either.

0
Oct. 15 '13 at 13:55 on
source share


More articles:


All Articles