spring-boot-dependency-checker
v0.1.2
Published
Spring Boot Dependency Checker - validate that you're using the versions Spring Boot has approved with your project.
Downloads
620
Maintainers
Readme
spring-boot-dependency-checker
A small utility that finds manually overridden dependencies in a Maven POM, Gradle file, or SBOM for a Spring Boot application.
Usage
npm install -g spring-boot-dependency-checker
spring-boot-dependency-checker location/to/pom.xml
| File type | Dependencies | Properties | Accurate | |-----------------|--------------|------------|----------| | Maven POM | ✓ | ✓ | ✓ | | Gradle - Groovy | ✓ | ✗ | ✓ | | SBOM | ✓ | ✗ | ✗ |
Maven POM is the most accurate because it's generated from the source file
Gradle - Groovy does not support overwritten properties because those usually come from a separate file
SBOM is accurate until you have dependencies that pull in newer versions than what Spring Boot recommends, which results in false positives