Maven 4: Still XML. Still boring. Still Winning.

What's so ugly about Maven?
Oh, right, XML. The ancient language feared by the hipster cult of Gradle.

But let's be honest:
You don't write build files every day. You come back after months, forget everything, and now… you're debugging a Groovy poem.
Maven? You squint at the XML, and boom. Autocomplete, structure, sanity.

Maven 4? Still XML. Still boring. Still… Winning at automations.
Yes there are more features, and yes you can use other DSL's than XML with polyglot or any other extension like also before.
Something new and interesting could be the BOM packaging and requirement of java 17. You can always build lower stuff also with 17. It's simply Java.

My killer feature of Maven:
Stable, sandboxed plugins, run directly from the command line. No need to create bloated build files.
No copy-pasting the same config into 12 submodules and repositories.
All automated. All under my control.
No need to depend on the next third party cloud elf named like dependabot.
Or an SDK Man for switching java versions.
All I need is simply a JAR file and a build tool which does not disrupt me.

Favourite Maven Spells - aka plugins running on my CI without defining them:
mvn wrapper:wrapper - Because of consistency, no jar binary inside my repo.
mvn dependency:tree - See who brought the uninvited guests.
mvn versions:update-properties - Auto-update without the bots.
mvn license:add-third-party - keep track of used licenses
mvn org.owasp:dependency-check-maven:check - Security without sacrifice.
[...]

Stop waiting for the next shiny thing, you can always contribute to any tool.
Start building. Or better automate it.

JavaLand is here! April 1 to 3, 2025 at Nürburgring!

Today's highlights:

Boost your Maven builds! Learn expert tips and tricks for optimizing your build process.

Secure your apps! Discover best practices and tools to strengthen your application security.

Is there any way to actively test if a maven dependency scope is set to “test” but would be required to be “compile”/“runtime”? I broke a build that way but can’t think of any way to catch that.

Dieser vergeudete Vormittag wurde ihnen präsentiert von https://github.com/google/guava/releases/tag/v33.4.5

Also um genau zu sein, die Tatsache, dass Guava mit 33.4.5 ein JPMS Module geworden ist und damit vorher transitiv durchscheinenden Artefakte unsichtbar geworden sind. Nichtsahnend Dependabot PR für Guava durchgeklickt und dann bei Verwendern tolle Buildfehler gefunden, die vorher nicht da waren.

I'm working on enabling the #DigiPres parts of our org by making some of the #COPTR Tool Grid apps available securely in a managed #Windows environment - first cab off the rank is a #Java app with bundled #JRE, which won't play well with our env

does anyone have experience using #maven & #jpackage as part of a build pipeline to create OS-native installers? my short-term target is a Windows MSI, but once that's in place the same pipeline should be able to spit out native installers for macOS (which we also use) & Linux (which we don't - yet )

I'm at the point where I'm about to clone the repo & start tinkering but would much rather re-use something already built than figure it out from docs & example code...

#boost4reach pls

#GLAM
#ausGLAM

Improving Maven's dependency:analyze... or not https://blog.frankel.ch/maven-dependency-analyze/
#Java #maven

Wednesday Links - Edition 2025-03-12
https://dev.to/0xkkocel/wednesday-links-edition-2025-03-12-16bc
#java #jvm #spring #kotlin #architecture #otlp #maven #kafka #jit #git

Maven build plan and execution order
https://info.michael-simons.eu/2025/03/10/maven-build-plan-and-execution-order/
#Java #maven

Understand the execution / build #plan of your #Maven project:

https://info.michael-simons.eu/2025/03/10/maven-build-plan-and-execution-order/

I'm trying to publish my first #Java library on maven central. I am able to find it at central.sonatype.com and maven can resolve it from there.

But I can't find it neither on https://search.maven.org nor on https://mvnrepository.com. It is a release version (not a snapshot), it is GPG signed and there are source and javadoc jars too.

Any ideas what I am doing wrong?

... Und schon wieder eine Idee für einen Artikel für die #heimatseite im #zwischennetz. Dieses Mal #java, #sbom, #spdx #apacheant , #apacheivy und #maven ...

Apache NetBeans 25 open-source IDE updates Gradle, Maven, and Java tooling, refining dependency resolution, test execution, and UI stability.
https://linuxiac.com/apache-netbeans-open-25-source-ide-released/

I was in an #apple shop, took 30 minutes to install @sdkman and @graalvm and #maven and @gnutools and built https://github.com/ozkanpakdil/swaggerific and see it working

m3 16gb MacBook air took 1 minute to compile the code latest graal 23.0.1 and it takes 4-5 minutes in my HP laptop, this apple tech is fast, I am intrigued

#privacy in trouble building: #Google is using data from ALL people's devices to feed it into #Maven (a AI trained for geopolitics and targeting enemies) the #1984 #dystopia #Google is #evil now #spy on all data #wtf what can you do?

STOP THIS MADNESS! #BETTERWORLD IS POSSIBLE!

get a pixel 7 pro or 8 pro or 9 pro and install https://grapheneos.org/ #grapheneos while this is not 100% grantee secret service will NOT collect ur data, it MASSIVELY reduces the amount of 500 pre installed privacy problematic apps on #smartphone
#google #fiveeyes #snowden #samsung #android #geopolitics

This presentation summarizes the changes coming in Maven 4 quite nicely:

https://gnodet.github.io/maven4-presentation/

Last Friday, I explained to a friend that I'm really not a fan of JitPack - an argument I've had numerous times. So this weekend I finally wrote down why I consider JitPack harmful to the ecosystem and a security risk.

https://committing-crimes.com/articles/2024-09-09-jitpack

@cmdr_nova

"It’s worth mentioning that Maven received 2 million dollars in funding from former Twitter CEO Ev Williams and OpenAI CEO Sam Altman"

Realize that 2 million dollars is chump change to these tech bros

A rounding error

But even so these "investors" certainly expect an ROI - a return on their investment

What part of #Maven's haul is to be monetized to generate shareholder value - to ensure these parasites receive an adequate ROI - and how?

@jbhughes

Yeah no problems at all

In the data farming world what #Maven is doing represents a new continent (as it were)

cc @jsecretan @stefan @liaizon @djsundog