Gradle Unused Dependencies



Nov 19, 2017 The Gradle Lint plugin is a pluggable and configurable linter tool for identifying and reporting on patterns of misuse or deprecations in Gradle scripts and related files. This plugin has various rules. Unused Dependency Rule is one of them. It has 3 specific characteristics. Removes unused dependencies.

  • Every dependency declared for a Gradle project applies to a specific scope. For example some dependencies should be used for compiling source code whereas others only need to be available at runtime. Gradle represents the scope of a dependency with the help of a Configuration. Every configuration can be identified by a unique name.
  • Gradle provides sufficient tooling to navigate large dependency graphs and mitigate situations that can lead to dependency hell. Users can choose to render the full graph of dependencies as well as identify the selection reason and origin for a dependency. The origin of a dependency can be a.
  • On Square’s famous monolith, with nearly 3 000 Gradle modules (aka projects aka subprojects), buildHealth was invoked on a subsection of the full module graph, and there found about 3 000 unused dependencies (2 000 between modules and 1 000 external).
  • The Gradle plugin that finds unused dependencies, declared and transitive is com.github.nullstress.dependency-analysis But its latest version 1.0.3 is created 23 December 2014. After that there aren't any updates. N.B: Many of our engineers are being confused about this plugin as they updated only the version number, nothing else.
Gradle lint unused dependenciesUnneededUnused
  • Status:Resolved
  • Affects Version/s:0.9.1

I have a project with a large number of dependencies in the build file. The dependencies have been configured to come from a local installation of Nexus, which will then proxy various external repos as well as our own hosted repositories.

Often, when running a simple task (or just calling 'gradle depenencies'), gradle will pause for a very long time (often up to 5 minutes) while it displays messages about retrieving various pom files for other internal projects. It seemed an unusually long time to pause, so I started wireshark to see what was happening: it appears that for every jar file we depend on, gradle will also do a HTTP HEAD request on various associated artifacts. For example, to retrieve a
jar called DataType, the following requests are made:

HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.pom HTTP/1.1
GET /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.pom HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.jar HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94-sources.jar HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94-src.jar HTTP/1.1
HEAD /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94-javadoc.jar HTTP/1.1
GET /nexus/content/groups/public/com/example/DataType/1.0.94/DataType-1.0.94.jar HTTP/1.1

Gradle Unused Dependencies App

The problem is that DataType-1.0.94-sources.jar, DataType-1.0.94-src.jar and DataType-1.0.94-javadoc.jar do not exist. Because gradle requested them, Nexus realises that it doesn't have them locally, and then searches the external repositories for them, which takes a long time (sometimes up to 10 seconds). Multiple this by about 20 different dependencies, this adds an enormous amount of time to what I would have expected to be a quick task.

Gradle Lint Unused Dependencies

Gradle should not be requesting the '-sources', '-src' and '-javadoc' artifacts when it doesn't need them.

Gradle Report Unused Dependencies

Votes:
2Vote for this issue
Watchers:
3Start watching this issue