pom-dependency-analyzer
Advanced tools
Command line tool for generating a changelog, or releasenotes, from a GIT repository.
This is a command line tool that parses the dot output of mvn dependency:tree and manages a set of json-files with its findings. The output can be used with Pom Dependency Analyzer Web to create a browsable webpage.
Intended to be used to identify, not only dependencies of an artifact, but also its dependants. Something that is often a problem when automating build processes.
You may try this on a public repository but be careful! Is is very likely a violation of its terms of service. See: https://central.sonatype.org/terms.html
Example (change to whatever pom-file you want to examine):
POM_FILE=~/.m2/repository/se/bjurr/violations/violations-maven-plugin/1.19/violations-maven-plugin-1.19.pom \
&& mvn dependency:tree -DoutputType=dot -Doutput=$POM_FILE.dot -f $POM_FILE \
&& npx pom-dependency-analyzer -d $POM_FILE.dot -sf metadata/folder
You can also run with java: java -jar pom-dependency-analyzer-*.jar -d $POM_FILE.dot.
Or all pom:s in a specific folder:
find ~/.m2/repository/se/bjurr -type f -name "*.pom" \
| xargs -I % sh -c '([ ! -e %.dot ] || grep -Fq "\-SNAPSHOT" %) \
&& mvn dependency:tree -DoutputType=dot -Doutput=%.dot -f % \
&& npx pom-dependency-analyzer -d %.dot -sf metadata/folder \
&& echo $(find ~/.m2 -name "*.pom.dot" | wc -l)/$(find ~/.m2 -name "*.pom" | wc -l)\
|| echo Skipping: %'
You may use Pom Downloader to download pom-files.
You may use Pom Dependency Analyzer Web to create a browsable webpage, and REST API, from this output.
-ci, --create-image <boolean> Create an image showing the result
of analysis.
<boolean>: true or false
Default: false
-d, --dot <path> This is the output file from 'mvn
dependency:tree -Doutput=file.dot -
DoutputType=dot'
<path>: a file path
Default: /home/bjerre/workspace/pom-dependency-analyzer/.
-h, --help <argument-to-print-help-for> <argument-to-print-help-for>: an argument to print help for
Default: If no specific parameter is given the whole usage text is given
-md, --metadata <string> These key/values will be stored
together with the artifact. Can be used to
record things like artifacts git repo or
artifacts Jenkins job URL. [Supports Multiple occurrences]
<string>: any string
Default: Empty list
-sf, --storage-folder <string> This is where it will store files.
<string>: any string
Default: <user home>/.m2
FAQs
Command line tool for generating a changelog, or releasenotes, from a GIT repository.
We found that pom-dependency-analyzer demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISA is discontinuing official RSS support for KEV and cybersecurity alerts, shifting updates to email and social media, disrupting automation workflows.
Security News
The MCP community is launching an official registry to standardize AI tool discovery and let agents dynamically find and install MCP servers.
Research
Security News
Socket uncovers an npm Trojan stealing crypto wallets and BullX credentials via obfuscated code and Telegram exfiltration.