Maven 中未使用/未声明的依赖项是什么?该怎么办?
Maven dependency:analyze 抱怨我的项目中的依赖项。它如何确定哪些未使用、哪些未声明?我该怎么办?
示例:
$ mvn dependency:analyze
...
[WARNING] Used undeclared dependencies found:
[WARNING] org.slf4j:slf4j-api:jar:1.5.0:provided
[WARNING] commons-logging:commons-logging:jar:1.1.1:compile
[WARNING] commons-dbutils:commons-dbutils:jar:1.1-osgi:provided
[WARNING] org.codehaus.jackson:jackson-core-asl:jar:1.6.1:compile
...
[WARNING] Unused declared dependencies found:
[WARNING] commons-cli:commons-cli:jar:1.0:compile
[WARNING] org.mortbay.jetty:servlet-api:jar:2.5-20081211:test
[WARNING] org.apache.httpcomponents:httpclient:jar:4.0-alpha4:compile
[WARNING] commons-collections:commons-collections:jar:3.2:provided
[WARNING] javax.mail:mail:jar:1.4:provided
注意: 我的运行时容器中使用了许多这些依赖项,我按照提供的方式声明了它们,以避免在类路径上两次使用不同版本的相同库。
Maven dependency:analyze complains about the dependencies in my project. How does it determine which are unused and which are undeclared? What should I do about them?
Example:
$ mvn dependency:analyze
...
[WARNING] Used undeclared dependencies found:
[WARNING] org.slf4j:slf4j-api:jar:1.5.0:provided
[WARNING] commons-logging:commons-logging:jar:1.1.1:compile
[WARNING] commons-dbutils:commons-dbutils:jar:1.1-osgi:provided
[WARNING] org.codehaus.jackson:jackson-core-asl:jar:1.6.1:compile
...
[WARNING] Unused declared dependencies found:
[WARNING] commons-cli:commons-cli:jar:1.0:compile
[WARNING] org.mortbay.jetty:servlet-api:jar:2.5-20081211:test
[WARNING] org.apache.httpcomponents:httpclient:jar:4.0-alpha4:compile
[WARNING] commons-collections:commons-collections:jar:3.2:provided
[WARNING] javax.mail:mail:jar:1.4:provided
Note:
A lot of these dependencies are used in my runtime container and I declared them as provided to avoid having the same library on the classpath twice with different versions.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
不知道 Maven 如何确定这一点。不需要解决由此报告的所有项目,但可以酌情使用此信息。
使用的未声明的依赖项是那些必需的,但尚未在项目中显式声明为依赖项的依赖项。然而,由于项目中其他依赖项的传递依赖,它们是可用的。显式声明这些依赖项是个好主意。这还允许您控制这些依赖项的版本(可能与运行时提供的版本匹配)。
至于未使用的已声明依赖项,最好删除它们。为什么要向您的项目添加不必要的依赖项?但是传递性无论如何都会带来这些,也许与您的运行时版本发生冲突。在这种情况下,您需要指定它们 - 主要是为了控制
版本。顺便说一句,
mvn dependency:tree提供了项目的依赖关系树,这使您可以更好地了解每个依赖关系如何适合您的项目。Not sure how Maven determines this. It is not required to address all the items reported by this, but this information can be used as appropriate.
Used undeclared dependencies are those which are required, but have not been explicitly declared as dependencies in your project. They are however available thanks to transitive dependency of other dependencies in your project. It is a good idea to explicitly declare these dependencies. This also allows you to control the version of these dependencies (perhaps matching the version provided by your runtime).
As for unused declared dependencies, it is a good idea to remove them. Why add unnecessary dependency to your project? But then transitivity can bring these in anyway, perhaps, conflicting with your runtime versions. In this case, you will need to specify them — essentially to control the
version.By the way,
mvn dependency:treegives the dependency tree of the project, which gives you a better perspective of how each dependency fits in in your project.答案是:
“它如何确定哪些未使用,哪些未声明?”。
Maven 使用 Object WebASM 框架来分析原始字节码。它会遍历所有类,然后构建这些引用的所有类的列表。就是这样。
至于该怎么做,我不建议删除“未使用的、声明的依赖项”,除非您绝对确定它们实际上未使用。
The answer to:
"How does it determine which are unused and which are undeclared?".
Maven uses Object WebASM framework that analyzes your raw bytecode. It goes through all your classes and then builds a list of all classes that these reference. That is the how.
As to what to do, I would not recommend removing the "unused, declared dependecies" unless you are absolutely sure they actually unused.
使用未声明的依赖项
简而言之,它们是传递依赖项,您正在使用它们,但没有在 POM 文件中显式声明它们。
在下图中,橙色的。
提示:
最好在 POM 文件中声明它们,以便与您的第一级依赖项松散耦合,因此将来如果他们计划更改其实现并且不再使用这种传递依赖项,您的应用程序会安全的!
未使用已声明的依赖项
简而言之,它们是您在 POM 文件中声明它们的依赖项而不是在应用程序代码中使用它们 。
在下图中,红色的。
提示:
从 POM 文件中删除它们是个好主意,因为它们没有被使用,并且保存应用程序工件的最终大小也可以避免任何开发人员错误地使用错误的类!
Used undeclared dependencies
Simply, they are the transitive dependencies which you are using them but WITHOUT declaring them explicitly inside your POM file.
In the below digram, the orange colored one.
Hint:
It is good idea to declare them inside your POM file to be loosly coupled against your first level dependencies, so in the future if they planned to change their implementation and not to use this transitive dependency anymore, your application will be safe!
Unused declared dependencies
Simply, they are the dependencies which you are declearing them inside your POM file WITHOUT using them in your application code.
In the below digram, the red colored one.
Hint:
It is good idea to remove them from your POM file, because they are not used and to save the final size of the application artifact also to avoid any developer from using wrong classes by mistake!
通过在 pom.xml 中添加ignoredUnusedDeclaredDependency可以轻松解决此问题
This can be easily fixed with by adding
ignoredUnusedDeclaredDependenciesin pom.xml