我正在寻找一种在 3rd 方库中查找依赖冲突的方法。我知道mvn dependency:tree, 它的-Dverbose和-Dincludes选项。这很好用,但有几个缺点:
pom.xml具有 3rd 方依赖项的文件。这是一种有点迂回的方式,并且对于快速查看几个库的依赖关系来说很乏味。dependency:tree下载所有依赖关系,对于大型依赖关系图,这可能会很慢并且消耗大量带宽。dependency:tree -Dverbose确实显示了冲突,但它非常冗长,因为它还显示了所有非冲突的依赖项。Coursier依赖解析器的 CLI可以做到这一点。例如,要查找依赖冲突,com.bynder:bynder-java-sdk:2.2.8可以使用resolve带有标志的 Coursier 命令--conflict:
$ cs resolve --conflicts com.bynder:bynder-java-sdk:2.2.8
org.jetbrains.kotlin:kotlin-stdlib-common:1.4.10 was selected, but
com.squareup.okio:okio:2.8.0 wanted version 1.4.0
io.reactivex.rxjava2:rxjava:2.2.20 was selected, but
com.squareup.retrofit2:adapter-rxjava2:2.9.0 wanted version 2.0.0
com.squareup.okhttp3:okhttp:4.9.0 was selected, but
com.squareup.retrofit2:retrofit:2.9.0 wanted version 3.14.9
org.jetbrains.kotlin:kotlin-stdlib:1.4.10 was selected, but
com.squareup.okio:okio:2.8.0 wanted version 1.4.0
这会输出一个冲突列表,仅此而已。除了元数据外,没有下载任何工件,整个过程非常快。
要进一步探索 eg 上的冲突com.squareup.okhttp3:okhttp来自何处,您可以运行
$ cs resolve com.bynder:bynder-java-sdk:2.2.8 --what-depends-on com.squareup.okhttp3:okhttp
Result:
└─ com.squareup.okhttp3:okhttp:4.9.0
├─ com.squareup.okhttp3:logging-interceptor:4.9.0
│ └─ com.bynder:bynder-java-sdk:2.2.8
└─ com.squareup.retrofit2:retrofit:2.9.0 com.squareup.okhttp3:okhttp:3.14.9 -> 4.9.0
├─ com.bynder:bynder-java-sdk:2.2.8
├─ com.squareup.retrofit2:adapter-rxjava2:2.9.0
│ └─ com.bynder:bynder-java-sdk:2.2.8
└─ com.squareup.retrofit2:converter-gson:2.9.0
└─ com.bynder:bynder-java-sdk:2.2.8
输出是一个反向依赖树,显示所有依赖于 的子树com.squareup.okhttp3:okhttp。