A lockfile is a list of every dependency with integrity-checking data. While the npm ecosystem supports the creation of a lockfile, Maven currently has none by default.
In this presentation, we introduce Maven-Lockfile, a new tool that provides a lockfile for Java and Maven. This lockfile contains the list of all dependencies and enables checking the integrity of the dependencies during the build. Maven-Lockfile compares the checksums for each dependency against the one in the lockfile and only allows dependencies with the exactly same version as in the lockfile.
Tools & IDEs