https://github.com/vegardit/depcheck-maven-plugin

Maven plugin to check for used unused direct and used indirect (transitive) dependencies.
https://github.com/vegardit/depcheck-maven-plugin

asm dependency-analysis java maven-plugin static-code-analysis

Last synced: 17 days ago
JSON representation

Maven plugin to check for used unused direct and used indirect (transitive) dependencies.

• Host: GitHub
• URL: https://github.com/vegardit/depcheck-maven-plugin
• Owner: vegardit
• License: apache-2.0
• Created: 2021-03-08T18:32:34.000Z (almost 4 years ago)
• Default Branch: main
• Last Pushed: 2024-04-08T10:27:56.000Z (10 months ago)
• Last Synced: 2024-04-08T11:34:19.536Z (10 months ago)
• Topics: asm, dependency-analysis, java, maven-plugin, static-code-analysis
• Language: Java
• Homepage:
• Size: 1.12 MB
• Stars: 2
• Watchers: 4
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: CHANGELOG.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE.txt
  • Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

README

        
# depcheck-maven-plugin

[![Build Status](https://github.com/vegardit/depcheck-maven-plugin/workflows/Build/badge.svg "GitHub Actions")](https://github.com/vegardit/depcheck-maven-plugin/actions?query=workflow%3A%22Build%22)

[![License](https://img.shields.io/github/license/vegardit/depcheck-maven-plugin.svg?color=blue)](LICENSE.txt)

[![Changelog](https://img.shields.io/badge/History-changelog-blue)](CHANGELOG.md)

[![Maintainability](https://api.codeclimate.com/v1/badges/38f32c6acda045ed2337/maintainability)](https://codeclimate.com/github/vegardit/depcheck-maven-plugin/maintainability)

[![Contributor Covenant](https://img.shields.io/badge/Contributor%20Covenant-v2.0%20adopted-ff69b4.svg)](CODE_OF_CONDUCT.md)

[![Maven Central](https://img.shields.io/maven-central/v/com.vegardit.maven/depcheck-maven-plugin)](https://search.maven.org/artifact/com.vegardit.maven/depcheck-maven-plugin)

1. [What is it?](#what-is-it)

1. [Usage](#usage)

1. [License](#license)

## What is it?

Pragmatic [Maven](https://maven.apache.org) plugin to check for unused direct and used indirect (transitive) dependencies.

## Usage

### Ad-hoc execution via the command line

To execute the latest release of this plugin via the command line change into a maven project.

#### The "check-deps" Maven goal

```sh

mvn com.vegardit.maven:depcheck-maven-plugin:check-deps

```

This runs the `check-deps` goal that scans the project and reports dependency issues.

![Example](src/site/img/example-check-deps.png)

#### The "fix-trans-deps" Maven goal

This goal scans the project for references to classes of transitive dependencies and adds

the respective dependencies as direct dependencies to the pom.xml

![Example](src/site/img/example-fix-trans-deps.png)

![Example](src/site/img/example-fix-trans-deps-changes.png)

#### The "help" Maven goal

To display the online help run:

```sh

# display available goals

mvn com.vegardit.maven:depcheck-maven-plugin:help

# display parameters of check-deps

mvn com.vegardit.maven:depcheck-maven-plugin:help -Ddetail=true -Dgoal=check-deps

# display parameters of fix-trans-deps

mvn com.vegardit.maven:depcheck-maven-plugin:help -Ddetail=true -Dgoal=fix-trans-deps

```

### Automated execution during Maven build

Add the following to your pom.xml and adjust the configuration to your requirements.

Since the plugin performs a byte code analysis it must be executed in a Maven phase after the `compile` phase, see the [Maven Default Lifecycle](https://maven.apache.org/ref/3.6.3/maven-core/lifecycles.html#default_Lifecycle) for possible phases. We recommend using `pre-package`.

```xml

  

  

    

      com.vegardit.maven

      depcheck-maven-plugin

      [VERSION_GOES_HERE]

      

        

          check-deps@pre-package

          pre-package

          

            check-deps

          

          

            false

            

            true

            true

            

            true

            false

            

            true

            false

          

        

      

    

  

```

### Binaries

**Release** binaries of this project are available at Maven Central https://search.maven.org/artifact/com.vegardit.maven/depcheck-maven-plugin

**Snapshot** binaries are available via the [mvn-snapshots-repo](https://github.com/vegardit/depcheck-maven-plugin/tree/mvn-snapshots-repo) git branch. You need to add this repository configuration to your Maven `settings.xml`:

```xml

  

    

      

        

          depcheck-maven-plugin-snapshots

          depcheck-maven-plugin-snapshots

          https://raw.githubusercontent.com/vegardit/depcheck-maven-plugin/mvn-snapshots-repo

          false

          true

        

      

    

  

  

    depcheck-maven-plugin-snapshots

  

```

## License

All files are released under the [Apache License 2.0](LICENSE.txt).

Individual files contain the following tag instead of the full license text:

```

SPDX-License-Identifier: Apache-2.0

```

This enables machine processing of license information based on the SPDX License Identifiers that are available here: https://spdx.org/licenses/.