Access Keys:
Skip to content (Access Key - 0)
Java Dependency Analysis Tool
Attachments: • Added by Mandy Chung, last edited by Mandy Chung on Feb 13, 2015  (view change)
  • None

In JDK 8, a new command-line tool, jdeps, is added that developers can use to understand the static dependencies of their applications and libraries.  It also provides an -jdkinternals option to find dependencies to any JDK internal APIs that are unsupported and private to JDK implementation (see Why Developers Should Not Write Programs That Call 'sun' Packages).

Simple way to run jdeps to find out if your library/application depends on any JDK internal API:

$ jdeps -dotoutput <dot-file-dir> -jdkinternals <one-or-more-jar-files....>

This jdeps command will output the dependencies in DOT file format and one output .dot file per JAR file.

You are recommended to use 8u40 jdeps (early access download from that contains several enhancements and bug fixes.  See the jdeps man page for more information.

jdeps is a static analysis tool on the given class files and dynamic class dependencies (Class.forName or loading of service providers etc) are not reported.

Below lists some of the JDK internal APIs and the recommended way to replace their usage.

ComponentUnsupported API (not for use)Supported APIs (please use instead)Note

sun.iojava.nio.charsets @since 1.4 

sun.misc.BASE64Decoder, sun.misc.BASE64Encoder,

java.util.Base64 @since 8See @since 7


sun.misc.Cleanerjava.lang.ref.PhantomReference @since 1.2

JDK-6417205 may help with the resource issues that can arise when mapped byte buffers are not unmapped in a timely manner.


See JDK-6685587 and JDK-4724038

sun.misc.Servicejava.util.ServiceLoader @since 1.6 
sun.misc.Timerjava.util.Timer @since 1.3 
sun.misc.Unsafesun.misc.Unsafe consists of a number of use cases.  The following features are identified to provide support in the future releases:


sun.reflect.Reflection.getCallerClassTBDSee JDK-8043814 (Efficient Stack Walk API)
security-libs* to call System.getProperty or other action @since 1.1

(PrivilegedAction<String>) () -> System.getProperty(key));*

Some provided in @since 1.9 @since 1.9 @since 1.9

If internal classes are used to get the session key of Krb5Context, we now have ExtendedGSSContext for this purpose.

See JDK-8043071

java.lang.RuntimePermission,, or specific Permission class @since 1.1 @since 1.4 @since 1.6** @since 1.4 

security provider implementation class such as

  •"SUN") @since 1.3

In general, you should avoid depending on a specific provider as it may not be available on other Java implementations. See Oracle security providers documentation for more rationale. or"JavaPolicy", new; @since 1.6

client-libsjava.awt.peer and java.awt.dnd.peer

Instead of doing:

if (c.getPeer() != null)  { .. }

could be replaced with:

   if (c.isDisplayable())  { ... } 

To test if a component has a LightweightPeer, use:

public boolean isLightweight() ; @since 1.2

To obtain the color model of the component comes from the peer, instead of doing:


could be replaced with:

    public ColorModel getColorModel();


The AWT Peer API has been unsupported API and java.awt.peer.ComponentPeer interface depends on sun.* internal API. See  JDK-8037739



javax.imageio @since 1.4See JDK-6527962
jdbccom.sun.rowset.**javax.sql.rowset.RowSetProvider @since 7 

org.w3c.dom.{html, css, stylesheets}

 See JDK-8064291
 org.w3c.dom.xpath See JDK-8054197 and JDK-8054196** See JDK-8023732 (XML Catalog API)
 org.relaxng.datatype See JDK-8061466**, javax.lang.model @since 1.6 com.sun.source.* @since 1.6 is a supported API.** See JDK-8048176 (Nashorn Parser API)