You can write a simple app, using resolver. There are demo that perform fully functional things, for example
https://github.com/apache/maven-resolver/blob/master/maven-resolver-demos/maven-resolver-demo-snippets/src/main/java/org/apache/maven/resolver/examples/GetDependencyTree.java Hth T On Fri, Dec 16, 2022, 22:12 Aldrin Leal <ald...@leal.eng.br> wrote: > Thanks Michael, indeed this can be better worded What about? > > How to programatically list a poms dependencies (incl transitive) without > the risk of running untrusted/unauthorized code? > > -- > -- Aldrin Leal, <ald...@leal.eng.br> / https://aldrinleal.link > > > On Fri, Dec 16, 2022 at 3:55 PM Michael Osipov <micha...@apache.org> > wrote: > > > Am 2022-12-16 um 18:02 schrieb Aldrin Leal: > > > Hello, > > > > > > Just a question I'd like to confirm with you guys: How "safe" is to run > > > `dependency:tree` on a given arbitrary pom? > > > > > > I mean, whats the likelihood of that pom.xml triggering some "unsafe" > > code? > > > > > > And how would you do this in (listing all the required runtime jar > files > > > for a given project) the most secure way if you were given this task? > > > > Safety and security are two different things. What are you striving for? > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@maven.apache.org > > For additional commands, e-mail: dev-h...@maven.apache.org > > > > >
