Interactive TUI for Maven -- search, browse, and manage dependencies from the terminal.
Pilot is a Maven plugin (and standalone CLI) that replaces hard-to-read CLI output with interactive, keyboard-driven terminal interfaces. Navigate dependency trees, check for updates, resolve conflicts, and edit your POM -- all without leaving the terminal.
| Goal | Description |
|---|---|
pilot:pilot |
Interactive launcher -- pick a module and tool from the TUI (recommended entry point) |
pilot:search |
Search Maven Central interactively with async results and version cycling |
pilot:tree |
Browse the resolved dependency tree with expand/collapse, conflict highlighting, scope filtering, and reverse path lookup |
pilot:pom |
View raw and effective POM with syntax highlighting, collapsible XML nodes, and origin tracking |
pilot:dependencies |
Bytecode-level analysis of declared vs used dependencies; supports tui, report, check, and fix actions |
pilot:updates |
Check for dependency updates with patch/minor/major classification; supports tui, report, check, and fix actions |
pilot:conflicts |
Detect version conflicts across the dependency tree and pin versions via dependencyManagement |
pilot:audit |
License overview and CVE lookup (via OSV.dev); supports tui, report, and check actions |
pilot:align |
Detect and align dependency conventions (version style, property naming) across POMs |
pilot:analyze-dependencies |
(deprecated) Use pilot:dependencies -Dpilot.action=check instead |
Tip: To use the short
mvn pilot:treesyntax instead of the fullmvn eu.maveniverse.maven.plugins:pilot:tree, add the plugin group to your~/.m2/settings.xml:<pluginGroups> <pluginGroup>eu.maveniverse.maven.plugins</pluginGroup> </pluginGroups>
# Launch the interactive pilot (recommended)
mvn pilot:pilot
# Search Maven Central
mvn pilot:search
# Browse the dependency tree
mvn pilot:tree
# Check for dependency updates
mvn pilot:updates
# View POM with syntax highlighting
mvn pilot:pom
# Analyze dependency usage (run 'mvn compile' first for bytecode analysis)
mvn compile pilot:dependencies
# Detect and resolve version conflicts
mvn pilot:conflicts
# License and vulnerability audit
mvn pilot:audit
# Align dependency conventions
mvn pilot:align
# Non-interactive modes (CI-friendly) — all goals support -Dpilot.action=report|check|fix
mvn compile pilot:dependencies -Dpilot.action=report # report unused/transitive deps
mvn compile pilot:dependencies -Dpilot.action=check # fail build on dep issues
mvn compile pilot:dependencies -Dpilot.action=fix # auto-fix POM
mvn pilot:audit -Dpilot.action=report # print CVE + license report
mvn pilot:audit -Dpilot.action=check # fail build on HIGH+ CVEs
mvn pilot:updates -Dpilot.action=report # print available updates
mvn pilot:updates -Dpilot.action=fix # apply all updates to POM
mvn pilot:updates -Dpilot.action=check -Dpilot.updates.libyears=5.0 # fail if too stalePilot also ships as a standalone executable that works without a Maven build. The quickest way to try it is with JBang:
jbang pilot@maveniverse/pilot # uses ./pom.xml
jbang pilot@maveniverse/pilot path/to/pom.xmlOr run the JAR directly:
java -jar pilot-cli.jar # uses ./pom.xml
java -jar pilot-cli.jar path/to/pom.xmlThe CLI embeds a Maven 4 resolver, so it resolves dependencies, builds the reactor tree, and launches the same unified shell -- no mvn required.
In multi-module builds, Pilot automatically detects the reactor and shows a module tree in a persistent left panel, mirroring the Maven reactor hierarchy. Select a module from the tree, then switch between tools using the tab bar -- your module selection is preserved across tool switches.
Some tools operate reactor-wide (updates, conflicts, audit), analyzing all modules at once. Others are per-module (tree, dependencies, pom). When selecting a parent/aggregator module, tools that don't apply (e.g., bytecode analysis) are filtered out. For align, selecting a parent module automatically aligns all child modules in one go.
The main entry point. Opens a unified IDE-like shell with a persistent module tree on the left and tool tabs across the top. Select a module from the tree, then switch between tools using tabs or Alt+letter shortcuts. In single-module projects the tree is hidden and tools are shown directly. A slide-up help panel (h) shows contextual keyboard shortcuts for the active tool.
Type to search Maven Central. Results load asynchronously with pagination. Use Left/Right arrows to cycle through available versions. Bottom bar shows POM metadata (name, license, organization, date).
Keys: Enter -- focus results, Left/Right -- cycle versions, Esc -- back to search, q -- quit
Interactive collapsible tree view of all resolved dependencies. Conflicts are highlighted with markers. Filter by name, jump between conflicts, and trace any dependency back to the root with reverse path mode. Toggle scope (s) to cycle between compile, runtime, and test views.
Keys: <> -- expand/collapse, jk -- navigate, / -- filter, c -- next conflict, r -- reverse path, s -- cycle scope, e/w -- expand/collapse all, PgUp/PgDn/Home/End -- page navigation
Syntax-highlighted XML viewer with two switchable modes: Raw POM shows your pom.xml as-is, Effective POM shows the fully resolved model with origin annotations. When a line has a known origin, a detail pane shows the relevant source lines from the parent POM.
Keys: Tab -- switch Raw/Effective, <> -- expand/collapse, / -- search, n/N -- next/prev match, e/w -- expand/collapse all
Two views: Declared dependencies and Transitive dependencies. Uses ASM bytecode analysis to determine which dependencies are actually referenced in code, with member-level detail (method calls, field accesses). Detects SPI/ServiceLoader usage -- dependencies providing META-INF/services are recognized even without direct class references.
Each dependency is marked with a usage indicator: ✓ for used, ✗ for unused. Tab headers show counts (e.g., Declared: 4 (2 unused)). A details pane shows per-class member references and SPI service interfaces. Promote transitive dependencies to declared, remove unused ones, or change scope -- all with single keypresses that edit your POM via DomTrip.
Run mvn compile before this goal for full bytecode analysis. A warning banner appears when classes are not compiled.
Keys: Tab -- switch Declared/Transitive, x -- remove declared, a -- add transitive, s -- change scope, d -- show diff, h -- help
Scans all dependencies for newer versions. Updates are color-coded: green (patch), yellow (minor), red (major). Select individually or batch-select, then apply -- Pilot edits your POM directly using lossless XML editing that preserves formatting and comments. In reactor builds, shows a reactor-wide view with per-module breakdown.
Keys: Space -- toggle, a -- select all, n -- deselect all, Enter -- apply, 1-4 -- filter by type
Groups dependencies by groupId:artifactId and shows where different versions are requested. Toggle between actual conflicts only or all dependency groups (a). Expand any conflict to see the full dependency paths. Pin a version to dependencyManagement with one keypress.
Keys: Enter/Space -- toggle details, p -- pin version, a -- toggle show all, jk -- navigate
Three views: Licenses shows all transitive dependencies with their licenses (color-coded by permissiveness), By License groups dependencies under each license type, and Vulnerabilities queries OSV.dev for known CVEs with severity-coded rows (CRITICAL/HIGH/MEDIUM/LOW). Data loads asynchronously. Filter by scope (s) to focus on compile, runtime, or test dependencies. In reactor builds, tracks which modules use each dependency.
Keys: Tab -- switch view, s -- cycle scope filter, m -- manage dependency, d -- show diff, h -- help
Prints a structured text report covering vulnerabilities (sorted by severity) and licenses (grouped by type). Suitable for CI logs.
mvn pilot:audit -Dpilot.action=reportFails the build when vulnerabilities at or above a severity threshold are found. Defaults to HIGH.
# Fail on HIGH or CRITICAL CVEs (default)
mvn pilot:audit -Dpilot.action=check
# Fail only on CRITICAL CVEs
mvn pilot:audit -Dpilot.action=check -Dpilot.audit.severity=CRITICALThe pilot:updates goal supports non-interactive modes:
# Print update report with libyear aging
mvn pilot:updates -Dpilot.action=report
# Apply all available updates to POM files
mvn pilot:updates -Dpilot.action=fix
# Fail the build if total libyears exceed threshold
mvn pilot:updates -Dpilot.action=check -Dpilot.updates.libyears=5.0The report lists all dependencies with available updates (classified as patch/minor/major), property groups, and a total libyear score measuring how far behind the project is from latest releases. The fix action applies all available updates directly to POM files — property-managed dependencies update the property, direct dependencies update the version inline.
Detects the project's current dependency conventions (inline vs managed versions, literal vs property references, property naming patterns) and lets you choose a target convention. Preview the diff before applying. In reactor builds, understands the parent POM hierarchy -- managed dependencies are written to the correct parent POM while child modules get version-less references. Selecting a parent module automatically applies alignment across all child modules in one go.
Keys: jk -- navigate options, <>/Enter -- cycle values, p -- preview diff, w -- apply, h -- help
The pilot:dependencies goal supports non-interactive modes via -Dpilot.action:
tui(default) — interactive TUI dashboardreport— reports unused declared and used transitive dependencies without failingcheck— reports issues and fails the buildfix— removes unused declared and adds used transitive dependencies to the POM
Requires prior compilation (mvn compile) for bytecode analysis.
mvn compile pilot:dependencies -Dpilot.action=check
mvn compile pilot:dependencies -Dpilot.action=fixSupports allowlists (runtimeArtifacts, annotationOnlyArtifacts, reflectionLoadedClasses) for false positives from bytecode analysis, and ignore lists (ignoredUnusedDeclared, ignoredUsedTransitive) for suppressing known findings. All pattern sets support groupId:artifactId exact match and groupId:* wildcards.
<plugin>
<groupId>eu.maveniverse.maven.plugins</groupId>
<artifactId>pilot-plugin</artifactId>
<configuration>
<runtimeArtifacts>
<runtimeArtifact>org.postgresql:postgresql</runtimeArtifact>
</runtimeArtifacts>
<ignoredUsedTransitive>
<ignoredUsedTransitive>org.slf4j:slf4j-api</ignoredUsedTransitive>
</ignoredUsedTransitive>
</configuration>
</plugin>Note:
pilot:analyze-dependenciesis deprecated. Usepilot:dependencies -Dpilot.action=checkinstead.
Pilot uses DomTrip for all POM modifications. DomTrip is a lossless XML editor that preserves your formatting, comments, whitespace, and element ordering. When Pilot adds, removes, or updates a dependency, the rest of your POM stays exactly as you wrote it.
- Maven 3.6.3+
- Java 17+
- A terminal that supports ANSI escape codes (most modern terminals)
./mvnw installThe project is a multi-module Maven build:
| Module | Description |
|---|---|
pilot-core |
Shared TUI views and engine (no Maven dependency) |
pilot-plugin |
Maven plugin wrapping the core (Maven 3.x) |
pilot-cli |
Standalone shaded JAR with embedded Maven 4 resolver |