Analyzing and Cleaning Maven Dependencies with the Maven Dependency Plugin

Since entering the workforce, the author has experienced multiple technology waves, moving from .Net Framework, Winform, WPF, Asp.Net MVC, to Asp.Net Core, and now works in operations, dealing with private‑cloud projects where vulnerability scans often expose problematic JAR dependencies.

To address Maven project dependency issues, the author recommends using Maven's built‑in dependency analysis tool. In IntelliJ IDEA, open the Terminal (or command line) at the project root and run:

mvn dependency:analyze

Review the console output, focusing on sections such as "Used undeclared dependencies found" and "Unused declared dependencies found". The output may look like:

[INFO]  --- maven-dependency-plugin:2.8:analyze (default-cli) @ xxxproject ---
[WARNING] Used undeclared dependencies found:
[WARNING]    org.springframework:spring-beans:jar:4.0.0.RELEASE:compile
[WARNING]    org.springframework:spring-context:jar:4.0.0.RELEASE:compile
[WARNING] Unused declared dependencies found:
[WARNING]    com.alibaba:dubbo:jar:2.5.3:compile
[WARNING]    com.alibaba:druid:jar:1.0.9:compile
[WARNING]    ...

The "Used undeclared dependencies" section indicates that the project uses a library that is not explicitly declared in pom.xml , often because it is pulled in transitively; you should add the missing dependency to the POM.

The "Unused declared dependencies" section lists dependencies declared in pom.xml but not referenced in the code (excluding configuration files). Before removing them, back up the POM, understand that the analysis only covers main/java and test sources, and verify that removal does not break the build.

When to run the analysis:

During new project initialization to avoid copying unnecessary dependencies from older projects.

During feature refactoring to clean up unused libraries.

Risks include false positives from the analysis tool, especially for annotation processors or other indirect usages; thorough testing after changes is essential.

For a quicker approach, IntelliJ IDEA provides a built‑in Maven dependency analyzer: right‑click pom.xml , choose “Maven → Analyze Dependencies”, and act on the results.

Following these steps helps maintain a stable, maintainable Java backend by keeping the dependency graph clean.