Maven 中有哪些未使用/未声明的依赖项? 如何处理它们?

Mavendependency:analyze抱怨项目中的依赖关系。它如何确定哪些未使用,哪些未声明?我该拿他们怎么办?

例如:

$ mvn dependency:analyze
...
[WARNING] Used undeclared dependencies found:
[WARNING]    org.slf4j:slf4j-api:jar:1.5.0:provided
[WARNING]    commons-logging:commons-logging:jar:1.1.1:compile
[WARNING]    commons-dbutils:commons-dbutils:jar:1.1-osgi:provided
[WARNING]    org.codehaus.jackson:jackson-core-asl:jar:1.6.1:compile


...
[WARNING] Unused declared dependencies found:
[WARNING]    commons-cli:commons-cli:jar:1.0:compile
[WARNING]    org.mortbay.jetty:servlet-api:jar:2.5-20081211:test
[WARNING]    org.apache.httpcomponents:httpclient:jar:4.0-alpha4:compile
[WARNING]    commons-collections:commons-collections:jar:3.2:provided
[WARNING]    javax.mail:mail:jar:1.4:provided

注: 在我的运行时容器中使用了许多这样的依赖项,我按照提供的方式声明了它们,以避免在类路径上使用不同版本的同一个库两次。

47471 次浏览
小开
最佳答案

Not sure how Maven determines this. It is not required to address all the items reported by this, but this information can be used as appropriate.

Used undeclared dependencies are those which are required, but have not been explicitly declared as dependencies in your project. They are however available thanks to transitive dependency of other dependencies in your project. It is a good idea to explicitly declare these dependencies. This also allows you to control the version of these dependencies (perhaps matching the version provided by your runtime).

As for unused declared dependencies, it is a good idea to remove them. Why add unnecessary dependency to your project? But then transitivity can bring these in anyway, perhaps, conflicting with your runtime versions. In this case, you will need to specify them — essentially to control the version.

By the way, mvn dependency:tree gives the dependency tree of the project, which gives you a better perspective of how each dependency fits in in your project.

小开

The answer to:

"How does it determine which are unused and which are undeclared?".

Maven uses Object WebASM framework that analyzes your raw bytecode. It goes through all your classes and then builds a list of all classes that these reference. That is the how.

As to what to do, I would not recommend removing the "unused, declared dependecies" unless you are absolutely sure they actually unused.

小开

Used undeclared dependencies
Simply, they are the transitive dependencies which you are using them but WITHOUT declaring them explicitly inside your POM file.

In the below digram, the orange colored one.
enter image description here

Hint:
It is good idea to declare them inside your POM file to be loosly coupled against your first level dependencies, so in the future if they planned to change their implementation and not to use this transitive dependency anymore, your application will be safe!

Unused declared dependencies
Simply, they are the dependencies which you are declearing them inside your POM file WITHOUT using them in your application code.

In the below digram, the red colored one.
enter image description here

Hint:
It is good idea to remove them from your POM file, because they are not used and to save the final size of the application artifact also to avoid any developer from using wrong classes by mistake!

小开

This can be easily fixed with by adding ignoredUnusedDeclaredDependencies in pom.xml

 <plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<configuration>
<ignoredUnusedDeclaredDependencies>
<ignoredUnusedDeclaredDependency>org.slf4j:slf4j-api</ignoredUnusedDeclaredDependency>
</ignoredUnusedDeclaredDependencies>
</configuration>
</execution>
</executions>
</plugin>

提交答案