Maven Central Artifact & Dependency Monitor
Pricing
Pay per event
Maven Central Artifact & Dependency Monitor
Monitor Maven Central coordinates, artifact searches, and POM dependencies for release tracking and Java dependency inventory.
Pricing
Pay per event
Rating
0.0
(0)
Developer
Stas Persiianenko
Maintained by CommunityActor stats
0
Bookmarked
2
Total users
1
Monthly active users
4 days ago
Last modified
Categories
Share
Monitor public Maven Central artifacts for releases, version history, packaging, and declared POM dependencies.
What does it do?
This actor turns Maven coordinates, Maven Central searches, and artifact URLs into structured artifact records. Schedule it to inventory Java dependencies or detect Maven releases.
Who is it for?
Java platform teams — maintain a dependency inventory
Run exact coordinates on a schedule, export the latest versions and direct dependencies, and compare the dataset with your approved package catalog.
DevSecOps teams — scope dependency reviews
Map the direct dependencies declared in each latest POM before sending coordinates and versions to your approved vulnerability or policy tooling.
Developer-tool vendors — refresh package metadata
Use bounded Solr searches to discover public artifacts, then store typed Maven metadata for a package directory, IDE integration, or internal developer portal.
Why use it?
- No Maven Central account or browser is needed.
- Returns typed dependency objects instead of POM XML.
- Supports individual coordinates and bounded discovery searches.
Data returned
| Field | Description |
|---|---|
coordinate | Maven groupId:artifactId |
latestVersion | Latest Maven Central version |
versionHistory | Recent versions |
dependencies | Declared latest-POM dependencies |
dependencyStatus | POM fetch outcome |
sourceUrl | Maven Central artifact page |
How to run from the Apify Store
- Open the Maven Central Artifact & Dependency Monitor page in the Apify Store.
- In Maven coordinates, enter one or more
groupId:artifactIdvalues, or select a Solr-query or artifact-URL input mode below. - Keep Max artifacts low for the first run and choose whether to include latest-POM dependencies.
- Click Start, then wait for the run to finish.
- Open the dataset to inspect results, or export JSON, CSV, Excel, or RSS for your inventory workflow.
Quick start
Enter org.springframework:spring-core in Maven coordinates, keep the low prefill limit, then run the actor.
Monitor coordinates
Provide one coordinate per entry. A coordinate must contain both group ID and artifact ID.
{"coordinates":["org.springframework:spring-core"],"maxArtifacts":1}
Search Maven Central
Use public Maven Central Solr query syntax for a bounded artifact inventory.
{"solrQueries":["g:\"org.apache.commons\""],"maxArtifacts":10,"includeDependencies":false}
Use artifact URLs
Paste Maven Central artifact pages or repository POM URLs when a workflow already stores links.
Dependency details
When Include POM dependencies is enabled, every row includes declared group ID, artifact ID, version, scope, and optional flag. Dependency-management inheritance is not resolved; values reflect the artifact's published latest POM.
Version history
Set Version history limit to control the newest versions returned per artifact. This is useful for release-change monitoring without fetching all historical POMs.
Input reference
| Input | Use |
|---|---|
coordinates | Exact artifact monitoring |
solrQueries | Bounded Maven Central discovery |
artifactUrls | Link-based lookup |
maxArtifacts | Unique output-row cap |
includeDependencies | Fetch latest POM dependencies |
versionHistoryLimit | Recent version cap |
Output reference
A dataset row always represents one Maven artifact. Arrays such as versionHistory, availableExtensions, and dependencies remain typed for exports and API use.
How much does it cost to monitor Maven Central artifacts?
Pricing is per produced artifact record plus a small run start event. Larger-volume tier discounts are configured on Apify. Check the actor page for the active tiered price.
Schedule monitoring
Use an Apify schedule with the same coordinate list. Compare latestVersion, versionHistory, and dependency arrays in your downstream alerting workflow.
Integrations
- Export records to a security inventory.
- Send version changes to Slack through an Apify webhook.
- Compare dependency lists in CI or a data warehouse.
API usage: Node.js
import { ApifyClient } from 'apify-client';const client = new ApifyClient({ token: process.env.APIFY_TOKEN });const run = await client.actor('automation-lab/maven-central-artifact-dependency-monitor').call({ coordinates: ['org.springframework:spring-core'] });console.log(run.defaultDatasetId);
API usage: Python
from apify_client import ApifyClientclient = ApifyClient('APIFY_TOKEN')run = client.actor('automation-lab/maven-central-artifact-dependency-monitor').call(run_input={'coordinates':['org.springframework:spring-core']})print(run['defaultDatasetId'])
API usage: cURL
$curl -X POST "https://api.apify.com/v2/acts/automation-lab~maven-central-artifact-dependency-monitor/runs?token=$APIFY_TOKEN" -H 'content-type: application/json' -d '{"coordinates":["org.springframework:spring-core"]}'
MCP
In Claude Code or Claude Desktop, add this actor through Apify MCP: https://mcp.apify.com/?tools=automation-lab/maven-central-artifact-dependency-monitor.
$claude mcp add apify --transport http https://mcp.apify.com/?tools=automation-lab/maven-central-artifact-dependency-monitor
{"mcpServers":{"apify":{"url":"https://mcp.apify.com/?tools=automation-lab/maven-central-artifact-dependency-monitor"}}}
Example prompt: “Monitor Spring Core and Apache Commons Lang releases and return their declared Maven dependencies.”
Reliability notes
The actor calls the public Maven Central Solr API and the latest published POM. A missing POM does not fail the complete run; the row reports dependencyStatus: not_found.
Limits
Each run is capped at 100 artifacts and 100 history versions per artifact. Keep initial runs small and schedule focused coordinates for predictable results.
Legality and responsible use
Maven Central metadata and POMs are public. You are responsible for complying with Maven Central terms, package licenses, and your organization's data policies.
Troubleshooting
Why is dependencyStatus not_found?
Some artifacts do not expose a latest POM at the expected public Maven repository path. Metadata is still returned.
Why is a dependency version missing?
The published POM may inherit a version from parent or dependency management. This actor preserves the declaration rather than guessing a resolved version.
FAQ
Does it resolve transitive dependencies?
No. It reports dependencies declared directly in the latest POM.
Does it need a Maven repository token?
No. The MVP uses public Maven Central endpoints only.
Related scrapers
Pair this actor with NPM Package Intelligence Scraper for cross-ecosystem package inventory.
Examples
Spring release watch
Run one coordinate daily. Store the returned latestVersion and alert only when it differs from the previous result.
Library portfolio inventory
Submit a curated coordinate list with maxArtifacts equal to its length. Export the typed rows to your dependency catalog.
Search review
Use a narrow group query first, inspect the output, and then save exact coordinates for repeatable scheduled monitoring.
Data quality
Maven Central's index determines the metadata and latest version. POM dependency extraction is deliberately transparent: the actor returns direct declarations and reports whether the POM was fetched.
Security workflow
Use this actor as an inventory input, not as a vulnerability verdict. Join the coordinate and version with your approved vulnerability source before making remediation decisions.
Change detection tips
- Persist the previous dataset.
- Compare
latestVersionfirst. - Compare dependency arrays by group ID and artifact ID.
- Treat a failed POM fetch as a retryable observation.
Performance tips
Exact coordinates are the fastest and most predictable input. Search queries can match many artifacts, so set a practical output cap.
Privacy
Inputs contain public package identifiers and queries. Do not place private repository credentials or internal source code in this actor input.
Maintenance
Maven Central endpoint behavior can evolve. The actor keeps external URLs in each record so a downstream review can trace public-source values.
Support
Provide the coordinate or query and the run ID when reporting a problem.