I have a simple pom.xml which have only JUnit dependency and exec-maven-plugin.
But when I say "mvn install" I see lot of dependencies downloading.
Are this mandatory dependencies by maven?
I am listing a few here :
ClassWorlds
Commons-logging-api
log4j
backport-util-concurrent
Are this mandatory dependencies by maven
Yes, those are transitive dependencies.
This allows you to avoid needing to discover and specify the libraries that your own dependencies require, and including them automatically
See "Resolving conflicts using the dependency tree"
A project's dependency tree can be expanded to display dependency conflicts. For example, to find out why Commons Collections 2.0 is being used by the Maven Dependency Plugin, we can execute the following in the project's directory:
mvn dependency:tree -Dverbose -Dincludes=commons-collections
Related
I have jackson-core-2.9.0 in the list of External Libraries, but I cant find where I added this lib in the project
You must understand how maven dependency works.
If you add any dependency to your pom.xml which is direct dependency to your project.
Then those direct dependencies have direct dependencies of their own and those dependencies have direct dependencies of their own and so on until there are no direct dependencies, these are called transitive dependencies of your project.
Use mvn dependency:tree to display all you your dependencies in tree structure to find which direct dependency has jackson-core-2.9.0 as dependency.
Note: more than one direct dependency can have jackson-core-2.9.0(or any other dependency) as dependency
Known: npm
I am used to npm and JavaScript and whenever the dependency tree changes, there is a changed package-lock.json generated. This file includes all dependencies and their transitive dependencies with resolved/fixed versions.
Unknown: mvn
Now i have to use Maven and Java.
The question is: What's the maven-equivalent of npms package-lock.json?
I would need this information as to efficiently track which exact versions of (transitive) dependencies are contained in my project/bundle.
In Maven you usually do not use version ranges - so you'll always have a defined version for a dependency. If you want to change the version of a transitive dependency you can do this using the dependencyManagement block (which is similar to the new npm overrides).
If you want a report of the exact dependencies used check out the Maven Dependency Plugin. You can run a mvn dependency:tree to see all dependencies (with relations) including versions.
For more information about Maven dependency mechanism see Introduction to the Dependency Mechanism
Impact of exclusion in the context of jar packaging(simple/fat jar using shade plugin). What i mean here, how can it be verified by extracting the jar.
When a dependency is excluded, it is removed from the dependency tree at that point. You can check this with mvn dependency:tree. It might still come in through other ways (e.g. as transitive dependency of some other dependency). You can check that with mvn dependency:list.
In my pom.xml ,even though i have not declared a dependency for commons logging and slf4j i can see them being automatically getting downloaded by maven.Is there a way to specify globally in pom.xml for the exclusion of these jars?
This is because your included a dependency in your pom.xml which is dependent on commons logging and sl4j. This is transitive dependency mechanism used by maven.
Go to Dependency Heirarchy Tab in eclipse to find out which dependency is downloading the logging dependencies.
Then you need use the <exclusions>{dependency}</exclusions> to exclude the dependency.
This maven page has good information on how to exclude transitive dependencies.
I've spent a lot of time and my head is blowing up already so I'll be very thankful for any help.
I'm migrating Netbeans Platform application from ant to maven, and so I'm changing all the jars in my version control repo to maven dependencies. I've found needed artifact in main maven repo and I've added it as a dependency with a help of Netbeans, but it's of type POM and was placed in Non-classpath Dependencies and I have no idea how to use it as it wasn't added to classpath etc…
Can someone explain what are these POM dependencies and how to use them?
Thank you in advance!!
EDIT
here is dependency definition in pom.xml
<dependency>
<groupId>com.kitfox.svg</groupId>
<artifactId>svg-salamander</artifactId>
<version>1.0</version>
<type>pom</type>
</dependency>
Adding a pom dependency only pulls down transitive dependencies, that is jar dependencies defined as dependencies in the pom. The pom does not get added on the classpath for obvious reasons, but the transitive dependencies reachable from pom will be added to classpath.
What you ideally need to do is have dependencies of type jar Default dependency type is jar and you can simply define dependencies without any type element in the dependency section.
If you have located the jar files you need in Maven Cental, then you simply need to provide groupId artifactId and version for each one of those in dependencies section.
Personally I cannot think of any case when one would need to add pom type dependency. I usually use pom packaging for parent module in a project (specify common project configuration like plugin versions, common dependencies, like log4j for example, repositories, properties etc.) and for utility package module (the one that assembles the project and does some other necessary things).
Judging from my experience (I did it several times), when migrating project from ant to maven you should take all the jar files that your project used to depend on and convert them into maven dependencies (groupId:artifactId:version). Most probably all of these dependencies will not have any <type> (e.g. be jars).