Socket
Socket
Sign inDemoInstall

pom-dependency-analyzer

Package Overview
Dependencies
24
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

pom-dependency-analyzer

Command line tool for generating a changelog, or releasenotes, from a GIT repository.


Version published
Maintainers
1
Weekly downloads
1
decreased by-50%

Weekly downloads

Readme

Source

Pom Dependency Analyzer

Build Status NPM

This is a command line tool that parses the dot output of mvn dependency:tree and manages a set of json-files with its findings. The output can be used with Pom Dependency Analyzer Web to create a browsable webpage.

Intended to be used to identify, not only dependencies of an artifact, but also its dependants. Something that is often a problem when automating build processes.

You may try this on a public repository but be careful! Is is very likely a violation of its terms of service. See: https://central.sonatype.org/terms.html

Example (change to whatever pom-file you want to examine):

POM_FILE=~/.m2/repository/se/bjurr/violations/violations-maven-plugin/1.19/violations-maven-plugin-1.19.pom \
 && mvn dependency:tree -DoutputType=dot -Doutput=$POM_FILE.dot -f $POM_FILE \
 && npx pom-dependency-analyzer -d $POM_FILE.dot -sf metadata/folder

You can also run with java: java -jar pom-dependency-analyzer-*.jar -d $POM_FILE.dot.

Or all pom:s in a specific folder:

find ~/.m2/repository/se/bjurr -type f -name "*.pom" \
 | xargs -I % sh -c '([ ! -e %.dot ] || grep -Fq "\-SNAPSHOT" %) \
 && mvn dependency:tree -DoutputType=dot -Doutput=%.dot -f % \
 && npx pom-dependency-analyzer -d %.dot -sf metadata/folder \
 && echo $(find ~/.m2 -name "*.pom.dot" | wc -l)/$(find ~/.m2 -name "*.pom" | wc -l)\
 || echo Skipping: %'

You may use Pom Downloader to download pom-files.

You may use Pom Dependency Analyzer Web to create a browsable webpage, and REST API, from this output.

Usage

-ci, --create-image <boolean>              Create an image showing the result 
                                           of analysis.
                                           <boolean>: true or false
                                           Default: false
-d, --dot <path>                           This is the output file from 'mvn 
                                           dependency:tree -Doutput=file.dot -
                                           DoutputType=dot'
                                           <path>: a file path
                                           Default: /home/bjerre/workspace/pom-dependency-analyzer/.
-h, --help <argument-to-print-help-for>    <argument-to-print-help-for>: an argument to print help for
                                           Default: If no specific parameter is given the whole usage text is given
-md, --metadata <string>                   These key/values will be stored 
                                           together with the artifact. Can be used to 
                                           record things like artifacts git repo or 
                                           artifacts Jenkins job URL. [Supports Multiple occurrences]
                                           <string>: any string
                                           Default: Empty list
-sf, --storage-folder <string>             This is where it will store files.
                                           <string>: any string
                                           Default: <user home>/.m2

Keywords

FAQs

Last updated on 31 May 2019

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc