Generic Top

Get started with Spring 5 and Spring Boot 2, through the Learn Spring course:

>> CHECK OUT THE COURSE

1. Overview

In this tutorial, we'll learn how to detect duplicate dependencies in pom.xml using Maven commands. We'll also see how to fail a build if duplicate dependencies are present using the Maven Enforcer Plugin.

2. Why Detect Duplicate Dependencies?

The risk with having duplicate dependencies in pom.xml is that the latest version of the targeted library may not be applied to our project's build path. For example, let's consider the following pom.xml:

<project>
  [...]
  <dependencies>
    <dependency>
      <groupId>org.apache.commons</groupId>
      <artifactId>commons-lang3</artifactId>
      <version>3.12.0</version>
    </dependency>
    <dependency>
      <groupId>org.apache.commons</groupId>
      <artifactId>commons-lang3</artifactId>
      <version>3.11</version>
    </dependency>
  </dependencies>
   [...]
</project>

As we can see, there are two dependencies for the same library, commons-lang3, though the version is different in both these dependencies.

Next, let's see how to use Maven commands to detect these duplicate dependencies.

3. The Dependency Tree Command

Let's run the command mvn dependency:tree from our terminal and see the output.

$ mvn dependency:tree
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 15
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:tree (default-cli) @ maven-duplicate-dependencies ---
[WARNING] The artifact xml-apis:xml-apis:jar:2.0.2 has been relocated to xml-apis:xml-apis:jar:1.0.b2
[INFO] com.baeldung:maven-duplicate-dependencies:jar:0.0.1-SNAPSHOT
[INFO] \- org.apache.commons:commons-lang3:jar:3.11:compile
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  1.136 s
[INFO] Finished at: 2021-12-20T09:45:20+05:30
[INFO] ------------------------------------------------------------------------

Here, we get a warning about the presence of duplicate dependencies in pom.xml. We also notice that version 3.11 of commons-lang3.jar is added to the project, even though a higher version, 3.12.0, is present. It happened because Maven picked the dependency that appeared later in the pom.xml.

4. The Dependency analyze-duplicate Command

Now let's run the command mvn dependency:analyze-duplicate and check the output.

$ mvn dependency:analyze-duplicate
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 15
[WARNING]
[WARNING] It is highly recommended to fix these problems because they threaten the stability of your build.
[WARNING]
[WARNING] For this reason, future Maven versions might no longer support building such malformed projects.
[WARNING]
[INFO]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-dependency-plugin:2.8:analyze-duplicate (default-cli) @ maven-duplicate-dependencies ---
[WARNING] The artifact xml-apis:xml-apis:jar:2.0.2 has been relocated to xml-apis:xml-apis:jar:1.0.b2
[INFO] List of duplicate dependencies defined in <dependencies/> in your pom.xml:
        o org.apache.commons:commons-lang3:jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.835 s
[INFO] Finished at: 2021-12-20T09:54:02+05:30
[INFO] ------------------------------------------------------------------------

Here, we notice that both the WARNING and the INFO log statements mention the presence of duplicate dependencies.

5. Failing a Build if Duplicate Dependencies Are Present

In the above examples, we saw how to detect duplicate dependencies, but the BUILD is still successful. This may lead to an incorrect version of the jar being used.

Using Maven Enforcer Plugin, we can ensure that a build is unsuccessful if duplicate dependencies are present.

For this, we need to add this Maven plugin to our pom.xml and add the rule banDuplicatePomDependencyVersions:

<project>
  [...]
  <build>
    <plugins>
      <plugin>
        <groupId>org.apache.maven.plugins</groupId>
        <artifactId>maven-enforcer-plugin</artifactId>
        <version>3.0.0</version>
        <executions>
          <execution>
            <id>no-duplicate-declared-dependencies</id>
            <goals>
              <goal>enforce</goal>
            </goals>
            <configuration>
              <rules>
                <banDuplicatePomDependencyVersions/>
              </rules>
            </configuration>
          </execution>
        </executions>
      </plugin>
    </plugins>
  </build>
  [...]
</project>

Now, the rule binds our Maven build:

$ mvn verify
[INFO] Scanning for projects...
[WARNING]
[WARNING] Some problems were encountered while building the effective model for com.baeldung:maven-duplicate-dependencies:jar:0
.0.1-SNAPSHOT
[WARNING] 'dependencies.dependency.(groupId:artifactId:type:classifier)' must be unique: org.apache.commons:commons-lang3:jar -
> version 3.12.0 vs 3.11 @ line 14, column 14
[WARNING]
[INFO] -------------< com.baeldung:maven-duplicate-dependencies >--------------
[INFO] Building maven-duplicate-dependencies 0.0.1-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-enforcer-plugin:3.0.0:enforce (no-duplicate-declared-dependencies) @ maven-duplicate-dependencies ---
[WARNING] Rule 0: org.apache.maven.plugins.enforcer.BanDuplicatePomDependencyVersions failed with message:
Found 1 duplicate dependency declaration in this project:
 - dependencies.dependency[org.apache.commons:commons-lang3:jar] ( 2 times )

[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  0.537 s
[INFO] Finished at: 2021-12-20T09:55:46+05:30
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal org.apache.maven.plugins:maven-enforcer-plugin:3.0.0:enforce (no-duplicate-declared-dependencies) on project maven-duplicate-dependencie
s: Some Enforcer rules have failed. Look above for specific messages explaining why the rule failed.

6. Removing Duplicate Dependencies

Once we have identified our duplicate dependencies, the simplest way to remove them is to delete them from pom.xml and keep only those unique dependencies that are used by our project.

7. Conclusion

In this article, we learned how to detect duplicate dependencies in Maven using the mvn dependency:tree and mvn dependency:analyze-duplicate commands. We also saw how the Maven Enforcer Plugin could be used to fail a build that contains duplicate dependencies by applying an inbuilt rule.

Generic bottom

Get started with Spring 5 and Spring Boot 2, through the Learn Spring course:

>> CHECK OUT THE COURSE
Generic footer banner
1 Comment
Oldest
Newest
Inline Feedbacks
View all comments
Comments are closed on this article!