I don't think that there is a plugin that does that. And I think the reason for that is that no one is really interested in that kind of information.
Consider having dependencies to released artifacts. Once they are downloaded to your local repo, Maven won't bother downloading them again (unless you delete them); all future resolutions to that artifact will be done through the local repo.
Sure, the file _remote.repositories
in your local repo's artifact directory will contain the symbolical name of the repo it was downloaded from, whose actual URL might or might not be same over time.
The philosophy being this is that Maven coordinates are global. For example, a given release of (say) commons-codec:commons-codec:1.10
must be the same regardless of where it came from. Otherwise, if certain releases were to be different depending on where they came from, then everything would fall apart. Because of this, no one cares where dependency came from.
Snapshot dependencies are a different story, but you shouldn't rely on them for too long because you don't want to release your stuff based on dependencies that might change in the future. Usually, you are in control of where you want your snapshot dependencies to come from, so the whole point of finding out where your dependencies come from becomes futile.
Sometimes though, transitive dependencies will include POMs that specify additional repos for Maven to fetch sub-dependencies from. And sometimes these repositories are decommisioned or discontinued, breaking the dependency chain. In that case, you might want to block or reroute them in your settings.xml
. A simple scan through all the POMs in your local repo is usually enough to sniff them out:
# Linux/Unix
%> find <your local repo> -name '*.pom' | xargs grep -c '<repositories>' | grep -v ':0'
This, together with mvn dependency:tree
, should be enough to find out if a transitive dependency is dependent on a misbehaving repository.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…