Skip to content
smarkwal edited this page Jan 14, 2022 · 11 revisions

JarHC Logo

JarHC - JAR Health Check

JarHC is a static analysis tool to help you find your way through "JAR hell" or "classpath hell".

Its main purpose is to analyze a set of JAR files (.jar), WAR files (.war), and JMOD files (*.jmod) and check whether they are compatible on a binary level, and whether they contain any "unpleasant surprises" for you.


If you don't know what JAR hell is, check out these articles:

How JarHC works

The input to JarHC is a set of JAR files, called the "classpath". This is usually a bunch of third-party libraries used in a Java project. JarHC analyzes these JAR files and generates a report for various aspects.

Report sections

JAR Files

List of JAR files found in classpath with the following information:

  • File size
  • Number of Java classes in JAR file
  • Number of Resources in JAR file
  • Is JAR file a multi-release JAR?
  • Is JAR file a JPMS module? If yes, what is the module name?
  • SHA-1 checksum
  • Maven artifact coordinates (if checksum is found on Maven Central)

JAR Files


Extract JPMS module information from all JAR files from module-info.class files. If there is no such information, look for a JAR manifest attribute "Automatic-Module-Name". Otherwise, auto-generate module name based on file name.

JAR Files

Class Versions

Java versions for which the Java classes in the JAR files have been compiled. This allows you to find the "minimum Java version" required to run all classes.

JAR Files

JAR Dependencies

Lists dependencies between JAR files ("uses" and "used by"). This report is based on actual usage of classes, methods and fields in Java code.

JAR Files


Lists direct dependencies as declared in POM files and analyzes whether these dependencies are satisfied (available on the classpath).



  • List of packages per JAR file.
  • Checks for split packages: packages found in multiple JAR files.
  • Checks for "fat JARs": JARs with a mix of very different packages, potentially because multiple JAR files have been merged.

JAR Files

Duplicate Classes

  • Java classes found in more than one JAR file of the classpath.
  • Java classes found in classpath shadowing provided or runtime Java classes (JRE/JDK).
  • Resources (files other than Java class files) found in more than one JAR file under the exact same path and name.

Also checks how "similar" duplicate and shadowed Java classes are (exact copy, same API, or different API).

Binary Compatibility

Validates superclass and interface contracts, method calls, and field access. Reports missing classes, methods, or fields, and validates access permissions.


Reports use of dangerous, unsafe, unstable, or deprecated classes and methods:

  • sun.misc.Unsafe
  • System.exit(...), Runtime.exit(...), or Runtime.halt(...)
  • System.load(...), System.loadLibrary(...), Runtime.load(...), or Runtime.loadLibrary(...)
  • Runtime.exec(...)
  • @Deprecated, @VisibleForTesting, @Beta, @DoNotCall,

Checks for executable files bundled as resources:

  • *.dll
  • *.exe
  • *.so
  • *.bat
  • *.sh


Java Runtime

Information about the Java Runtime (JRE or JDK) used to run JarHC.

JAR Files