Maven POM Validator
Validate and lint Maven pom.xml files for structural correctness, dependency hygiene, plugin configuration, and best practices.
Commands
lint — Full lint pass (all 20+ rules)
python3 scripts/maven_pom_validator.py lint pom.xml
python3 scripts/maven_pom_validator.py lint pom.xml --strict
python3 scripts/maven_pom_validator.py lint pom.xml --format json
python3 scripts/maven_pom_validator.py lint pom.xml --format markdown
dependencies — Audit dependency declarations
python3 scripts/maven_pom_validator.py dependencies pom.xml
python3 scripts/maven_pom_validator.py dependencies pom.xml --format json
plugins — Audit plugin declarations
python3 scripts/maven_pom_validator.py plugins pom.xml
python3 scripts/maven_pom_validator.py plugins pom.xml --format markdown
validate — Quick structural validation only
python3 scripts/maven_pom_validator.py validate pom.xml
python3 scripts/maven_pom_validator.py validate pom.xml --strict
Flags
| Flag | Description |
|---|
| ------ | ------------- |
--strict | Exit code 1 on warnings (CI mode) |
--format text | Human-readable output (default) |
--format json | Machine-readable JSON |
--format markdown | Markdown report |
Lint Rules
Structure (5 rules)
- Valid XML — file must be well-formed XML
- Required elements — groupId, artifactId, version, modelVersion must be present
- modelVersion must be "4.0.0"
- groupId format — must follow reverse-domain convention (e.g.
com.example) - packaging value must be valid (jar, war, pom, ear, rar, maven-plugin)
Dependencies (6 rules)
- No duplicate dependencies (same groupId:artifactId)
- No SNAPSHOT versions in release POMs
- Version must be defined (not missing)
- No wildcard/range versions (LATEST, RELEASE, [1.0,))
- Scope must be valid (compile, test, provided, runtime, system, import)
- system-scoped deps must have
Plugins (5 rules)
- Plugin versions must be pinned
- No duplicate plugins (same groupId:artifactId)
- Plugin groupId should be specified
- Known deprecated plugins flagged
- Configuration elements checked for common issues
Best Practices (6 rules)
- Properties used for version management (DRY check)
- dependencyManagement used in parent POMs
- UTF-8 encoding specified (project.build.sourceEncoding)
- Java source/target version set (maven.compiler.source/target or release)
- No hardcoded absolute paths in configuration
- SCM section present
Exit Codes
| Code | Meaning |
|---|
| ------ | --------- |
| 0 | No errors (warnings OK unless --strict) |
| 1 | Errors found (or warnings with --strict) |
| 2 | Script usage error |