-
Notifications
You must be signed in to change notification settings - Fork 64
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Npm packages with dependencies that have version ranges produce really bad pom.xml metadata #1951
Comments
Yeah, Maven version ranges are a bad idea. I think the alternative (not replicating that information) is worse. But I need to noodle that more. In the meantime, the issue you ran into was because neither
I'll investigate that and see if we can get that dependency deployed. FWIW, Users do occasionally run into these kinds of issues with missing transitives and removing ranges wouldn't fix that. |
Some further info on the issue with |
I can't find why Maven is picking the lowest in the range. Seems strange to me. But I was able to deploy I'll continue thinking about not using ranges and instead locking to the latest available in the specified range. |
Maven tries the resolve the 1.8.3 dependencies because it literally has to download all the poms for all the versions in that (really large) range. It takes about 10 minutes just to fail for me, having worked its way up from 1.8.0. It’s not a good thing. |
Side note, Gradle does the right thing (doesn't download the universe) and resolves the transitive dependency to be |
You simply can't trust that any library with a pom.xml that contains a dependency with a version range is ever going to work in practice. It is hugely inefficient (Maven has to look at all the candidates and download them), so it can take all day to simply list the dependencies. There are also often errors in the NPM metadata, or inconsistencies with the webjars repositories that actually just break the build.
Here's a sample that fails with
mvn dependency:list
:Result:
The problem stems from the fact that
jquery-ui
has this in itspackage.json
:which translates into this in the webjars
pom.xml
:That version range is evil. Version ranges make sense (marginally) for apps. they never work out well for libraries. It would be better to simply depend on the latest version available.
The text was updated successfully, but these errors were encountered: