Use Maven Central Repository Search from your command line!
Use mcs
to quickly lookup dependency coordinates in Maven Central, without having to switch to your browser.
This tool supports the following modes of searching:
-
Wildcard search
mcs search plexus-utils
This will give you all artifacts in Maven Central that have "plexus-utils" in their name. The output is in a tabular form, showing the exact coordinate of each artifact and the moment when its latest version was deployed.
-
Coordinate search
mcs search org.codehaus.plexus:plexus-utils mcs search org.codehaus.plexus:plexus-utils:3.4.1
If there are multiple hits, you will get the same table output as above. But if there's only one hit, this will give you by default a pom.xml snippet for the artifact you searched for. Ready for copy & paste in your favourite IDE!
If you require snippet in different format, use-f <type>
or--format=<type>
. Supported types are:maven
,gradle
,gradle-short
,gradle-kotlin
,sbt
,ivy
,grape
,leiningen
,buildr
,jbang
,gav
. -
Class-name search
mcs class-search CommandLine mcs class-search -f picocli.CommandLine
This will give you all artifacts in Maven Central that contain a particular class. If you set the
-f
flag, the search term is considered a "fully classified" class name, so including the package name.
- All modes recognise the
-l <number>
switch, which lets you specify how many results you want to see at most. - In Wildcard sarch and Coordinate search, you can pass along the
-s
(or--show-vulnerabilities
) flag. It will cause MCS to show a summary of reported security vulnerabilities against each result. If there is only one search result, it will display the CVE numbers reported against that result. Note that this feature will probably soon hit the API limits for the Sonatype OSS Index. See their documentation for details on how this may impact your usage. You can specify your credentials using the system propertiesossindex.username
andossindex.password
. See under "Configuring MCS" on how to do this in the most convenient way.
You can install mcs using the package manager of your choice:
Package manager | Platform | Installation | Remarks |
---|---|---|---|
Homebrew | 🍎 🐧 | brew install mthmulders/tap/mcs |
|
Snap | 🐧 | snap install maven-central-search |
|
SDKMAN! | 🍎 🐧 | sdk install mcs |
|
Chocolatey | 🪟 | choco install mcs |
|
Scoop | 🪟 | scoop install mthmulders/mcs |
- The Linux binaries only work on x86_64 CPU's. There Apple binaries for both x86_64 and Apple Silicon, so you don't need Rosetta.
In certain situations, such as when you work behind a TLS-intercepting (corporate) firewall, MCS may fail with
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In layman's speak: the default, built-in trust store (the set of trusted X.509 certificates) does not contain anything that allows to trust the certificate(s) presented by the server. Maven Central uses a certificate that would've been trusted, but the culprit here is the TLS-intercepting (corporate) firewall that presents an internal certificate.
The solution is to create a trust store that has the "highest" certificate in the certificate chain, e.g. that of the (internal) certificate authority. You can use a tool like Portecle to create such a trust store. Next, point MCS to that trust store like so
mcs -Djavax.net.ssl.trustStore=/path/to/keystore search something
If you are running behind a proxy, MCS will respect the HTTP_PROXY
and HTTPS_PROXY
environment variables.
Some configuration for MCS is passed through system properties.
You can do this every time you invoke MCS by adding -Dxxx=yyy
.
To make it more conveniently, you can create a configuration file that will automatically be read by MCS and interpreted as configuration settings.
To do so, create a directory .mcs in your user directory (typically C:\Users<your-user-name> on 🪟, /home/ on 🐧 or /Users/ on 🍎). Inside that folder, create a file mcs.config and write the following line in it:
javax.net.ssl.trustStore=/path/to/keystore
ossindex.username=xxx
ossindex.password=yyy
This way, you don't have to remember passing the -D
.
Probably the easiest way to get a working development environment is to use Gitpod:
It will configure a workspace in your browser and show that everything works as expected by running mvn verify
.
This setup does not touch your computer - as soon as you close your browser tab, it's gone.
Checkout the issues if you're looking for something to work on. If you have a new idea, feel free to bring it up using the discussions.
- Andres Almiray did a great job helping me set up JReleaser to make releasing mcs a real breeze!
- Martin Goldhahn shared the idea of searching on class name, and provided some initial API and design ideas for this great feature.
- Willem van Lent contributed a fix for a parameter whose name didn't match its behavior.
- Hanno Embregts contributed a fix that makes it more clear why the results are truncated.
- Jan Wedel contributed an improvement that lets MCS pick up the HTTP proxy environment variables.