DependcyManagement or dependencies ?? in pom maven

Question

According to the maven docs Dependency management

is a mechanism for centralizing dependency information.

and from this question here SO Question, many people suggested to use Dependency managmement instead of dependencies when we have a common jar file for all children.

as in dependency management , dependencies are propogated only when children request for it but incase of dependencies the dependecies are propogated even when not required.

but wouldn't it be a better approch when the jar file is common to all children ,i.e when all the children inherit the same jar file

for example (rewritten example taken from maven docs)

child a

  <dependencies>
    <dependency>
      <groupId>group-a</groupId>
      <artifactId>artifact-a</artifactId>
    </dependency>

    <dependency>
      <groupId>group-c</groupId>
      <artifactId>artifact-b</artifactId>
    </dependency>
  </dependencies>

child b

  <dependencies>
    <dependency>
      <groupId>group-c</groupId>
      <artifactId>artifact-b</artifactId>
    </dependency>

    <dependency>
      <groupId>group-a</groupId>
      <artifactId>artifact-b</artifactId>
    </dependency>
  </dependencies>

parent of both a and b


  <dependencyManagement>
    <dependencies>
      <dependency>
        <groupId>group-a</groupId>
        <artifactId>artifact-a</artifactId>
        <version>1.0</version>
      </dependency>
    </dependencies>
  </dependencyManagement>

but wouldn't this yeild the same result ??

parent of both a and b

    <dependencies>
      <dependency>
        <groupId>group-a</groupId>
        <artifactId>artifact-a</artifactId>
        <version>1.0</version>
      </dependency>
    </dependencies>

child a

  <dependencies>
    <dependency>
      <groupId>group-c</groupId>
      <artifactId>artifact-b</artifactId>
    </dependency>
  </dependencies>

child b

  <dependencies>
    <dependency>
      <groupId>group-c</groupId>
      <artifactId>artifact-b</artifactId>
    </dependency>
  </dependencies>

or did i misunderstand them??

and which one should i use and in what conditions ??

ursa · Answer 1 · 2020-06-12T08:54:45.157

0

Dependency management section in the parent pom is managing versions and only versions of these libraries, when you are using them in the child projects.

Dependency section on the contrary ENFORCES all child modules to have these dependencies, regardless child modules need them or not.

If you are sure ALL your child modules will use group-a:module-a:version, then feel free to declare it in parent dependencies section.

If you have at least one child module in the project, where such enforced dependency is unnecessary, then dependencyManagement better suites your need.

edited Jun 12 '20 at 08:54

answered Jun 12 '20 at 08:50

ursa

4,404
1
24
38

so if all the children needs them would it be better to use `dependencies` then?? – Jun 12 '20 at 08:52
so the only cost with `dependencies` is the unwanted inheritance correct?? i.e it's same same as `dependencyManagement` in every other sens? – Jun 12 '20 at 09:07
1

@ursa DependencyManagement does not only handles the versions it can also being used to handle exclusion at a central location and that's one of the reason to use dependencyManagement. Furthermore you have a central location in a project to define the versions of all what you are using. – khmarbaise Jun 12 '20 at 09:16
@Hummingbird exactly. – ursa Jun 12 '20 at 15:21
@khmarbaise while technically it is possible to manage exclusions, it could bring you a debug nightmare, if your project is a library used by other projects (with different root pom and exclusions). – ursa Jun 12 '20 at 15:21
I don't understand your relation to debugging? If you have to have exclusion that has usually a good reason to do so. Furthermore what do you mean by "..with different root pom and exclusions" ? – khmarbaise Jun 14 '20 at 21:52
I mean libraries development, that are used by multiple teams outside of your project or company. "debug" = resolving client problems caused by dependency inconsistence. The simplest example - you've excluded commons-logging from all your dependencies and used slf4j in your library. However client added Spring Framework and hence commons-logging was also added transitively. Almost harmless bug. However other dependencies could lead to more dangerous consequences. – ursa Jun 15 '20 at 11:15

DependcyManagement or dependencies ?? in pom maven

1 Answers1