Master Maven Dependency Analysis: Spot Unused and Undeclared JARs

Why perform dependency analysis?

After years of working with .Net, Winform, WPF, ASP.NET MVC, and ASP.NET Core, the author shifted to front‑end and operations, now handling private‑cloud projects where vulnerability scans often expose outdated JARs that need urgent fixes or upgrades.

How to run the analysis

For Maven projects, simply execute the built‑in dependency analysis plugin:

<code>mvn dependency:analyze</code>

Review the console output, focusing on two sections:

Used undeclared dependencies found

Unused declared dependencies found

Used undeclared dependencies found

This warning means the code uses a class from a JAR that is not declared directly in

pom.xml

but is pulled in transitively. Add the missing JAR to

pom.xml

to make the dependency explicit.

Unused declared dependencies found

This warning indicates a JAR declared in

pom.xml

is not referenced in the

src/main/java

or

src/test/java

source code. You may remove such entries, but first ensure they are not required by configuration files or extension points, back up the

pom.xml

, and verify the project after removal.

When to run the analysis

During new project initialization : Choose required JARs carefully to avoid unnecessary cleanup later.

When refactoring code : Combine refactoring with a dependency audit to catch stale libraries early.

Risks and precautions

The analysis tool may produce false positives, especially for special usage patterns such as annotation processors. Always run comprehensive tests after removing dependencies.

When taking over an old project, do not rush to delete dependencies before understanding the codebase and business logic.

Quick method using IntelliJ IDEA

Open the project directory in IntelliJ IDEA, right‑click the

pom.xml

file, and select

Analyze Dependencies

from the Maven menu. IntelliJ will display the analysis results, allowing you to add missing dependencies or delete unused ones directly.