Maven 中未使用/未声明的依赖项是什么?拿他们怎么办?

2022-01-15 00:00:00 dependencies java maven maven-2

Maven dependency:analyze 抱怨我项目中的依赖关系.它如何确定哪些未使用,哪些未声明?我应该怎么处理它们?

Maven dependency:analyze complains about the dependencies in my project. How does it determine which are unused and which are undeclared? What should I do about them?

例子:

$ mvn dependency:analyze 
...
[WARNING] Used undeclared dependencies found:
[WARNING]    org.slf4j:slf4j-api:jar:1.5.0:provided
[WARNING]    commons-logging:commons-logging:jar:1.1.1:compile
[WARNING]    commons-dbutils:commons-dbutils:jar:1.1-osgi:provided
[WARNING]    org.codehaus.jackson:jackson-core-asl:jar:1.6.1:compile

...
[WARNING] Unused declared dependencies found:
[WARNING]    commons-cli:commons-cli:jar:1.0:compile
[WARNING]    org.mortbay.jetty:servlet-api:jar:2.5-20081211:test
[WARNING]    org.apache.httpcomponents:httpclient:jar:4.0-alpha4:compile
[WARNING]    commons-collections:commons-collections:jar:3.2:provided
[WARNING]    javax.mail:mail:jar:1.4:provided

注意:在我的运行时容器中使用了很多这些依赖项,我将它们声明为已提供,以避免在类路径上使用不同版本的相同库两次.

Note: A lot of these dependencies are used in my runtime container and I declared them as provided to avoid having the same library on the classpath twice with different versions.

推荐答案

不确定 Maven 是如何确定的.不需要解决此报告的所有项目,但可以酌情使用此信息.

Not sure how Maven determines this. It is not required to address all the items reported by this, but this information can be used as appropriate.

使用的未声明的依赖项 是那些必需的,但没有在您的项目中明确声明为依赖项.然而,由于项目中其他依赖项的传递依赖,它们是可用的.显式声明这些依赖项是个好主意.这也允许您控制这些依赖项的版本(可能与您的运行时提供的版本相匹配).

Used undeclared dependencies are those which are required, but have not been explicitly declared as dependencies in your project. They are however available thanks to transitive dependency of other dependencies in your project. It is a good idea to explicitly declare these dependencies. This also allows you to control the version of these dependencies (perhaps matching the version provided by your runtime).

至于未使用的声明依赖,删除它们是个好主意.为什么要为你的项目添加不必要的依赖?但是传递性无论如何都会带来这些,也许与您的运行时版本冲突.在这种情况下,您将需要指定它们——本质上是为了控制 version.

As for unused declared dependencies, it is a good idea to remove them. Why add unnecessary dependency to your project? But then transitivity can bring these in anyway, perhaps, conflicting with your runtime versions. In this case, you will need to specify them — essentially to control the version.

顺便说一句,mvn dependency:tree 给出了项目的依赖关系树,这让您可以更好地了解每个依赖项如何适合您的项目.

By the way, mvn dependency:tree gives the dependency tree of the project, which gives you a better perspective of how each dependency fits in in your project.

相关文章