pom-dependency-analyzer
Advanced tools
Command line tool for generating a changelog, or releasenotes, from a GIT repository.
This is a command line tool that parses the dot output of mvn dependency:tree and manages a set of json-files with its findings. The output can be used with Pom Dependency Analyzer Web to create a browsable webpage.
Intended to be used to identify, not only dependencies of an artifact, but also its dependants. Something that is often a problem when automating build processes.
You may try this on a public repository but be careful! Is is very likely a violation of its terms of service. See: https://central.sonatype.org/terms.html
Example (change to whatever pom-file you want to examine):
POM_FILE=~/.m2/repository/se/bjurr/violations/violations-maven-plugin/1.19/violations-maven-plugin-1.19.pom \
&& mvn dependency:tree -DoutputType=dot -Doutput=$POM_FILE.dot -f $POM_FILE \
&& npx pom-dependency-analyzer -d $POM_FILE.dot -sf metadata/folder
You can also run with java: java -jar pom-dependency-analyzer-*.jar -d $POM_FILE.dot.
Or all pom:s in a specific folder:
find ~/.m2/repository/se/bjurr -type f -name "*.pom" \
| xargs -I % sh -c '([ ! -e %.dot ] || grep -Fq "\-SNAPSHOT" %) \
&& mvn dependency:tree -DoutputType=dot -Doutput=%.dot -f % \
&& npx pom-dependency-analyzer -d %.dot -sf metadata/folder \
&& echo $(find ~/.m2 -name "*.pom.dot" | wc -l)/$(find ~/.m2 -name "*.pom" | wc -l)\
|| echo Skipping: %'
You may use Pom Downloader to download pom-files.
You may use Pom Dependency Analyzer Web to create a browsable webpage, and REST API, from this output.
-ci, --create-image <boolean> Create an image showing the result
of analysis.
<boolean>: true or false
Default: false
-d, --dot <path> This is the output file from 'mvn
dependency:tree -Doutput=file.dot -
DoutputType=dot'
<path>: a file path
Default: /home/bjerre/workspace/pom-dependency-analyzer/.
-h, --help <argument-to-print-help-for> <argument-to-print-help-for>: an argument to print help for
Default: If no specific parameter is given the whole usage text is given
-md, --metadata <string> These key/values will be stored
together with the artifact. Can be used to
record things like artifacts git repo or
artifacts Jenkins job URL. [Supports Multiple occurrences]
<string>: any string
Default: Empty list
-sf, --storage-folder <string> This is where it will store files.
<string>: any string
Default: <user home>/.m2
FAQs
Command line tool for generating a changelog, or releasenotes, from a GIT repository.
We found that pom-dependency-analyzer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Meet Socket at Black Hat & DEF CON 2025 for 1:1s, insider security talks at Allegiant Stadium, and a private dinner with top minds in software supply chain security.
Security News
CAI is a new open source AI framework that automates penetration testing tasks like scanning and exploitation up to 3,600× faster than humans.
Security News
Deno 2.4 brings back bundling, improves dependency updates and telemetry, and makes the runtime more practical for real-world JavaScript projects.