mcs (Maven Central Search)
Maven Central Search, or mcs for short, is a small CLI to query Maven Central from your command line. No more switching to the web browser! Now you can easily query Maven Central and find the library you’re looking for.
Usage
mcs supports the following modes of searching:
- Wildcard searchThis will give you all artifacts in Maven Central that have “picocli” in their name. The output is in a tabular form, showing the exact coordinate of each artifact and the moment when its latest version was deployed.
mcs search picocli - Coordinate searchIf there are multiple hits, you will get the same table output as above. But if there’s only one hit, this will give you by default a pom.xml snippet for the artifact you searched for. Ready for copy & paste in your favourite IDE!
mcs search info:picocli mcs search info:picocli:4.6.2
If you require snippet in different format, use-f <type>or--format=<type>. Supported types are:maven,gradle,gradle-short,gradle-kotlin,sbt,ivy,grape,leiningen,buildr. - Class-name searchThis will give you all artifacts in Maven Central that contain a particular class. If you set the
mcs class-search CommandLine mcs class-search -f picocli.CommandLine-fflag, the search term is considered a “fully classified” class name, so including the package name.
Flags
- All modes recognise the
-l <number>switch, which lets you specify how many results you want to see at most. - In Wildcard sarch and Coordinate search, you can pass along the
-s(or--show-vulnerabilities) flag. It will cause MCS to show a summary of reported security vulnerabilities against each result. If there is only one search result, it will display the CVE numbers reported against that result. Note that this feature will probably soon hit the API limits for the Sonatype OSS Index. See their documentation for details on how this may impact your usage. You can specify your credentials using the system propertiesossindex.usernameandossindex.password. See under “Configuring MCS” on how to do this in the most convenient way.
Getting mcs
You can install mcs using the package manager of your choice:
| Package manager | Platform | Installation | Remarks |
|---|---|---|---|
| Homebrew | 🍎 🐧 | brew install mthmulders/tap/mcs | ⚠️ 1 |
| Snap | 🐧 | snap install maven-central-search | |
| SDKMAN! | 🍎 🐧 | sdk install mcs | |
| Chocolatey | 🪟 | choco install mcs |
- The Linux binaries only work on x86_64 CPU’s. There Apple binaries for both x86_64 and Apple Silicon, so you don’t need Rosetta.
Alternatively, you can browse the code on GitHub.
History
mcs started out as a small pet project to experiment with picocli. I choose Java 17 so I could gain some experience with the latest additions to the Java programming language. Later, I’ve added GraalVM for building native images rather than JAR distributions.
Usage with custom trust store
In certain situations, such as when you work behind a TLS-intercepting (corporate) firewall, MCS may fail with
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
In layman’s speak: the default, built-in trust store (the set of trusted X.509 certificates) does not contain anything that allows to trust the certificate(s) presented by the server. Maven Central uses a certificate that would’ve been trusted, but the culprit here is the TLS-intercepting (corporate) firewall that presents an internal certificate.
The solution is to create a trust store that has the “highest” certificate in the certificate chain, e.g. that of the (internal) certificate authority. You can use a tool like Portecle to create such a trust store. Next, point MCS to that trust store like so
mcs -Djavax.net.ssl.trustStore=/path/to/keystore search something
Configuring MCS
Some configuration for MCS is passed through system properties.
You can do this every time you invoke MCS by adding -Dxxx=yyy.
To make it more conveniently, you can create a configuration file that will automatically be read by MCS and interpreted as configuration settings.
To do so, create a directory .mcs in your user directory (typically C:\Users<your-user-name> on 🪟, /home/
javax.net.ssl.trustStore=/path/to/keystore
ossindex.username=xxx
ossindex.password=yyy
This way, you don’t have to remember passing the -D.
Contributing
Probably the easiest way to get a working development environment is to use Gitpod:
It will configure a workspace in your browser and show that everything works as expected by running mvn verify.
This setup does not touch your computer - as soon as you close your browser tab, it’s gone.
Checkout the issues if you’re looking for something to work on. If you have a new idea, feel free to bring it up using the discussions.
Acknowledgements
- Andres Almiray did a great job helping me set up JReleaser to make releasing mcs a real breeze!
- Martin Goldhahn shared the idea of searching on class name, and provided some initial API and design ideas for this great feature.
- Willem van Lent contributed a fix for a parameter whose name didn’t match it’s behavior.
- Hanno Embregts contributed a fix that makes it more clear why the results are truncated.