The dark art of dependency management
Fixing your local repository
Maven stores artifacts in a local repository that is usually located at ~/.m2/repository. Everyone who has used Maven has experienced that this local repository sometimes has synchronization issues with remote repositories (like any local copy). A good set of tools to have in your Maven utility belt are tools for fixing these synchronization issues.
First, to update snapshot dependencies, use the -U flag. For example:
$ mvn package -U
This will tell Maven to update all snapshot dependencies regardless of its usual synchronization approach. This can fix a good many strange behaviors.
If that doesn't help, there's a nuclear option to clean out the entire local repository and start over. This will take awhile so get ready to go to lunch or leave for the day.
$ mvn dependency:purge-local-repository clean install
Explanation: the dependency:purge-local-repository actually removes all artifacts from the local repository. Therefore, you need to run a clean install immediately afterward, if you want Maven to restore the artifacts your project depends on. Maven will download all these artifacts fresh from the remote. That's why it takes so long.ª
$ mvn dependency:tree
Add the outputFile parameter to redirect the output to a file:
$ mvn dependency:tree -DoutputFile=path/to/output/file.xml
You can filter to a specific artifact, too. For example, to find out how the old codehaus Jackson dependency is coming into your project:
$ mvn dependency:tree -Dincludes=org.codehaus.jackson
The includes parameter parses its value as being in this format:
[groupId]:[artifactId]:[type]:[version]This also supports wildcarding. Just remember that "*" will also be interpreted for file globbing by most shells, so you should single-quote such arguments or you will get no results, when, in fact, you do have such results.
This means you can look for any SNAPSHOT version dependencies with:
$ mvn dependency:tree -Dincludes=':::*SNAPSHOT'There's also the "-Dexcludes" property. You can use your imagination to come up with more useful filters.
The Maven dependency plugin page has additional useful info. But the examples page is more useful.
Declared but unused dependencies
You may want to know if you have declared any dependencies that are actually not used in your project. The "dependency:analyze" goal has you covered. You can sometimes use this to slim down a war or jar by many megabytes.
$ mvn dependency:analyze
Maven is not good at multi-module projects but it has become a rather popular approach with Maven projects anyway.
Let's say you have a multi-module project, but you only want to build one of them. What do you do? If the module in question is called "myProjectLib" then you could use the pl and am flags to build just that:
$ mvn clean package -pl myProjectLib -am
The "effective POM" is whatever POM Maven sees when it executes for some given command. This is most useful in my experience in two cases. First, when using a parent POM and you want to quickly see what the resulting POM is from combining the parent POM with your child copy. Second, if you're using Maven profiles at all, it might help to see the result of the selected profiles.
For the first case try:
$ mvn help:effective-pom
And for the second:
$ mvn help:effective-pom -P myProfile1,myProfile2
You can also direct the output to a file with the output parameter:
$ mvn help:effective-pom -Doutput=effective-pom.xml
Last edit: 2021-02-09