依存関係ツリーの表示
プロジェクトの依存関係階層を表示するには dependency:tree を使う。
mvn dependency:tree
依存関係の階層は、ビルドプロセスが実際に使用する依存関係の解決されたツリーを表示する。
主なパラメータには以下がある。
| パラメータ | 説明 |
|---|---|
outputFile |
-DoutputFile=/path/to/dependency_tree.txt のように出力ファイルを指定 |
outputType |
-DoutputType=graphml のように出力形式を指定(text,json,dot,graphml,tgf) |
verbose |
-Dverbose で依存関係ツリーを詳細表示(ノードの省略を行わない) |
scope |
-Dscope=compile のようにスコープを指定 |
例えば、手元の Apache PDFBox の pdfbox モジュールの依存関係ツリーを表示。
mvn --projects pdfbox dependency:tree
[INFO] ----------------------< org.apache.pdfbox:pdfbox >---------------------- [INFO] Building Apache PDFBox 4.0.0-SNAPSHOT [INFO] from pom.xml [INFO] -------------------------------[ bundle ]------------------------------- [INFO] [INFO] --- dependency:3.6.0:tree (default-cli) @ pdfbox --- [INFO] org.apache.pdfbox:pdfbox:bundle:4.0.0-SNAPSHOT [INFO] +- org.apache.pdfbox:pdfbox-io:jar:4.0.0-SNAPSHOT:compile [INFO] +- org.apache.pdfbox:fontbox:jar:4.0.0-SNAPSHOT:compile [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.77:compile [INFO] +- org.bouncycastle:bcpkix-jdk18on:jar:1.77:compile [INFO] | \- org.bouncycastle:bcutil-jdk18on:jar:1.77:compile [INFO] +- org.junit.jupiter:junit-jupiter:jar:5.10.1:test [INFO] | +- org.junit.jupiter:junit-jupiter-api:jar:5.10.1:test [INFO] | | +- org.opentest4j:opentest4j:jar:1.3.0:test [INFO] | | +- org.junit.platform:junit-platform-commons:jar:1.10.1:test [INFO] | | \- org.apiguardian:apiguardian-api:jar:1.1.2:test [INFO] | +- org.junit.jupiter:junit-jupiter-params:jar:5.10.1:test [INFO] | \- org.junit.jupiter:junit-jupiter-engine:jar:5.10.1:test [INFO] | \- org.junit.platform:junit-platform-engine:jar:1.10.1:test [INFO] +- com.googlecode.java-diff-utils:diffutils:jar:1.3.0:test [INFO] +- org.apache.pdfbox:jbig2-imageio:jar:3.0.4:test [INFO] +- org.mockito:mockito-core:jar:5.8.0:test [INFO] | +- net.bytebuddy:byte-buddy:jar:1.14.10:test [INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.14.10:test [INFO] | \- org.objenesis:objenesis:jar:3.3:test [INFO] +- com.github.jai-imageio:jai-imageio-core:jar:1.4.0:test [INFO] +- com.github.jai-imageio:jai-imageio-jpeg2000:jar:1.4.0:test [INFO] +- org.apache.logging.log4j:log4j-api:jar:2.22.0:compile [INFO] \- org.apache.logging.log4j:log4j-core:jar:2.22.0:test
-Dverbose で詳細表示。
mvn --projects pdfbox dependency:tree -Dverbose
[INFO] ----------------------< org.apache.pdfbox:pdfbox >---------------------- [INFO] Building Apache PDFBox 4.0.0-SNAPSHOT [INFO] from pom.xml [INFO] -------------------------------[ bundle ]------------------------------- [INFO] [INFO] --- dependency:3.6.0:tree (default-cli) @ pdfbox --- [INFO] org.apache.pdfbox:pdfbox:bundle:4.0.0-SNAPSHOT [INFO] +- org.apache.pdfbox:pdfbox-io:jar:4.0.0-SNAPSHOT:compile [INFO] | \- (org.apache.logging.log4j:log4j-api:jar:2.23.1:compile - omitted for conflict with 2.22.0) [INFO] +- org.apache.pdfbox:fontbox:jar:4.0.0-SNAPSHOT:compile [INFO] | +- (org.apache.pdfbox:pdfbox-io:jar:4.0.0-SNAPSHOT:compile - omitted for duplicate) [INFO] | \- (org.apache.logging.log4j:log4j-api:jar:2.23.1:compile - omitted for conflict with 2.22.0) [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.77:compile [INFO] +- org.bouncycastle:bcpkix-jdk18on:jar:1.77:compile [INFO] | +- (org.bouncycastle:bcprov-jdk18on:jar:1.77:compile - omitted for duplicate) [INFO] | \- org.bouncycastle:bcutil-jdk18on:jar:1.77:compile [INFO] | \- (org.bouncycastle:bcprov-jdk18on:jar:1.77:compile - omitted for duplicate) [INFO] +- org.junit.jupiter:junit-jupiter:jar:5.10.1:test [INFO] | +- org.junit.jupiter:junit-jupiter-api:jar:5.10.1:test [INFO] | | +- org.opentest4j:opentest4j:jar:1.3.0:test [INFO] | | +- org.junit.platform:junit-platform-commons:jar:1.10.1:test [INFO] | | | \- (org.apiguardian:apiguardian-api:jar:1.1.2:test - omitted for duplicate) [INFO] | | \- org.apiguardian:apiguardian-api:jar:1.1.2:test [INFO] | +- org.junit.jupiter:junit-jupiter-params:jar:5.10.1:test [INFO] | | +- (org.junit.jupiter:junit-jupiter-api:jar:5.10.1:test - omitted for duplicate) [INFO] | | \- (org.apiguardian:apiguardian-api:jar:1.1.2:test - omitted for duplicate) [INFO] | \- org.junit.jupiter:junit-jupiter-engine:jar:5.10.1:test [INFO] | +- org.junit.platform:junit-platform-engine:jar:1.10.1:test [INFO] | | +- (org.opentest4j:opentest4j:jar:1.3.0:test - omitted for duplicate) [INFO] | | +- (org.junit.platform:junit-platform-commons:jar:1.10.1:test - omitted for duplicate) [INFO] | | \- (org.apiguardian:apiguardian-api:jar:1.1.2:test - omitted for duplicate) [INFO] | +- (org.junit.jupiter:junit-jupiter-api:jar:5.10.1:test - omitted for duplicate) [INFO] | \- (org.apiguardian:apiguardian-api:jar:1.1.2:test - omitted for duplicate) [INFO] +- com.googlecode.java-diff-utils:diffutils:jar:1.3.0:test [INFO] +- org.apache.pdfbox:jbig2-imageio:jar:3.0.4:test [INFO] +- org.mockito:mockito-core:jar:5.8.0:test [INFO] | +- net.bytebuddy:byte-buddy:jar:1.14.10:test [INFO] | +- net.bytebuddy:byte-buddy-agent:jar:1.14.10:test [INFO] | \- org.objenesis:objenesis:jar:3.3:test [INFO] +- com.github.jai-imageio:jai-imageio-core:jar:1.4.0:test [INFO] +- com.github.jai-imageio:jai-imageio-jpeg2000:jar:1.4.0:test [INFO] | \- (com.github.jai-imageio:jai-imageio-core:jar:1.4.0:test - omitted for duplicate) [INFO] +- org.apache.logging.log4j:log4j-api:jar:2.22.0:compile [INFO] \- org.apache.logging.log4j:log4j-core:jar:2.22.0:test [INFO] \- (org.apache.logging.log4j:log4j-api:jar:2.22.0:test - omitted for duplicate)
omitted for duplicate が重複による省略分で、omitted for conflict with 2.22.0 が重複により別バージョンが採用されたもの。
テスト分を除くため、スコープを compile に限定。
mvn --projects pdfbox dependency:tree -Dverbose -Dscope=compile
[INFO] ----------------------< org.apache.pdfbox:pdfbox >---------------------- [INFO] Building Apache PDFBox 4.0.0-SNAPSHOT [INFO] from pom.xml [INFO] -------------------------------[ bundle ]------------------------------- [INFO] [INFO] --- dependency:3.6.0:tree (default-cli) @ pdfbox --- [INFO] org.apache.pdfbox:pdfbox:bundle:4.0.0-SNAPSHOT [INFO] +- org.apache.pdfbox:pdfbox-io:jar:4.0.0-SNAPSHOT:compile [INFO] | \- (org.apache.logging.log4j:log4j-api:jar:2.23.1:compile - omitted for conflict with 2.22.0) [INFO] +- org.apache.pdfbox:fontbox:jar:4.0.0-SNAPSHOT:compile [INFO] | +- (org.apache.pdfbox:pdfbox-io:jar:4.0.0-SNAPSHOT:compile - omitted for duplicate) [INFO] | \- (org.apache.logging.log4j:log4j-api:jar:2.23.1:compile - omitted for conflict with 2.22.0) [INFO] +- org.bouncycastle:bcprov-jdk18on:jar:1.77:compile [INFO] +- org.bouncycastle:bcpkix-jdk18on:jar:1.77:compile [INFO] | +- (org.bouncycastle:bcprov-jdk18on:jar:1.77:compile - omitted for duplicate) [INFO] | \- org.bouncycastle:bcutil-jdk18on:jar:1.77:compile [INFO] | \- (org.bouncycastle:bcprov-jdk18on:jar:1.77:compile - omitted for duplicate) [INFO] \- org.apache.logging.log4j:log4j-api:jar:2.22.0:compile
依存ライブラリを最新化する
依存ライブラリに最新版が有るかどうかは以下で確認できる。
mvn versions:display-dependency-updates
例えば、手元の Apache PDFBox の pdfbox モジュールで表示。
mvn --projects pdfbox versions:display-dependency-updates
[INFO] ----------------------< org.apache.pdfbox:pdfbox >---------------------- [INFO] Building Apache PDFBox 4.0.0-SNAPSHOT [INFO] from pom.xml [INFO] -------------------------------[ bundle ]------------------------------- [INFO] [INFO] --- versions:2.17.0:display-dependency-updates (default-cli) @ pdfbox --- [INFO] The following dependencies in Dependency Management have newer versions: [INFO] org.apache.maven.plugin-tools:maven-plugin-annotations ... [INFO] 3.10.2 -> 4.0.0-beta-1 [INFO] [INFO] The following dependencies in Dependencies have newer versions: [INFO] org.apache.logging.log4j:log4j-api ............. 2.22.0 -> 3.0.0-beta2 [INFO] org.apache.logging.log4j:log4j-core ............ 2.22.0 -> 3.0.0-beta2 [INFO] org.bouncycastle:bcpkix-jdk18on ....................... 1.77 -> 1.78.1 [INFO] org.bouncycastle:bcprov-jdk18on ....................... 1.77 -> 1.78.1 [INFO] org.junit.jupiter:junit-jupiter .................. 5.10.1 -> 5.11.0-M2 [INFO] org.mockito:mockito-core ............................. 5.8.0 -> 5.12.0 [INFO]
versions:use-latest-releases または versions:use-latest-versions で最新バージョンを pom.xml に反映。
versions:commit で確定、versions:revert で取消なども行える。
プラグインの最新版を一覧するには versions:display-plugin-updates がある。
依存関係の解析
dependency:analyze により、欠落している依存関係や未使用の依存関係をチェックできる。
mvn dependency:analyze
プロジェクトの依存関係を分析し、使用されていて宣言されているもの、使用されていて宣言されていないもの、未使用で宣言されているものを表示する。
- 分析はソースではなくバイトコードに対して行われる
- 定数、ソースのみが保持される注釈、Javadoc 内のリンクなどは検出対象外となり、結果が不正確になる
- リフレクションなどにより実行時依存についても検出対象外となり、結果が不正確になる
なので、参考情報程度で確認すると良い。
例えば、手元の Apache PDFBox の pdfbox モジュールで表示。
mvn --projects pdfbox dependency:analyze
[WARNING] Used undeclared dependencies found: [WARNING] org.junit.jupiter:junit-jupiter-api:jar:5.10.1:test [WARNING] org.junit.jupiter:junit-jupiter-params:jar:5.10.1:test [WARNING] org.bouncycastle:bcutil-jdk18on:jar:1.77:compile [WARNING] Unused declared dependencies found: [WARNING] org.junit.jupiter:junit-jupiter:jar:5.10.1:test [WARNING] org.apache.pdfbox:jbig2-imageio:jar:3.0.4:test [WARNING] com.github.jai-imageio:jai-imageio-core:jar:1.4.0:test [WARNING] com.github.jai-imageio:jai-imageio-jpeg2000:jar:1.4.0:test [WARNING] org.apache.logging.log4j:log4j-core:jar:2.22.0:test
