{"id":37020744,"url":"https://github.com/makingthematrix/scala-suffix","last_synced_at":"2026-01-14T02:25:27.701Z","repository":{"id":57734080,"uuid":"363669465","full_name":"makingthematrix/scala-suffix","owner":"makingthematrix","description":"A Maven plugin which fixes Scala dependencies incompatible with Java 9+","archived":false,"fork":false,"pushed_at":"2023-02-03T17:05:38.000Z","size":44,"stargazers_count":7,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-05T03:20:48.482Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/makingthematrix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-05-02T14:23:32.000Z","updated_at":"2023-02-03T17:05:43.000Z","dependencies_parsed_at":"2023-02-18T09:16:07.635Z","dependency_job_id":null,"html_url":"https://github.com/makingthematrix/scala-suffix","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/makingthematrix/scala-suffix","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makingthematrix%2Fscala-suffix","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makingthematrix%2Fscala-suffix/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makingthematrix%2Fscala-suffix/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makingthematrix%2Fscala-suffix/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/makingthematrix","download_url":"https://codeload.github.com/makingthematrix/scala-suffix/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/makingthematrix%2Fscala-suffix/sbom","scorecard":{"id":613700,"data":{"date":"2025-08-11","repo":{"name":"github.com/makingthematrix/scala-suffix","commit":"938cd9a05f7157302105a56e5a67634ab648bc9b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.9,"checks":[{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":9,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'contents' permission set to 'read': .github/workflows/maven-publish.yml:15","Warn: no topLevel permission defined: .github/workflows/maven-publish.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 0/17 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-publish.yml:19: update your workflow using https://app.stepsecurity.io/secureworkflow/makingthematrix/scala-suffix/maven-publish.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/maven-publish.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/makingthematrix/scala-suffix/maven-publish.yml/main?enable=pin","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Vulnerabilities","score":6,"reason":"4 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-78wr-2p64-hpwj","Warn: Project is vulnerable to: GHSA-2pj2-gchf-wmw7","Warn: Project is vulnerable to: GHSA-q62h-jw38-24vh","Warn: Project is vulnerable to: GHSA-j288-q9x7-2f5v"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T03:18:35.100Z","repository_id":57734080,"created_at":"2025-08-21T03:18:35.101Z","updated_at":"2025-08-21T03:18:35.101Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28408711,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-14T01:52:23.358Z","status":"online","status_checked_at":"2026-01-14T02:00:06.678Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-14T02:25:27.028Z","updated_at":"2026-01-14T02:25:27.696Z","avatar_url":"https://github.com/makingthematrix.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# scala-suffix Maven Plugin\n\nA Maven plugin which fixes Scala dependencies incompatible with Java 9+. \n\n### A bit of context\n\nFirst of all, you need this plugin only in a corner case situation when:\n\n1. You have Scala dependencies in your project.\n2. You use Maven.\n3. You use JDK 9 or newer.\n4. At least one of your Scala dependencies lacks the `Automatic-Module-Name` property in its `MANIFEST.MF`.\n\nUsing Maven with Scala libraries is rare, so there's not much demand to solve this issue. But if a project makes extensive use of Java libraries, it might make sense to build it with Maven instead - or if it uses a Maven plugin which has to sbt alternative, [as in my case](https://github.com/makingthematrix/scalaonandroid). So, if any of those points is not true, you will either not need `scala-suffix-maven-plugin` or it will not help you. But if they are, and you're here, it's possible that it's because you have already been bitten by a problem similar to the following:\n\nYou add a dependency to your `pom.xml` which looks somehow like this\n```\n\u003cdependency\u003e\n   \u003cgroupId\u003eyour.scala.dependency\u003c/groupId\u003e\n   \u003cartifactId\u003eyour-scala-dependency_2.13\u003c/artifactId\u003e\n   \u003cversion\u003e1.0.0\u003c/version\u003e\n\u003c/dependency\u003e\n```\nYou compile the project and you see this warning:\n```\n[WARNING] There are 1 pathException(s). The related dependencies will be ignored.\n[WARNING] Dependency: \u003cuser home\u003e/.m2/repository/\u003cpath to jar\u003e/your-scala-dependency_2.13/1.0.0/your-scala-dependency_2.13-1.0.0.jar\n   - exception: Unable to derive module descriptor for \u003cuser home\u003e/.m2/repository/\u003cpath to jar\u003e/your-scala-dependency_2.13/1.0.0/your-scala-dependency_2.13-1.0.0.jar\n   - cause: your.scala.dependency.2.13: Invalid module name: '2' is not a Java identifier\n```\n\n... and then when you run your program, it crashes when it tries to access the given Scala dependency.\nParaphrasing [this answer on Stack Overflow](https://stackoverflow.com/questions/48714633/automatic-module-name-containing-number/48714979#48714979), since Java 9, Java does not recognize suffixes in modules names like `_2.13` as version numbers and treat them as integral parts of modules names. So, when your project tries to use a class from the Scala dependency, it will look for `your.scala.dependency.2.13` instead of just `your.scala.dependency`, it will fail to do it, and it will crash.\n\n\n### Usage\n\nAdd this to the `\u003cplugins\u003e` section of your `pom.xml`:\n```\n\u003cplugin\u003e\n  \u003cgroupId\u003eio.github.makingthematrix\u003c/groupId\u003e\n  \u003cartifactId\u003escala-suffix-maven-plugin\u003c/artifactId\u003e\n  \u003cversion\u003e0.2.1\u003c/version\u003e\n  \u003cconfiguration\u003e\n    \u003clibraries\u003e\n      \u003cparam\u003eyour-scala-dependency\u003c/param\u003e\n    \u003c/libraries\u003e\n  \u003c/configuration\u003e\n  \u003cexecutions\u003e\n    \u003cexecution\u003e\n      \u003cgoals\u003e\n        \u003cgoal\u003esuffix\u003c/goal\u003e\n      \u003c/goals\u003e\n    \u003c/execution\u003e\n  \u003c/executions\u003e\n\u003c/plugin\u003e\n```\nwhere `your-scala-dependency` is a name of your Scala dependency **without** the version suffix (if there are more than one, just add them with more `\u003cparam\u003e` tags). This should be the same as `artifactId` in your `\u003cdependency\u003e` section.\nOr you can use:\n```\n\u003cparam\u003egroupId:artifactId\u003c/param\u003e\n```\nif there are more than one dependency with the same `artifactId` in your project (I noticed that `core` is a popular name).\n\nThe plugin modifies the dependency's JAR file in your local Maven repository. It opens the jar, reads `META-INF/MANIFEST.MF` and adds to it a line:\n```\nAutomatic-Module-Name: your-scala-dependency\n```\nIf the property `Automatic-Module-Name` already exists, the plugin does nothing - we assume that in that case the dependency should already work. This prevents the plugin from modifying the same JAR file more than once. \n\nIf you find any problems or if you think some kind of an extended functionality would be valuable, feel free to open a ticket under the **Issues** tab here on GitHub. I will se what I can do.\n\n### Tests\n\nHere's [a small Scala+JavaFX project, built with Maven](https://github.com/makingthematrix/scalaonandroid/tree/main/HelloFxml2), which you can use to test how the plugin works. \n\n### Potential problems\n\n1. If `Automatic-Module-Name` already exists but is set to a value that is still invalid for Java 9+, the plugin won't fix this.\n2. The plugin changes the contents of the JAR file, but it does not update the checksum. If you check it later on, it won't match.\n3. The plugin relies on that you don't need two versions of the same Scala library for different Scala versions. If you do (but... why?) it will modify only one of them and ignore the other.\n\n### Links to more discussion on this issue\n\n* https://dzone.com/articles/automatic-module-name-calling-all-java-library-maintainers\n* https://users.scala-lang.org/t/scala-jdk-11-and-jpms/6102\n* https://stackoverflow.com/questions/48714633/automatic-module-name-containing-number/48714979#48714979\n* https://stackoverflow.com/questions/46683561/how-to-resolve-a-maven-dependency-with-a-name-that-is-not-compliant-with-the-jav/46685325#46685325\n* https://stackoverflow.com/questions/59844195/how-to-add-spark-dependencies-in-spring-boot-multi-module-java-11-project/59844858#59844858\n* https://stackoverflow.com/questions/46501388/unable-to-derive-module-descriptor-for-auto-generated-module-names-in-java-9\n\n### But wait! That's not all!\n\nIf you are a creator of a Scala library, you can simply add the `Automatic-Module-Name` property to `META-INF/MANIFEST.MF` by yourself. In most cases, people will use your library with sbt and then this won't be necessary, but it won't hurt them either, and while doing this you will help people who use Maven. In case you use sbt for building your library, all you need to do is at these two lines somewhere in your `build.sbt`:\n```\nCompile / packageBin / packageOptions +=\n  Package.ManifestAttributes(\"Automatic-Module-Name\" -\u003e NAME)\n```\n(`NAME` here is the name of the library, without the version suffix).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmakingthematrix%2Fscala-suffix","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmakingthematrix%2Fscala-suffix","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmakingthematrix%2Fscala-suffix/lists"}