Analyzing and Cleaning Maven Project Dependencies with mvn dependency:analyze

Why do this? Over the years the author transitioned from .NET to front‑end and now to operations, encountering frequent security scans that expose vulnerable JAR files in Maven projects. Identifying unnecessary or missing dependencies helps keep the project secure and maintainable.

How to do it? Maven provides a built‑in analysis tool. Open a terminal in the project root (or the Terminal tab in IntelliJ IDEA) and run:

mvn dependency:analyze

Inspect the console output. Maven will list two sections:

Used undeclared dependencies found : dependencies that are actually used in the code but are not declared in pom.xml . They are usually pulled transitively and should be added explicitly.

Unused declared dependencies found : dependencies declared in pom.xml that are not referenced in the main or test source code and can be removed.

Example warning output:

[WARNING] Used undeclared dependencies found: B.jar
[WARNING] Unused declared dependencies found: com.alibaba:dubbo:jar:2.5.3:compile

If a warning appears for a used undeclared JAR, add the corresponding <dependency> entry to pom.xml . For unused declared dependencies, consider removing them after confirming they are not required by configuration files or other extension points.

When to run it? Run the analysis:

When initializing a new project – choose only the necessary JARs to avoid later cleanup.

During functional code refactoring – a good moment to audit and prune dependencies.

Risks to watch

Only code under src/main/java and src/test/java is considered; resources or configuration‑driven usage may be missed.

Back up pom.xml before removing dependencies.

Maven's analysis may produce false positives; thorough testing after changes is essential.

Shortcut method

IntelliJ IDEA can run the same analysis without the command line: right‑click the pom.xml file, choose Maven → Analyze Dependencies , and review the results in the IDE.

Following these steps helps keep Maven projects clean, reduces security exposure, and improves build performance.