使用 spring-boot-starter jar 会触发 lint 警告

Use of spring-boot-starter jars triggers lint warnings

我有一个 springboot 项目,我们通过使用各种适当的 spring-boot-starter jar 来引入我们需要的适当的传递依赖项,我们很快就开始了。现在,随着产品发布的临近​​,我们正在添加代码质量和代码检查工具以收紧未解决的问题。其中一些将启动罐标记为有问题,但我发现关于如何处理该问题的建议不一致。

Spring.io 文档未能对此进行权衡。初学者在这里描述:Spring Starters, but it really just says they are used to "get going quickly" but does not indicate that they are intended for use in production. The starters are not listed in the 'production ready' features (which focuses on Actuator). The Packaging for Production 没有提到初学者。仅从 Spring 文档中,我们就鼓励您使用启动器(以便快速开始),但并未告知或告知不要在生产中使用它们。

如果 spring 项目添加 gradle-lint plugin, or uses maven-dependency-plugin, use of the starters flags problems. The starters include no code themselves, but they pull in useful transitive dependencies (by design), but that's contra-indicated by the lint plugins. Related

From gradle-lint Generally, applications only use a subset of the libraries included in such families. The unnecessary dependencies included with the family both increase the footprint of the application itself. If the 'application' is actually itself a library, these unnecessary dependencies leak downstream to its users, increasing their footprint and potentially introducing breaking version conflict resolution problems.

在上线前移除启动罐是“正确”的答案吗?应该在生产中使用启动器吗?我相信有很多项目已经开始投入生产,而且他们可能做得很成功。但在我看来,当局在做什么上存在分歧,因此希望调和他们。

我认为这很可能会被关闭,因为它是基于意见的。作为 Spring Boot 团队的一员,启动器绝对适用于生产环境。如果它随后会创造更多的工作,那么让你快速前进的事情就没有意义了。有些人不喜欢间接依赖传递依赖,并认为你需要的所有依赖都应该直接声明。我认为您提到的 linting 工具正在强化这一观点。您可以配置该工具使其安静或手动声明启动器的依赖项。我会做前者。