黑名单Maven依赖项 [英] Blacklist Maven dependencies
问题描述
有没有办法,例如一个Maven插件,它可以列出不需要的/黑色列出的依赖项(直接和传递),如果它检测到列出的依赖项之一,它将无法构建?
Is there a way e.g. a Maven plug in that can take a list of unwanted/black listed dependencies (direct and transitive) and fails the build if it detects one of listed dependencies?
在我的项目中我们严格要求摆脱Apache Commons Logging并将其替换为SLF4J JCL Bridge。我知道我们必须排除不需要的deps自己,但是如果有人添加了一个带来黑名单依赖的依赖项,我想让构建失败。
In my project we strictly want to get rid of Apache Commons Logging and replace it with the SLF4J JCL Bridge. I am aware that we have to exclude the unwanted deps ourselfs but I would like to have the build failed if someone adds a dependency that brings in blacklisted dependency.
推荐答案
您可以使用 maven-enforcer-禁止某些依赖项插件
。
You can ban some dependencies using the maven-enforcer-plugin
.
以下是他们排除Apache Commons Logging的更新示例。
Here is their example with updates for your exclusion of Apache Commons Logging.
<project>
[...]
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
<version>1.1.1</version>
<executions>
<execution>
<id>enforce-banned-dependencies</id>
<goals>
<goal>enforce</goal>
</goals>
<configuration>
<rules>
<bannedDependencies>
<excludes>
<exclude>commons-logging:commons-logging</exclude>
</excludes>
</bannedDependencies>
</rules>
<fail>true</fail>
</configuration>
</execution>
</executions>
</plugin>
</plugins>
</build>
[...]
</project>
运行 mvn install
时的输出将是:
[WARNING] Rule 1: org.apache.maven.plugins.enforcer.BannedDependencies failed with message:
Found Banned Dependency: commons-logging:commons-logging:jar:1.1.1
Use 'mvn dependency:tree' to locate the source of the banned dependencies.
这一切都以 BUILD FAILURE
结尾。
这篇关于黑名单Maven依赖项的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!