Blacklist Maven dependencies

后端未结

关注

 2  695

终归单人心 2020-12-30 02:59

Is there a way e.g. a Maven plug in that can take a list of unwanted/black listed dependencies (direct and transitive) and fails the build if it detects one of listed depend

2条回答

-上瘾入骨i (楼主)

2020-12-30 03:23

You can ban some dependencies using the maven-enforcer-plugin.

Here is their example with updates for your exclusion of Apache Commons Logging.


  [...]
  
    
      
        org.apache.maven.plugins
        maven-enforcer-plugin
        1.1.1
        
          
            enforce-banned-dependencies
            
              enforce
            
            
              
                
                  
                    commons-logging:commons-logging
                  
                
              
              true
            
          
        
      
    
  
  [...]

The output when running mvn install will be:

[WARNING] Rule 1: org.apache.maven.plugins.enforcer.BannedDependencies failed with message:
Found Banned Dependency: commons-logging:commons-logging:jar:1.1.1
Use 'mvn dependency:tree' to locate the source of the banned dependencies.

It all ends with a BUILD FAILURE.

0 讨论(0)

查看其它2个回答