Code Monkey home page Code Monkey logo

sbt-explicit-dependencies's Introduction

sbt-explicit-dependencies

Build Status

An sbt plugin to check that your libraryDependencies accurately reflects the libraries that your code depends on in order to compile.

For example, say your project declares only a single dependency:

libraryDependencies += "org.typelevel" %% "cats-effect" % "1.0.0"

This brings in a few other libraries as transitive dependencies, including cats-core.

If your code directly depends on classes from cats-core, e.g.:

val nel = cats.data.NonEmptyList.of(1, 2, 3)

then this plugin will warn you about that fact.

Why?

If you want to avoid dependency hell, it's good practice to explicitly declare all libraries that your code directly depends on for compilation.

How to install

Download

Add the plugin in project/plugins.sbt or as a global plugin in ~/.sbt/1.0/plugins/plugins.sbt:

addSbtPlugin("com.github.cb372" % "sbt-explicit-dependencies" % "latest version (see badge above)")

How to use

Finding accidental use of transitive dependencies

The undeclaredCompileDependencies task shows a list of dependencies that should be declared explicitly:

sbt:example> undeclaredCompileDependencies
[warn] example >>> The project depends on the following libraries for compilation but they are not declared in libraryDependencies:
[warn]  - "com.chuusai" %% "shapeless" % "2.3.3"
[warn]  - "com.google.guava" % "guava" % "26.0-jre"
[warn]  - "org.typelevel" %% "cats-core" % "1.2.0"
[warn]  - "org.typelevel" %% "cats-effect" % "0.10.1"
[success] Total time: 0 s, completed 01-Oct-2018 00:16:31

There is also a task undeclaredCompileDependenciesTest which will fail the build if there are any undeclared dependencies. This can be useful as part of a CI pipeline:

sbt:example> undeclaredCompileDependenciesTest
[warn] example >>> The project depends on the following libraries for compilation but they are not declared in libraryDependencies:
[warn]  - "com.chuusai" %% "shapeless" % "2.3.3"
[warn]  - "com.google.guava" % "guava" % "26.0-jre"
[warn]  - "org.typelevel" %% "cats-core" % "1.2.0"
[warn]  - "org.typelevel" %% "cats-effect" % "0.10.1"
[error] (undeclaredCompileDependenciesTest) Failing the build because undeclared dependencies were found
[error] Total time: 1 s, completed 01-Oct-2018 00:17:05

Finding unnecessary dependencies

The unusedCompileDependencies task shows a list of libraries that have been declared as dependencies but are not actually needed for compilation:

sbt:example> unusedCompileDependencies
[warn] example >>> The following libraries are declared in libraryDependencies but are not needed for compilation:
[warn]  - "com.github.cb372" %% "scalacache-guava" % "0.24.3"
[warn]  - "org.http4s" %% "http4s-circe" % "0.18.16"
[warn]  - "org.postgresql" % "postgresql" % "42.2.5"
[warn]  - "org.tpolecat" %% "doobie-postgres" % "0.5.3"
[success] Total time: 0 s, completed 01-Oct-2018 00:17:34

This is also a task unusedCompileDependenciesTest which will fail the build if this list is non-empty. This can be useful as part of a CI pipeline:

sbt:example> unusedCompileDependenciesTest
[warn] example >>> The following libraries are declared in libraryDependencies but are not needed for compilation:
[warn]  - "com.github.cb372" %% "scalacache-guava" % "0.24.3"
[warn]  - "org.http4s" %% "http4s-circe" % "0.18.16"
[warn]  - "org.postgresql" % "postgresql" % "42.2.5"
[warn]  - "org.tpolecat" %% "doobie-postgres" % "0.5.3"
[error] (unusedCompileDependenciesTest) Failing the build because unused dependencies were found
[error] Total time: 0 s, completed 01-Oct-2018 00:18:00

Filtering the results

If the result of either undeclaredCompileDependencies or unusedCompileDependencies contains any dependencies you don't care about, you can exclude them using the undeclaredCompileDependenciesFilter and unusedCompileDependenciesFilter settings.

For example:

unusedCompileDependenciesFilter -= moduleFilter("org.scalaz", "scalaz")

Note: If you're filtering things out because you think the plugin is returning false-positive results, please open a GitHub issue.

Example project

There is an example sbt project in the example folder so you can see the plugin in action.

sbt-explicit-dependencies's People

Contributors

anilkumarmyla avatar barambani avatar cb372 avatar dwijnand avatar igstan avatar philippus avatar takayahilton avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.