DEVHIDE
Login Or Sign up

How to find dependency conflicts in 3rd party libraries

397 Views Asked by At

I'm looking for a way to find dependency conflicts in 3rd party libraries. I'm aware of mvn dependency:tree, its -Dverbose and -Dincludes options. This works well but has a couple of drawbacks:

  • I need to set up a pom.xml file with the 3rd party dependency. This is a somewhat roundabout way and tedious for quickly looking through the dependencies of a couple of libraries.
  • dependency:tree downloads all dependencies, which can be slow and consume a lot of bandwidth for large dependency graphs.
  • dependency:tree -Dverbose does show conflicts but it is quite verbose as it also shows all non conflicting dependencies.
java dependencies maven-3 coursier
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

The CLI of the Coursier dependency resolver can do this. E.g. to find dependency conflicts in com.bynder:bynder-java-sdk:2.2.8 you can use Coursier's resolve command with the --conflict flag:

$ cs resolve --conflicts   com.bynder:bynder-java-sdk:2.2.8 

org.jetbrains.kotlin:kotlin-stdlib-common:1.4.10 was selected, but
  com.squareup.okio:okio:2.8.0 wanted version 1.4.0

io.reactivex.rxjava2:rxjava:2.2.20 was selected, but
  com.squareup.retrofit2:adapter-rxjava2:2.9.0 wanted version 2.0.0

com.squareup.okhttp3:okhttp:4.9.0 was selected, but
  com.squareup.retrofit2:retrofit:2.9.0 wanted version 3.14.9

org.jetbrains.kotlin:kotlin-stdlib:1.4.10 was selected, but
  com.squareup.okio:okio:2.8.0 wanted version 1.4.0

This outputs a list of conflicts and nothing more. No artifacts are downloaded besides its metadata and the whole process is very quick.

To further explore where the conflict on e.g. com.squareup.okhttp3:okhttp is coming from, you can run

$ cs resolve com.bynder:bynder-java-sdk:2.2.8 --what-depends-on com.squareup.okhttp3:okhttp
  Result:
└─ com.squareup.okhttp3:okhttp:4.9.0
   ├─ com.squareup.okhttp3:logging-interceptor:4.9.0
   │  └─ com.bynder:bynder-java-sdk:2.2.8
   └─ com.squareup.retrofit2:retrofit:2.9.0 com.squareup.okhttp3:okhttp:3.14.9 -> 4.9.0
      ├─ com.bynder:bynder-java-sdk:2.2.8
      ├─ com.squareup.retrofit2:adapter-rxjava2:2.9.0
      │  └─ com.bynder:bynder-java-sdk:2.2.8
      └─ com.squareup.retrofit2:converter-gson:2.9.0
         └─ com.bynder:bynder-java-sdk:2.2.8

The output is an inverse dependency tree showing all subtrees that depend on com.squareup.okhttp3:okhttp.

Related Questions in JAVA

Related Questions in DEPENDENCIES

Related Questions in MAVEN-3

Related Questions in COURSIER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.