Hello, I would like to propose a new Maven feature: dependency deprecation indicators.
In a nutshell, the idea is to let maintainers set a 'deprecated' metadata indicator on a Maven artifact in a repository. This will indicate to users that the artifact should no longer be used. The Maven CLI tools could then react to deprecation indicators in the appropriate ways: - `mvn` itself: Print a warning when deprecated dependencies are seen. - Maven Enforcer Plugin: Add a <banDeprecatedDependencies> rule which throws an error when deprecated dependencies are seen. - Maven Dependency Tree: Print a [deprecated] notice next to any deprecated dependency in the tree. - ...and so on We can also envisage automated agents like Dependabot using these indicators to alert developers about deprecated dependencies in their stacks, and assisting developers to remove them. Some of the major build tools outside the JVM already have deprecation indicators: - NPM: https://docs.npmjs.com/cli/v7/commands/npm-deprecate - Nuget: https://docs.microsoft.com/en-us/nuget/nuget-org/deprecate-packages - Composer / Packagist: https://tomasvotruba.com/blog/2017/07/03/how-to-deprecate-php-package-without-leaving-anyone-behind/ So the feature has precedent, and I believe it would be useful to have in Maven. If there is demand for it, I am willing to work on it. There are definitely several good questions to be answered about what exactly the feature would look like, so questions and comments are welcome :) Regards, Chris Kilding --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
