问题
Can someone let me know how does mvn dependency:analyze work ? An output of mvn dependency:analyze in one of my project shows
[WARNING] Used undeclared dependencies found:
[WARNING] org.apache.commons:commons-lang3:jar:3.4:compile
[WARNING] com.fasterxml.jackson.core:jackson-annotations:jar:2.8.0:compile
...
[WARNING] Unused declared dependencies found:
[WARNING] org.springframework.boot:spring-boot-starter-test:jar:1.5.4.RELEASE:test
[WARNING] org.springframework.restdocs:spring-restdocs-mockmvc:jar:1.1.3.RELEASE:test
[WARNING] ch.qos.logback:logback-classic:jar:1.1.11:compile
Can some one let me know the following -
- What does
Used undeclared dependencies founddenote? Does it mean that this is not declared inpom.xmldependenciesbut getting used in code and is included via some transitive dependencies? - Does
Unused declared dependencies foundcheck only for thedependenciesdeclared inpom.xmlor it checks transitive dependencies as well?
Maven Version - 3.5.0
回答1:
What does Used undeclared dependencies found denote? Does it mean that this is not declared in pom.xml dependencies but getting used in code and is included via some transitive dependencies?
Exactly!
Does Unused declared dependencies found check only for the dependencies declared in pom.xml or it checks transitive dependencies as well?
Declared dependencies are the dependencies that are declared in your POM. So the plugin does not include transitive dependencies in its check.
Note, that the plugin does a byte-code analysis by default, which is problematic with dependencies that are only used with constants or annotations. This can lead to false reports in some situations. See the FAQ for details.
回答2:
If i remember correctly, maven use the WebASM framework to analyze bytecode and check is lib used or not. Don't trust it, because sometimes maven thinks that lib (dependency) is not used, but it is.
来源:https://stackoverflow.com/questions/48315863/how-does-mvn-dependencyanalyze-work