Search code examples
javamavendependencies

Maven dependency tree and pom dependencies

I would like to know all transitive dependencies of the following jar:

<dependency>
    <groupId>org.codehaus.mojo</groupId>
    <artifactId>xmlbeans-maven-plugin</artifactId>
    <version>2.3.3</version>
</dependency>

Moving a classic command to the pom.xml of the project's defining that dependency and inputting:

mvn dependency:tree

would show:

+- org.codehaus.mojo:xmlbeans-maven-plugin:jar:2.3.3:compile
|  +- xml-resolver:xml-resolver:jar:1.2:compile
|  +- org.apache.maven:maven-model:jar:2.0.6:compile
|  +- org.apache.maven:maven-artifact:jar:2.0.6:compile
|  +- org.apache.maven:maven-project:jar:2.0.6:compile
|  |  +- org.apache.maven:maven-settings:jar:2.0.6:compile
|  |  +- org.apache.maven:maven-profile:jar:2.0.6:compile
|  |  +- org.apache.maven:maven-artifact-manager:jar:2.0.6:compile
|  |  |  +- org.apache.maven:maven-repository-metadata:jar:2.0.6:compile
|  |  |  \- org.apache.maven.wagon:wagon-provider-api:jar:1.0-beta-2:compile
|  |  +- org.apache.maven:maven-plugin-registry:jar:2.0.6:compile
|  |  \- org.codehaus.plexus:plexus-container-default:jar:1.0-alpha-9-stable-1:compile
|  |     +- junit:junit:jar:3.8.1:compile
|  |     \- classworlds:classworlds:jar:1.1-alpha-2:compile
|  +- org.apache.maven:maven-plugin-api:jar:2.0.6:compile
|  +- org.apache.xmlbeans:xmlbeans:jar:2.4.0:compile
|  |  \- stax:stax-api:jar:1.0.1:compile
|  \- org.codehaus.plexus:plexus-utils:jar:1.5.6:compile

I don't see the mojo-parent:

  <groupId>org.codehaus.mojo</groupId>
  <artifactId>mojo-parent</artifactId>
  <version>21</version>
  <packaging>pom</packaging>

At first glance it seems that the mvn command can show the dependencies which are not pom type.

Is there a way to show exactly every single file needed to keep a jar alive?

Thanks!

Solution

  • Actually it's hard to show files needed to 'keep a jar alive'. Your project can have some implicit dependencies.

    You can run mvn dependency:analyze, it should show you unused dependencies. But you have realize which of them you can freely remove. http://maven.apache.org/plugins/maven-dependency-plugin/analyze-mojo.html

    I can also recommend if you don't want any surprises with transitive dependencies - use maven enforcer. You can ban all undeclared transitive dependencies. http://maven.apache.org/enforcer/enforcer-rules/banTransitiveDependencies.html