In the current state of java-totp, the commons-net is only used for NtpTimeProvider feature.
My suggestion would be to declare commons-net as an optional dependency, and update the documentation, to indicate that use of NtpTimeProvider requires an additional explicit declaration of commons-net.
This would reduce the default transitive dependencies to the minimum required.
Workaround for user of you library that wish to reduce their transitive dependencies : exclude commons-net from their pom :
<dependency>
<groupId>dev.samstevens.totp</groupId>
<artifactId>totp</artifactId>
<exclusions>
<!-- Exclude commons-net, it is used by samsstevens-topt for Ntp implementation, we don't use this -->
<exclusion>
<groupId>commons-net</groupId>
<artifactId>commons-net</artifactId>
</exclusion>
<!-- Exclude jcommander, it is used by xzing in commandline, we don't use this -->
<exclusion>
<groupId>com.beust</groupId>
<artifactId>jcommander</artifactId>
</exclusion>
</exclusions>
</dependency>
PS : thanks for providing this nice and simple library. 👍🏻👍🏻
In the current state of java-totp, the
commons-net
is only used forNtpTimeProvider
feature.My suggestion would be to declare
commons-net
as an optional dependency, and update the documentation, to indicate that use ofNtpTimeProvider
requires an additional explicit declaration ofcommons-net
. This would reduce the default transitive dependencies to the minimum required.Resources : https://maven.apache.org/guides/introduction/introduction-to-optional-and-excludes-dependencies.html
Workaround for user of you library that wish to reduce their transitive dependencies : exclude
commons-net
from their pom :PS : thanks for providing this nice and simple library. 👍🏻👍🏻