Known: npm
I am used to npm and JavaScript and whenever the dependency tree changes, there is a changed package-lock.json generated. This file includes all dependencies and their transitive dependencies with resolved/fixed versions.
Unknown: mvn
Now i have to use Maven and Java.
The question is: What's the maven-equivalent of npms package-lock.json?
I would need this information as to efficiently track which exact versions of (transitive) dependencies are contained in my project/bundle.
In Maven you usually do not use version ranges - so you'll always have a defined version for a dependency. If you want to change the version of a transitive dependency you can do this using the dependencyManagement block (which is similar to the new npm overrides).
If you want a report of the exact dependencies used check out the Maven Dependency Plugin. You can run a mvn dependency:tree to see all dependencies (with relations) including versions.
For more information about Maven dependency mechanism see Introduction to the Dependency Mechanism
Related
Let's say I'm interested in using https://mvnrepository.com/artifact/org.apache.avro/avro. How can I find which other dependencies avro will bring in and which version of those dependencies it will bring in. I know I can manually add the dependency to a project's link pom.xml and run
mvn dependency:tree | tee tree.txt
to see which dependencies are used but this requires always fixing up compilation errors and there should be an easier way.
I was wondering if there's any way to check which transitive dependencies that a parent dependency will bring in using a website that will straight up mention that info.
https://mvnrepository.com/ itself has the dependencies information just select a version and scroll down to see list of dependencies.
When a transitive dependency changes, there is no direct change in the project I am working on. When I update a dependency that itself brings in new dependencies since its previous version, transitive dependencies are difficult to track and it would be good to know if there is any new library added to the project I am building or the version of an existing transitive dependency has changed.
Is there a maven plugin that can detect a dependency change like this or a maven flag?
Use mvn dependency:list -Dsort=true > file to generate all dependencies into file. After POM changes generate second file. Then diff files to see changes
If you don't do any changes also transitive dependencies will not change. This can happen only if you change POM. For example you change version of used dependency.
If a library changes dependencies, version of the library will increase. To be affected by this changes you would need to use that new version in POM.
I have a simple pom.xml which have only JUnit dependency and exec-maven-plugin.
But when I say "mvn install" I see lot of dependencies downloading.
Are this mandatory dependencies by maven?
I am listing a few here :
ClassWorlds
Commons-logging-api
log4j
backport-util-concurrent
Are this mandatory dependencies by maven
Yes, those are transitive dependencies.
This allows you to avoid needing to discover and specify the libraries that your own dependencies require, and including them automatically
See "Resolving conflicts using the dependency tree"
A project's dependency tree can be expanded to display dependency conflicts. For example, to find out why Commons Collections 2.0 is being used by the Maven Dependency Plugin, we can execute the following in the project's directory:
mvn dependency:tree -Dverbose -Dincludes=commons-collections
I am not MavenĀ“s user and i want configure all dependencies of Swagger in my project. I try make it unsucessful. I get thousands jars, jackson-, swagger- and nothing.
From https://github.com/swagger-api/swagger-core/wiki/Swagger-Core-JAX-RS-Project-Setup-1.5.X#adding-the-dependencies-to-your-application:
Projects that cannot utilize maven's dependencies would need to add
the dependencies manually. Since those may change from version to
version, the list of dependencies will not be documented here.
Instead, it is advised that you clone the swagger-core repository, go
to the directory of the relevant module (artifact) and run mvn dependency:list. That would give you a list of dependencies required
by swagger-core which you would have to include manually in your
application. Keep in mind this requires you to have maven installed
but it does not require you to use maven for your project.
The command mvn -U forcing all project dependencies to get updated from remote repository.
Is it possible to force such update for specific selection of dependencies, by explicit selection / by some logic?
The reasoning:
I don't want to force checking all the dependencies we have because how time consuming it is. All I need, is to verify a few of them or even specify only one dependency. So, such solution is highly desired.
There are two maven plugins that may help you here.
The first, dependency, will simply download the given version of a dependency:
mvn dependency:get -Dartifact=groupId:artifactId:version
The second, versions, offers some behaviors which you may also find helpful.
By running mvn versions:use-latest-releases -Dincludes=groupId:artifactId your project's pom will be updated with the latest release version of the dependency specified by the '-Dincludes' flag. You could then run the first command to download the version now referenced by your pom.
Both of these behaviors can be heavily customized and automated to do some quite awesome things. To get more help on a plugin goal, run: mvn plugin:help -Ddetail=true -Dgoal=goal
Example: mvn versions:help -Ddetail=true -Dgoal=use-latest-releases
For further information:
versions, dependency, and plugins