Totally madness dependencies management with Maven

Image from makeameme.org

Introduction

For those of us living in the NodeJS ecosystem, dependencies management is usually done by npm, nnpm, or similar.

However, versioning specification within NodeJS is far more simpler than the previous legacy Maven POM which is widely used in Java projects.

NodeJS dependencies versioning

NodeJS only introduce 3 types of versioning specification including exact versioning, minor versioning, and major versioning.

Pin a version

Accept only version 1.1.0.

{
  "dependencies": {
    "react": "1.1.0"
  }
}

Pin a minor version

Accept 1.1.0, 1.1.1, 1.1.2, … but not 1.2.0 and so on.

{
  "dependencies": {
    "react": "~1.1.0"
  }
}

Pin a major version

Accept 1.1.0, 1.1.1, 1.2.0, … but not 2.0.0 and so on.

{
  "dependencies": {
    "react": "^1.1.0"
  }
}

Maven dependencies versioning

Maven versioning management allows soft and hard versioning and is based on math concepts of domains.

Soft dependencies versioning

Use 1.0 if no other version appears earlier in the dependency tree.

<dependencies>
  <dependency>
    <groupId>site.chientrm</groupId>
    <artifactId>helloworld</groupId>
    <version>1.0</version>
  </dependency>
</dependencies>

Hard dependencies versioning

Only accept version 1.0

<dependencies>
  <dependency>
    <groupId>site.chientrm</groupId>
    <artifactId>helloworld</groupId>
    <version>[1.0]</version>
  </dependency>
</dependencies>

Versioning range: (1.0,1.2], [1.0,1.2), (1.0,1.2), [1.0,1.2]

Same with specific domains in math.

<dependencies>
  <dependency>
    <groupId>site.chientrm</groupId>
    <artifactId>helloworld</groupId>
    <version>(1.0,1.2]</version>
  </dependency>
</dependencies>

Version less than 1.0

<dependencies>
  <dependency>
    <groupId>site.chientrm</groupId>
    <artifactId>helloworld</groupId>
    <version>(,1.0)</version>
  </dependency>
</dependencies>

Version greater than 1.0

<dependencies>
  <dependency>
    <groupId>site.chientrm</groupId>
    <artifactId>helloworld</groupId>
    <version>(1.0,)</version>
  </dependency>
</dependencies>

Multiple version ranges

Accept any version less than 1.1 and greater than 1.1 which is equivalent to excluding version 1.1. Especially when version 1.1 has a critical bug.

<dependencies>
  <dependency>
    <groupId>site.chientrm</groupId>
    <artifactId>helloworld</groupId>
    <version>(,1.1),(1.1,)</version>
  </dependency>
</dependencies>

Exclude dependency of a dependency

Install site.chientrm.helloworldbut exclude site.chientrm.helloworld.examples

<dependencies>
  <dependency>
    <groupId>site.chientrm</groupId>
    <artifactId>helloworld</artifactId>
    <version>1.0.0</version>
    <exclusions>
      <exclusion>
        <groupId>site.chientrm</groupId>
        <artifactId>helloworld.examples</artifactId>
      </exclusion>
    </exclusions>
  </dependency>
</dependencies>

Discussion

NodeJS has much simpler dependencies versioning management while Maven has a more details manager. However, there’s no official argument indicating that a more details manager would give a better development experience. Meanwhile, the NodeJS community has been observing no obstacles using the current manager.