vaadin:将软件包。json减少到生产模式下唯一使用的依赖项
我们在概要的Blackduck项目中使用,以确定我们所使用的依赖项的许可。实际上,Vaadin存在一个小问题:当我们构建基于Vaadin Core的前端时 - 在生产模式下,包装。JSON填充的依赖性比我们使用的更多。它还包括pro-version的功能。由于Blackduck的检测录像扫描了此软件包。JSON我们得到了很多“假阳性”。因此,是否有一种方法可以通过通过Vaadin创建构建来减少包裹。据我所知,启动构建时,json将始终被覆盖。当然,我可以将包裹“砍”。后来使用脚本,但这不是我想要的方式。 这是我们为创建“ Ready Ready”前端资源的个人资料:
<profile>
<id>production-mode</id>
<build>
<plugins>
<plugin>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>build-frontend</goal>
</goals>
<phase>compile</phase>
</execution>
</executions>
<configuration>
<productionMode>true</productionMode>
</configuration>
</plugin>
</plugins>
</build>
</profile>
感谢您提前的帮助!
We're using in our project BlackDuck from Synopsis to identify the licenses of our used dependencies. There is actualy an small issue with Vaadin: When we build the frontend - based on Vaadin Core - in production mode the package.json is stuffed with a lot more dependencies than we use. And it includes also features from the pro-version. Since the detect-script for BlackDuck scans this package.json we get a lot of "false-positives". So is there a way of reducing the package.json to the only required dependencies by creating the build via Vaadin? As far as i could see the package.json will be always overwritten, when starting the build. Of course i can "hack" the package.json afterwards with a script, but this is not the way i look for.
Here is our profile for creating the "production ready" frontend sources:
<profile>
<id>production-mode</id>
<build>
<plugins>
<plugin>
<groupId>com.vaadin</groupId>
<artifactId>vaadin-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>build-frontend</goal>
</goals>
<phase>compile</phase>
</execution>
</executions>
<configuration>
<productionMode>true</productionMode>
</configuration>
</plugin>
</plugins>
</build>
</profile>
Thanks for your help in advance!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
更新:此响应是基于猜测而不是事物实际工作方式。
vaadin生成的依赖项
package.json基于通过Maven或gradle定义的Java依赖项。如果您想拥有所有免费组件,但想避免商业组件,那么您只需更改
com.vaadin:vaadin依赖项com.vaadin:vaadin-core。如果您想变得更精细,则可以通过仅包括您认为所需的内容来排除您不需要的平台或构建自己的平台的依赖性 https://mvnrepository.com/artifact/com.vaadin/vaadin/vaadin/vaadin-core/23.0.0.8 。Update: This response was based on speculation rather than how things actually work.
The dependencies that Vaadin generates into
package.jsonare based on the Java dependencies that are defined through Maven or Gradle.If you want to have all the free components but want to avoid the commercial ones, then you can just change the
com.vaadin:vaadindependency tocom.vaadin:vaadin-core. If you want to be even more granular, then you can either exclude the ones you don't want or build your own platform by including only the things you think you need out of the dependencies listed in https://mvnrepository.com/artifact/com.vaadin/vaadin-core/23.0.8.