Maven Central Artifact & Dependency Monitor avatar

Maven Central Artifact & Dependency Monitor

Pricing

Pay per event

Go to Apify Store
Maven Central Artifact & Dependency Monitor

Maven Central Artifact & Dependency Monitor

Monitor Maven Central coordinates, artifact searches, and POM dependencies for release tracking and Java dependency inventory.

Pricing

Pay per event

Rating

0.0

(0)

Developer

Stas Persiianenko

Stas Persiianenko

Maintained by Community

Actor stats

0

Bookmarked

2

Total users

1

Monthly active users

4 days ago

Last modified

Categories

Share

Monitor public Maven Central artifacts for releases, version history, packaging, and declared POM dependencies.

What does it do?

This actor turns Maven coordinates, Maven Central searches, and artifact URLs into structured artifact records. Schedule it to inventory Java dependencies or detect Maven releases.

Who is it for?

Java platform teams — maintain a dependency inventory

Run exact coordinates on a schedule, export the latest versions and direct dependencies, and compare the dataset with your approved package catalog.

DevSecOps teams — scope dependency reviews

Map the direct dependencies declared in each latest POM before sending coordinates and versions to your approved vulnerability or policy tooling.

Developer-tool vendors — refresh package metadata

Use bounded Solr searches to discover public artifacts, then store typed Maven metadata for a package directory, IDE integration, or internal developer portal.

Why use it?

  • No Maven Central account or browser is needed.
  • Returns typed dependency objects instead of POM XML.
  • Supports individual coordinates and bounded discovery searches.

Data returned

FieldDescription
coordinateMaven groupId:artifactId
latestVersionLatest Maven Central version
versionHistoryRecent versions
dependenciesDeclared latest-POM dependencies
dependencyStatusPOM fetch outcome
sourceUrlMaven Central artifact page

How to run from the Apify Store

  1. Open the Maven Central Artifact & Dependency Monitor page in the Apify Store.
  2. In Maven coordinates, enter one or more groupId:artifactId values, or select a Solr-query or artifact-URL input mode below.
  3. Keep Max artifacts low for the first run and choose whether to include latest-POM dependencies.
  4. Click Start, then wait for the run to finish.
  5. Open the dataset to inspect results, or export JSON, CSV, Excel, or RSS for your inventory workflow.

Quick start

Enter org.springframework:spring-core in Maven coordinates, keep the low prefill limit, then run the actor.

Monitor coordinates

Provide one coordinate per entry. A coordinate must contain both group ID and artifact ID.

{"coordinates":["org.springframework:spring-core"],"maxArtifacts":1}

Search Maven Central

Use public Maven Central Solr query syntax for a bounded artifact inventory.

{"solrQueries":["g:\"org.apache.commons\""],"maxArtifacts":10,"includeDependencies":false}

Use artifact URLs

Paste Maven Central artifact pages or repository POM URLs when a workflow already stores links.

Dependency details

When Include POM dependencies is enabled, every row includes declared group ID, artifact ID, version, scope, and optional flag. Dependency-management inheritance is not resolved; values reflect the artifact's published latest POM.

Version history

Set Version history limit to control the newest versions returned per artifact. This is useful for release-change monitoring without fetching all historical POMs.

Input reference

InputUse
coordinatesExact artifact monitoring
solrQueriesBounded Maven Central discovery
artifactUrlsLink-based lookup
maxArtifactsUnique output-row cap
includeDependenciesFetch latest POM dependencies
versionHistoryLimitRecent version cap

Output reference

A dataset row always represents one Maven artifact. Arrays such as versionHistory, availableExtensions, and dependencies remain typed for exports and API use.

How much does it cost to monitor Maven Central artifacts?

Pricing is per produced artifact record plus a small run start event. Larger-volume tier discounts are configured on Apify. Check the actor page for the active tiered price.

Schedule monitoring

Use an Apify schedule with the same coordinate list. Compare latestVersion, versionHistory, and dependency arrays in your downstream alerting workflow.

Integrations

  • Export records to a security inventory.
  • Send version changes to Slack through an Apify webhook.
  • Compare dependency lists in CI or a data warehouse.

API usage: Node.js

import { ApifyClient } from 'apify-client';
const client = new ApifyClient({ token: process.env.APIFY_TOKEN });
const run = await client.actor('automation-lab/maven-central-artifact-dependency-monitor').call({ coordinates: ['org.springframework:spring-core'] });
console.log(run.defaultDatasetId);

API usage: Python

from apify_client import ApifyClient
client = ApifyClient('APIFY_TOKEN')
run = client.actor('automation-lab/maven-central-artifact-dependency-monitor').call(run_input={'coordinates':['org.springframework:spring-core']})
print(run['defaultDatasetId'])

API usage: cURL

$curl -X POST "https://api.apify.com/v2/acts/automation-lab~maven-central-artifact-dependency-monitor/runs?token=$APIFY_TOKEN" -H 'content-type: application/json' -d '{"coordinates":["org.springframework:spring-core"]}'

MCP

In Claude Code or Claude Desktop, add this actor through Apify MCP: https://mcp.apify.com/?tools=automation-lab/maven-central-artifact-dependency-monitor.

$claude mcp add apify --transport http https://mcp.apify.com/?tools=automation-lab/maven-central-artifact-dependency-monitor
{"mcpServers":{"apify":{"url":"https://mcp.apify.com/?tools=automation-lab/maven-central-artifact-dependency-monitor"}}}

Example prompt: “Monitor Spring Core and Apache Commons Lang releases and return their declared Maven dependencies.”

Reliability notes

The actor calls the public Maven Central Solr API and the latest published POM. A missing POM does not fail the complete run; the row reports dependencyStatus: not_found.

Limits

Each run is capped at 100 artifacts and 100 history versions per artifact. Keep initial runs small and schedule focused coordinates for predictable results.

Legality and responsible use

Maven Central metadata and POMs are public. You are responsible for complying with Maven Central terms, package licenses, and your organization's data policies.

Troubleshooting

Why is dependencyStatus not_found?

Some artifacts do not expose a latest POM at the expected public Maven repository path. Metadata is still returned.

Why is a dependency version missing?

The published POM may inherit a version from parent or dependency management. This actor preserves the declaration rather than guessing a resolved version.

FAQ

Does it resolve transitive dependencies?

No. It reports dependencies declared directly in the latest POM.

Does it need a Maven repository token?

No. The MVP uses public Maven Central endpoints only.

Pair this actor with NPM Package Intelligence Scraper for cross-ecosystem package inventory.

Examples

Spring release watch

Run one coordinate daily. Store the returned latestVersion and alert only when it differs from the previous result.

Library portfolio inventory

Submit a curated coordinate list with maxArtifacts equal to its length. Export the typed rows to your dependency catalog.

Search review

Use a narrow group query first, inspect the output, and then save exact coordinates for repeatable scheduled monitoring.

Data quality

Maven Central's index determines the metadata and latest version. POM dependency extraction is deliberately transparent: the actor returns direct declarations and reports whether the POM was fetched.

Security workflow

Use this actor as an inventory input, not as a vulnerability verdict. Join the coordinate and version with your approved vulnerability source before making remediation decisions.

Change detection tips

  • Persist the previous dataset.
  • Compare latestVersion first.
  • Compare dependency arrays by group ID and artifact ID.
  • Treat a failed POM fetch as a retryable observation.

Performance tips

Exact coordinates are the fastest and most predictable input. Search queries can match many artifacts, so set a practical output cap.

Privacy

Inputs contain public package identifiers and queries. Do not place private repository credentials or internal source code in this actor input.

Maintenance

Maven Central endpoint behavior can evolve. The actor keeps external URLs in each record so a downstream review can trace public-source values.

Support

Provide the coordinate or query and the run ID when reporting a problem.