Using Maven Dependency Analyzer to Detect Unused and Undeclared Java Dependencies

The author shares a personal journey from .Net to front‑end and finally to operations, culminating in a need to manage Maven‑based Java projects that often expose vulnerable or unnecessary JAR files during client security scans.

For Maven projects, the built‑in dependency analysis tool can be invoked with a single command:

mvn dependency:analyze

After execution, the console prints warnings such as Used undeclared dependencies found and Unused declared dependencies found . The former indicates a library used in code but not declared in pom.xml , usually pulled transitively; the latter lists dependencies declared but never referenced in the main or test source code.

Examples are provided: if B.jar is used but only A.jar is declared, Maven will warn about the missing declaration, prompting you to add B.jar to pom.xml . Conversely, dependencies like com.alibaba:dubbo or mysql:mysql-connector-java that appear in the warning list can be safely removed after confirming they are not required.

Before removing any dependency, back up pom.xml and ensure the definition of “unused” excludes configuration files or extension points. Because Maven’s analysis may produce false positives, thorough testing after changes is essential.

The article also advises when to perform dependency clean‑up: during new project initialization, when refactoring feature code, or when taking over legacy projects (with caution). It highlights risks such as accidental removal of needed libraries and stresses that results are for reference only.

A quick method using IntelliJ IDEA is described: open the project directory, right‑click pom.xml , select the “Analyze Dependencies” option, and let the IDE present the same analysis results for easy action.

At the end, a promotional note invites readers to scan a QR code or reply with “图书” to receive a free book management system source code, and lists previous content links.