gradle-lint-plugin | configurable linter tool | Code Analyzer library
kandi X-RAY | gradle-lint-plugin Summary
kandi X-RAY | gradle-lint-plugin Summary
A pluggable and configurable linter tool for identifying and reporting on patterns of misuse or deprecations in Gradle scripts.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of gradle-lint-plugin
gradle-lint-plugin Key Features
gradle-lint-plugin Examples and Code Snippets
Community Discussions
Trending Discussions on gradle-lint-plugin
QUESTION
I have a springboot project that we got going quickly by using the various appropriate spring-boot-starter jars to bring in the appropriate transitive dependencies that we needed. Now, as we get closer to production launch, we are adding code-quality and code-inspection tools to tighten up loose ends. Some of these are tagging the starter jars as problematic, but I am finding inconsistent advice as to how to handle the problem.
Spring.io documentation fails to weigh in on this. Starters are described here: Spring Starters, but it really just says they are used to "get going quickly" but does not indicate that they are intended for use in production. The starters are not listed in the 'production ready' features (which focuses on Actuator). The Packaging for Production makes no mention of starters. From Spring documentation alone, you are encougaged to use the starters (to get going quickly), but are not told to, or told not to, use them in production.
If the spring project adds either gradle-lint plugin, or uses maven-dependency-plugin, use of the starters flags problems. The starters include no code themselves, but they pull in useful transitive dependencies (by design), but that's contra-indicated by the lint plugins. Related incident here
From gradle-lint Generally, applications only use a subset of the libraries included in such families. The unnecessary dependencies included with the family both increase the footprint of the application itself. If the 'application' is actually itself a library, these unnecessary dependencies leak downstream to its users, increasing their footprint and potentially introducing breaking version conflict resolution problems.
Is the "right" answer to remove starter jars before going live? Should starters be used in production? I am sure there are plenty of projects that have gone to production with starters, and probably they have done so successfully. But it looks to me like the authorities differ on what to do, so looking to reconcile them.
...ANSWER
Answered 2021-Dec-03 at 17:42I think this is likely to be closed as it's opinion based. Speaking as a member of the Spring Boot team, the starters are absolutely intended for use in production. There's no point in something that gets you going quickly if it then creates more work later on. Some people dislike relying on transitive dependencies indirectly and believe that all dependencies that you require should be declared directly. I think the linting tools you've mentioned are enforcing this opinion. You can either configure the tool to quieten it or manually declare the starters' dependencies. I would do the former.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install gradle-lint-plugin
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
