Skip to main content

All Recipes by Module

This doc contains all recipes grouped by their module.

Total recipes: 5298

io.moderne.recipe:rewrite-angular

License: Moderne Proprietary License

1 recipe

io.moderne.recipe:rewrite-cryptography

License: Moderne Proprietary License

4 recipes

io.moderne.recipe:rewrite-devcenter

License: Moderne Source Available License

7 recipes

io.moderne.recipe:rewrite-elastic

License: Moderne Proprietary License

8 recipes

  • io.moderne.elastic.elastic9.ChangeApiNumericFieldType
    • Change numeric field type with conversion
    • Adds conversion methods with null checks for numeric type changes in Elasticsearch 9 API.
  • io.moderne.elastic.elastic9.MigrateDenseVectorElementType
    • Migrate DenseVectorProperty.elementType from String to DenseVectorElementType enum
    • In Elasticsearch 9, DenseVectorProperty.elementType() returns DenseVectorElementType enum instead of String, and the builder method elementType(String) now accepts the enum type. This recipe handles both builder calls and getter calls.
  • io.moderne.elastic.elastic9.MigrateDenseVectorSimilarity
    • Migrate DenseVectorProperty.similarity from String to DenseVectorSimilarity enum
    • In Elasticsearch 9, DenseVectorProperty.similarity() returns DenseVectorSimilarity enum instead of String, and the builder method similarity(String) now accepts the enum type. This recipe handles both builder calls and getter calls.
  • io.moderne.elastic.elastic9.MigrateMatchedQueries
    • Migrate matchedQueries from List to Map
    • In Elasticsearch Java Client 9.0, Hit.matchedQueries() changed from returning List<String> to Map<String, Double>. This recipe migrates the usage by adding .keySet() for iterations and using new ArrayList<>(result.keySet()) for assignments.
  • io.moderne.elastic.elastic9.MigrateScriptSource
    • Migrate script source from String to Script/ScriptSource
    • Migrates Script.source(String) calls to use ScriptSource.scriptString(String) wrapper in Elasticsearch Java client 9.x.
  • io.moderne.elastic.elastic9.MigrateSpanTermQueryValue
    • Migrate SpanTermQuery.value() from String to FieldValue
    • In Elasticsearch 9, SpanTermQuery.value() returns a FieldValue instead of String. This recipe updates calls to handle the new return type by checking if it's a string and extracting the string value.
  • io.moderne.elastic.elastic9.RenameApiField
    • Rename Elasticsearch valueBody() methods
    • In Elasticsearch Java Client 9.0, the generic valueBody() method and valueBody(...) builder methods have been replaced with specific getter and setter methods that better reflect the type of data being returned. Similarly, for GetRepositoryResponse, the result field also got altered to repositories.
  • io.moderne.elastic.elastic9.UseNamedValueParameters
    • Use NamedValue parameters instead of Map
    • Migrates indicesBoost and dynamicTemplates parameters from Map to NamedValue in Elasticsearch Java client 9.x.

io.moderne.recipe:rewrite-hibernate

License: Moderne Proprietary License

22 recipes

io.moderne.recipe:rewrite-jasperreports

License: Moderne Proprietary License

1 recipe

io.moderne.recipe:rewrite-java-application-server

License: Moderne Proprietary License

4 recipes

io.moderne.recipe:rewrite-kafka

License: Moderne Proprietary License

12 recipes

  • io.moderne.kafka.MigrateAlterConfigsToIncrementalAlterConfigs
    • Migrate AdminClient.alterConfigs() to incrementalAlterConfigs()
    • Migrates the removed AdminClient.alterConfigs() method to incrementalAlterConfigs() for Kafka 4.0 compatibility.
  • io.moderne.kafka.MigrateConsumerCommittedToSet
    • Migrate KafkaConsumer.committed(TopicPartition) to committed(Set<TopicPartition>)
    • Migrates from the removed KafkaConsumer.committed(TopicPartition) to committed(Set<TopicPartition>) for Kafka 4.0 compatibility. Converts single TopicPartition arguments to Collections.singleton() calls.
  • io.moderne.kafka.MigrateConsumerPollToDuration
    • Migrate KafkaConsumer.poll(long) to poll(Duration)
    • Migrates from the deprecated KafkaConsumer.poll(long) to poll(Duration) for Kafka 4.0 compatibility. Converts millisecond timeout values to Duration.ofMillis() calls.
  • io.moderne.kafka.MigrateSendOffsetsToTransaction
    • Migrate deprecated sendOffsetsToTransaction to use ConsumerGroupMetadata
    • Migrates from the deprecated KafkaProducer.sendOffsetsToTransaction(Map, String) to sendOffsetsToTransaction(Map, ConsumerGroupMetadata) for Kafka 4.0 compatibility. This recipe uses a conservative approach with new ConsumerGroupMetadata(groupId).
  • io.moderne.kafka.RemoveDeprecatedKafkaProperties
    • Remove deprecated Kafka property
    • Removes a specific Kafka property that is no longer supported in Kafka 4.0.
  • io.moderne.kafka.streams.MigrateKStreamToTable
    • Migrate KStream to KTable conversion to use toTable() method
    • In Kafka Streams 2.5, a new toTable() method was added to simplify converting a KStream to a KTable. This recipe replaces the manual aggregation pattern .groupByKey().reduce((oldVal, newVal) -> newVal) with the more concise .toTable() method.
  • io.moderne.kafka.streams.MigrateKafkaStreamsStoreMethod
    • Migrate deprecated KafkaStreams#store method
    • In Kafka Streams 2.5, the method KafkaStreams#store(String storeName, QueryableStoreType<T> storeType) was deprecated. It only allowed querying active stores and did not support any additional query options. Use the new StoreQueryParameters API instead.
  • io.moderne.kafka.streams.MigrateRetryConfiguration
    • Migrate deprecated retry configuration to task timeout
    • In Kafka 2.7, RETRIES_CONFIG and RETRY_BACKOFF_MS_CONFIG were deprecated in favor of TASK_TIMEOUT_MS_CONFIG. This recipe migrates the old retry configuration to the new task timeout configuration, attempting to preserve the retry budget by multiplying retries × backoff time. If only one config is present, it falls back to 60000ms (1 minute).
  • io.moderne.kafka.streams.MigrateStreamsUncaughtExceptionHandler
    • Migrate to StreamsUncaughtExceptionHandler API
    • Migrates from the JVM-level Thread.UncaughtExceptionHandler to Kafka Streams' StreamsUncaughtExceptionHandler API introduced in version 2.8. This new API provides explicit control over how the Streams client should respond to uncaught exceptions (REPLACE_THREAD, SHUTDOWN_CLIENT, or SHUTDOWN_APPLICATION).
  • io.moderne.kafka.streams.MigrateTaskMetadataTaskId
    • Migrate TaskMetadata.taskId() to return TaskId
    • In Kafka Streams 3.0, TaskMetadata.taskId() changed its return type from String to TaskId. This recipe adds .toString() calls where necessary to maintain String compatibility.
  • io.moderne.kafka.streams.MigrateWindowStorePutMethod
    • Migrate WindowStore.put() to include timestamp
    • In Kafka Streams 2.4, WindowStore.put() requires a timestamp parameter. This recipe adds context.timestamp() as the third parameter.
  • io.moderne.kafka.streams.RemovePartitionGrouperConfiguration
    • Remove PartitionGrouper configuration
    • Starting with Kafka Streams 2.4, the PartitionGrouper API was deprecated and partition grouping is now fully handled internally by the library. This recipe removes the deprecated PARTITION_GROUPER_CLASS_CONFIG configuration.

io.moderne.recipe:rewrite-program-analysis

License: Moderne Proprietary License

15 recipes

io.moderne.recipe:rewrite-react

License: Moderne Proprietary License

2 recipes

io.moderne.recipe:rewrite-spring

License: Moderne Proprietary License

66 recipes

  • io.moderne.java.jsf.richfaces.ConvertExtendedDataTableHeightToStyle
    • Convert height/width attributes to extendedDataTable style
    • Converts height and width attributes to inline style attribute for RichFaces extendedDataTable components.
  • io.moderne.java.spring.boot.AddSpringBootApplication
    • Add @SpringBootApplication class
    • Adds a @SpringBootApplication class containing a main method to bootify your Spring Framework application.
  • io.moderne.java.spring.boot.FieldToConstructorInjection
    • Convert field injection to constructor injection
    • Converts @Autowired field injection to constructor injection pattern. For non-final classes, adds both a no-args constructor and the autowired constructor to maintain compatibility with extending classes. Moves @Qualifier annotations to constructor parameters.
  • io.moderne.java.spring.boot.IsLikelyNotSpringBoot
    • Is likely not a Spring Boot project
    • Marks the project if it's likely not a Spring Boot project.
  • io.moderne.java.spring.boot.IsLikelySpringBoot
    • Is likely a Spring Boot project
    • Marks the project if it's likely a Spring Boot project.
  • io.moderne.java.spring.boot.MarkEmbeddedServerProvidedForWar
    • Mark embedded server as provided for WAR projects
    • For WAR-packaged projects migrating to Spring Boot, add the embedded Tomcat starter with provided scope to prevent conflicts with the external servlet container.
  • io.moderne.java.spring.boot.MigrateSpringFrameworkDependenciesToSpringBoot
    • Migrate Spring Framework dependencies to Spring Boot
    • Migrate Spring Framework dependencies to Spring Boot.
  • io.moderne.java.spring.boot3.AddValidToConfigurationPropertiesFields
    • Add @Valid annotation to fields
    • In Spring Boot 3.4, validation of @ConfigurationProperties classes annotated with @Validated now follows the Bean Validation specification, only cascading to nested properties if the corresponding field is annotated with @Valid. The recipe will add a @Valid annotation to each field which has a type that has a field which is annotated with a jakarta.validation.constraints.* annotation.
  • io.moderne.java.spring.boot3.CommentOnMockAndSpyBeansInConfigSpring34
    • Comment on @MockitoSpyBean and @MockitoBean in @Configuration
    • As stated in Spring Docs @MockitoSpyBean and @MockitoBean will only work in tests, explicitly not in @Configuration annotated classes.
  • io.moderne.java.spring.boot3.ConditionalOnAvailableEndpointMigrationSpring34
    • Migrate ConditionalOnAvailableEndpoint for Spring Boot 3.4
    • Migrate @ConditionalOnAvailableEndpoint(EndpointExposure.CLOUD_FOUNDRY) to @ConditionalOnAvailableEndpoint(EndpointExposure.WEB) for Spring Boot 3.4.
  • io.moderne.java.spring.boot3.MigrateAbstractDiscoveredEndpointConstructor
    • Migrate AbstractDiscoveredEndpoint deprecated constructor
    • The boolean-parameter constructor of AbstractDiscoveredEndpoint has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with an Access parameter.
  • io.moderne.java.spring.boot3.MigrateAbstractExposableEndpointConstructor
    • Migrate AbstractExposableEndpoint deprecated constructor
    • The boolean-parameter constructor of AbstractExposableEndpoint has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with an Access parameter instead of boolean enableByDefault.
  • io.moderne.java.spring.boot3.MigrateEndpointAnnotationAccessValueSpring34
    • Migrate @Endpoints defaultAccess value
    • Since Spring Boot 3.4 the @Endpoint access configuration values are no longer true|false but none|read-only|unrestricted.
  • io.moderne.java.spring.boot3.MigrateEndpointDiscovererConstructor
    • Migrate EndpointDiscoverer deprecated constructor
    • The 4-parameter constructor of EndpointDiscoverer has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
  • io.moderne.java.spring.boot3.MigrateEntityManagerFactoryBuilderConstructor
    • Migrate EntityManagerFactoryBuilder deprecated constructor
    • The constructors of EntityManagerFactoryBuilder have been deprecated in Spring Boot 3.4. This recipe transforms them to use the new constructor with a Function parameter for property mapping.
  • io.moderne.java.spring.boot3.MigrateJmxEndpointDiscovererConstructor
    • Migrate JmxEndpointDiscoverer deprecated constructor
    • The 4-parameter constructor of JmxEndpointDiscoverer has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
  • io.moderne.java.spring.boot3.MigrateWebEndpointDiscovererConstructor
    • Migrate WebEndpointDiscoverer 6-parameter constructor to 8-parameter
    • The 6-parameter constructor of WebEndpointDiscoverer has been deprecated in Spring Boot 3.3. This recipe adds two new parameters (AdditionalPathsMapper and OperationFilter<WebOperation>) to the constructor and updates the Bean method signature to inject them as ObjectProvider types.
  • io.moderne.java.spring.boot3.RemoveDeprecatedConditions
    • Remove Spring Boot 3.5 deprecated conditions
    • Replace Spring Boot 3.5 deprecated condition classes with their corresponding conditional annotations.
  • io.moderne.java.spring.boot3.RemoveReplaceNoneFromAutoConfigureTestDatabase
    • Remove Replace.NONE from @AutoConfigureTestDatabase
    • Replace.NONE is the default value for @AutoConfigureTestDatabase since Spring Boot 3.4.
  • io.moderne.java.spring.boot3.RemoveTestRestTemplateEnableRedirectsOptionRecipe
    • Remove TestRestTemplate.HttpClientOption.ENABLE_REDIRECTS option
    • The TestRestTemplate now uses the same follow redirects settings as the regular RestTemplate. The HttpOption.ENABLE_REDIRECTS option has also been deprecated. This recipe removes the option from the TestRestTemplate constructor arguments.
  • io.moderne.java.spring.boot3.ReplaceConditionalOutcomeInverse
    • Replace ConditionOutcome.inverse() with constructor
    • Replace deprecated ConditionOutcome.inverse(ConditionOutcome outcome) calls with new ConditionOutcome(!outcome.isMatch(), outcome.getConditionMessage()).
  • io.moderne.java.spring.boot3.ReplaceDeprecatedKafkaConnectionDetailsBootstrapServerGetters
    • Replace deprecated KafkaConnectionDetails bootstrap server methods
    • Replace deprecated KafkaConnectionDetails bootstrap server methods with chained calls. For example, getProducerBootstrapServers() becomes getProducer().getBootstrapServers().
  • io.moderne.java.spring.boot3.ReplaceDeprecatedThreadPoolTaskSchedulerConstructor
    • Replace deprecated ThreadPoolTaskSchedulerBuilder 5-argument constructor
    • The 5-parameter constructor of ThreadPoolTaskSchedulerBuilder has been deprecated in Spring Boot 3.5. This recipe transforms it to use the builder pattern instead, omitting null values and defaults.
  • io.moderne.java.spring.boot3.ReplaceKafkaTransactionManagerSetter
    • Use kafkaAwareTransactionManager setter
    • Replace deprecated ContainerProperties#setTransactionManager(org.springframework.transaction.PlatformTransactionManager) method with ContainerProperties#setKafkaAwareTransactionManager(org.springframework.kafka.transaction.KafkaAwareTransactionManager). The method will be replaced only if its argument has the type KafkaAwareTransactionManager.
  • io.moderne.java.spring.boot3.ResolveTaskExecutorFromContext
    • Replace taskExecutor with applicationTaskExecutor
    • Use bean name applicationTaskExecutor instead of taskExecutor when resolving TaskExecutor Bean from application context.
  • io.moderne.java.spring.boot4.AddAutoConfigureMockMvc
    • Add @AutoConfigureMockMvc to @SpringBootTest classes using MockMvc
    • Adds @AutoConfigureMockMvc annotation to classes annotated with @SpringBootTest that use MockMvc.
  • io.moderne.java.spring.boot4.FlagDeprecatedReactorNettyHttpClientMapper
    • Flag deprecated ReactorNettyHttpClientMapper for migration
    • Adds a TODO comment to classes implementing the deprecated ReactorNettyHttpClientMapper interface. Migration to ClientHttpConnectorBuilderCustomizer<ReactorClientHttpConnectorBuilder> requires wrapping the HttpClient configuration in builder.withHttpClientCustomizer(...).
  • io.moderne.java.spring.boot4.InsertPropertyMapperAlwaysMethodInvocation
    • Preserve PropertyMapper null-passing behavior
    • Spring Boot 4.0 changes the PropertyMapper behavior so that from() no longer calls to() when the source value is null. This recipe inserts .always() before terminal mapping methods to preserve the previous behavior.
  • io.moderne.java.spring.boot4.MigrateSpringRetryToSpringFramework7
    • Migrate spring-retry to Spring Framework resilience
    • Migrate spring-retrys @Retryable and @Backoff annotation to Spring Framework 7 Resilience annotations.
  • io.moderne.java.spring.boot4.RemoveContentNegotiationFavorPathExtension
    • Remove ContentNegotiationConfigurer.favorPathExtension() calls
    • Spring Framework 7 removed favorPathExtension() from ContentNegotiationConfigurer. Path extension content negotiation is no longer supported. This recipe removes calls to favorPathExtension().
  • io.moderne.java.spring.boot4.RemoveGradleUberJarLoaderImplementationConfig
    • Remove loaderImplementation from Gradle
    • Removes the Spring Boot Uber-Jar loaderImplementation configuration from Gradle build files.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedAutoconfigureMongoApi
    • Replace deprecated org.springframework.boot.autoconfigure.mongo API
    • Replace deprecated org.springframework.boot.autoconfigure.mongo API.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedDockerApi
    • Replace deprecated DockerApi
    • Replaces deprecated DockerApi constructors and configuration methods with their modern equivalents.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedRequestMatcherProvider
    • Replace deprecated RequestMatcherProvider with new API
    • Replaces the deprecated org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider with org.springframework.boot.security.autoconfigure.actuate.web.servlet.RequestMatcherProvider. The new interface adds an HttpMethod parameter to the getRequestMatcher method.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedThreadPoolTaskSchedulerBuilderApi
    • Replace deprecated ThreadPoolTaskSchedulerBuilder constructor
    • Replaces the deprecated 5-argument constructor of ThreadPoolTaskSchedulerBuilder with the builder pattern.
  • io.moderne.java.spring.framework.AddSetUseSuffixPatternMatch
    • Add setUseSuffixPatternMatch(true) in Spring MVC configuration
    • In Spring Framework 5.2.4 and earlier, suffix pattern matching was enabled by default. This meant a controller method mapped to /users would also match /users.json, /users.xml, etc. Spring Framework 5.3 deprecated this behavior and changed the default to false. This recipe adds setUseSuffixPatternMatch(true) to WebMvcConfigurer implementations to preserve the legacy behavior during migration. Note: This only applies to Spring MVC; Spring WebFlux does not support suffix pattern matching.
  • io.moderne.java.spring.framework.FlagSuffixPatternMatchUsage
    • Flag deprecated suffix pattern matching usage for manual review
    • Handles deprecated setUseSuffixPatternMatch() and setUseRegisteredSuffixPatternMatch() calls. When suffix pattern matching is explicitly enabled, adds TODO comments and search markers since there is no automatic migration path. When explicitly disabled, the call is safely removed since false is already the default since Spring Framework 5.3.
  • io.moderne.java.spring.framework.IsLikelySpringFramework
    • Is likely a Spring Framework project
    • Marks the project if it's likely a Spring Framework project.
  • io.moderne.java.spring.framework.JaxRsToSpringWeb
    • Convert JAX-RS annotations to Spring Web
    • Converts JAX-RS annotations such as @Path, @GET, @POST, etc., to their Spring Web equivalents like @RestController, @RequestMapping, @GetMapping, etc.
  • io.moderne.java.spring.framework.MigrateFilterToOncePerRequestFilter
    • Migrate Filter to OncePerRequestFilter
    • Migrates classes that implement javax.servlet.Filter (or jakarta.servlet.Filter) to extend org.springframework.web.filter.OncePerRequestFilter. This transformation renames doFilter to doFilterInternal, changes parameter types to HTTP variants, removes manual casting, and removes empty init() and destroy() methods.
  • io.moderne.java.spring.framework.MigrateHandleErrorMethodInvocations
    • Migrate handleError method invocations to new signature
    • Updates invocations of handleError(ClientHttpResponse) to the new handleError(URI, HttpMethod, ClientHttpResponse) signature introduced in Spring Framework 7.0. Callers are updated to pass null for the URI and HttpMethod parameters when the actual values are not available.
  • io.moderne.java.spring.framework.MigrateHttpHeadersMultiValueMapMethods
    • Migrate HttpHeaders methods removed when MultiValueMap contract was dropped
    • Spring Framework 7.0 changed HttpHeaders to no longer implement MultiValueMap. This recipe replaces removed inherited method calls: containsKey() with containsHeader(), keySet() with headerNames(), and entrySet() with headerSet().
  • io.moderne.java.spring.framework.NullableSpringWebParameters
    • Add @Nullable to optional Spring web parameters
    • In Spring Boot 4, JSpecify's @Nullable annotation should be used to indicate that a parameter can be null. This recipe adds @Nullable to parameters annotated with @PathVariable(required = false) or @RequestParam(required = false) and removes the now-redundant required = false attribute.
  • io.moderne.java.spring.framework.RemoveEmptyPathMatchConfiguration
    • Remove empty path match configuration methods
    • Removes empty configurePathMatch (WebMvc) and configurePathMatching (WebFlux) method overrides. These methods may become empty after deprecated path matching options are removed.
  • io.moderne.java.spring.framework.RemoveSetPathMatcherCall
    • Remove deprecated setPathMatcher() calls
    • In Spring Framework 7.0, PathMatcher and AntPathMatcher are deprecated in favor of PathPatternParser, which has been the default in Spring MVC since 6.0. This recipe removes calls to setPathMatcher(new AntPathMatcher()) since they are now redundant. The default PathPatternParser provides better performance through pre-parsed patterns.
  • io.moderne.java.spring.framework.beansxml.BeansXmlToConfiguration
    • Migrate beans.xml to Spring Framework configuration class
    • Converts Java/Jakarta EE beans.xml configuration files to Spring Framework @Configuration classes.
  • io.moderne.java.spring.framework.webxml.FindWelcomeFileConfiguration
    • Add landing page controller for welcome file configuration
    • Generates a LandingPageController when welcome-file-list is found in web.xml or context-root in jboss-web.xml. When migrating to Spring Framework 5.3+, applications that rely on these server-side landing page configurations need a @Controller with a @RequestMapping for / to avoid 404 errors, as Spring MVC can take over the root mapping. Skips generation if a controller already maps to /.
  • io.moderne.java.spring.framework.webxml.WebXmlToWebApplicationInitializer
    • Migrate web.xml to WebApplicationInitializer
    • Migrate web.xml to WebApplicationInitializer for Spring applications. This allows for programmatic configuration of the web application context, replacing the need for XML-based configuration. This recipe only picks up web.xml files located in the src/main/webapp/WEB-INF directory to avoid inference with tests. It creates a WebXmlWebAppInitializer class in src/main/java with respect to submodules if they contain java files. If it finds an existing WebXmlWebAppInitializer, it skips the creation.
  • io.moderne.java.spring.framework7.AddDynamicDestinationResolverToJmsTemplate
    • Explicitly set DynamicDestinationResolver on JmsTemplate
    • Spring Framework 7.0 changed the default DestinationResolver for JmsTemplate from DynamicDestinationResolver to SimpleDestinationResolver, which caches Session-resolved Queue and Topic instances. This recipe adds an explicit call to setDestinationResolver(new DynamicDestinationResolver()) to preserve the previous behavior. The caching behavior of SimpleDestinationResolver should be fine for most JMS brokers, so this explicit configuration can be removed once compatibility with the new default is verified.
  • io.moderne.java.spring.framework7.AddSpringExtensionConfigForNestedTests
    • Add @SpringExtensionConfig for nested tests
    • Spring Framework 7.0 changed SpringExtension to use test-method scoped ExtensionContext instead of test-class scoped. This can break @Nested test class hierarchies. Adding @SpringExtensionConfig(useTestClassScopedExtensionContext = true) restores the previous behavior.
  • io.moderne.java.spring.framework7.FindOkHttp3IntegrationUsage
    • Find Spring OkHttp3 integration usage
    • Spring Framework 7.0 removes OkHttp3 integration classes. This recipe identifies usages of OkHttp3ClientHttpRequestFactory and OkHttp3ClientHttpConnector that need to be replaced. Consider migrating to Java's built-in HttpClient with JdkClientHttpRequestFactory or JdkClientHttpConnector, or to Apache HttpClient 5 with HttpComponentsClientHttpRequestFactory.
  • io.moderne.java.spring.framework7.FindServletViewSupportUsage
    • Find removed Spring servlet view classes
    • Spring Framework 7.0 removes the org.springframework.web.servlet.view.document and org.springframework.web.servlet.view.feed packages. This recipe adds TODO comments to imports of AbstractPdfView, AbstractXlsView, AbstractXlsxView, AbstractXlsxStreamingView, AbstractPdfStampView, AbstractFeedView, AbstractAtomFeedView, and AbstractRssFeedView that need to be replaced with direct usage of the underlying libraries (Apache POI, OpenPDF/iText, ROME) in web handlers.
  • io.moderne.java.spring.framework7.FindThemeSupportUsage
    • Find Spring Theme support usage
    • Spring Framework 7.0 removes Theme support entirely. This recipe identifies usages of Theme-related classes like ThemeResolver, ThemeSource, and ThemeChangeInterceptor that need to be removed or replaced with CSS-based alternatives. The Spring team recommends using CSS directly for theming functionality.
  • io.moderne.java.spring.framework7.MigrateListenableFuture
    • Migrate ListenableFuture to CompletableFuture
    • Spring Framework 6.0 deprecated ListenableFuture in favor of CompletableFuture. Spring Framework 7.0 removes ListenableFuture entirely. This recipe migrates usages of ListenableFuture and its callbacks to use CompletableFuture and BiConsumer instead.
  • io.moderne.java.spring.framework7.ReplaceJUnit4SpringTestBaseClasses
    • Replace JUnit 4 Spring test base classes with JUnit Jupiter annotations
    • Replace AbstractJUnit4SpringContextTests and AbstractTransactionalJUnit4SpringContextTests base classes with @ExtendWith(SpringExtension.class) and @Transactional annotations. These base classes are deprecated in Spring Framework 7.0 in favor of the SpringExtension for JUnit Jupiter.
  • io.moderne.java.spring.framework7.SimplifyReflectionHintRegistration
    • Simplify reflection hint registrations for Spring Framework 7.0
    • Removes deprecated MemberCategory arguments from registerType() calls on ReflectionHints. In Spring Framework 7.0, registering a reflection hint for a type now implies methods, constructors, and fields introspection. All MemberCategory values except INVOKE_* have been deprecated. This recipe removes those deprecated arguments, simplifying code like hints.reflection().registerType(MyType.class, MemberCategory.DECLARED_FIELDS) to hints.reflection().registerType(MyType.class).
  • io.moderne.java.spring.hibernate.MigrateDaoSupportGetSession
    • Migrate HibernateDaoSupport#getSession() usage
    • Migrate HibernateDaoSupport#getSession() usage to HibernateDaoSupport#getSessionFactory()#getCurrentSession() and annotate the methods with @Transactional.
  • io.moderne.java.spring.hibernate.MigrateSaveOrUpdateAll
    • Migrate HibernateDaoSupport#getHibernateTemplate#saveOrUpdateAll
    • Migrate removed HibernateDaoSupport#getHibernateTemplate#.saveOrUpdateAll to an iterative HibernateDaoSupport#getHibernateTemplate#.saveOrUpdate.
  • io.moderne.java.spring.kafka.consumer.FindKafkaListenerWithoutErrorHandling
    • Find @KafkaListener methods without error handling
    • Flags @KafkaListener methods that lack proper error handling. Methods should have @RetryableTopic, specify an errorHandler in the annotation, or implement try-catch blocks for error handling.
  • io.moderne.java.spring.kafka.consumer.FindMissingDltHandler
    • Find @RetryableTopic without @DltHandler
    • Flags classes that use @RetryableTopic without a corresponding @DltHandler method. A DLT handler should be defined to process messages that have exhausted all retries.
  • io.moderne.java.spring.kafka.consumer.IsKafkaConsumer
    • Is likely a Kafka consumer module
    • Marks the project if it's likely a Kafka consumer module.
  • io.moderne.java.spring.kafka.producer.FindCustomKeyUsage
    • Find KafkaTemplate.send() with custom key
    • Flags KafkaTemplate.send() calls that use a custom key (3+ arguments). Custom keys should be reviewed to ensure they provide appropriate partition distribution.
  • io.moderne.java.spring.kafka.producer.IsKafkaProducer
    • Is likely a Kafka producer module
    • Marks the project if it's likely a Kafka producer module.
  • io.moderne.java.spring.security6.MigrateAntPathRequestMatcher
    • Migrate antPathRequestMatcher to pathPatternRequestMatcher
    • In Spring Security 6.5, AntPathRequestMatcher is deprecated in favor of PathPatternRequestMatcher. This recipe migrates static method calls and constructor usage to the new pattern.
  • io.moderne.java.spring.security7.MigrateMvcRequestMatcher
    • Migrate MvcRequestMatcher to PathPatternRequestMatcher
    • In Spring Security 7.0, MvcRequestMatcher which depends on the deprecated HandlerMappingIntrospector is removed in favor of PathPatternRequestMatcher. This recipe migrates constructor and builder usage to the new pattern.
  • io.moderne.java.spring.security7.MigrateOAuth2RestOperationsToRestClient
    • Migrate OAuth2 token response client from RestOperations to RestClient
    • Migrates setRestOperations(RestOperations) calls to setRestClient(RestClient) on the new RestClient-based OAuth2 AccessTokenResponseClient implementations. The RestClient-based implementations introduced in Spring Security 7 use RestClient instead of RestOperations.

io.moderne.recipe:rewrite-tapestry

License: Moderne Proprietary License

7 recipes

  • org.openrewrite.tapestry.ConvertAnnotatedMethodToField
    • Convert annotated abstract method to field
    • Converts abstract getter methods annotated with sourceAnnotation to private fields annotated with targetAnnotation.
  • org.openrewrite.tapestry.ConvertBeanAnnotation
    • Convert Tapestry 4 @Bean to @Property
    • Converts Tapestry 4's @Bean annotation to @Property fields. Bean initialization with 'initializer' attribute requires manual migration.
  • org.openrewrite.tapestry.ConvertListenerInterfaces
    • Convert Tapestry 4 listener interfaces to Tapestry 5 annotations
    • Converts Tapestry 4 page lifecycle listener interfaces (PageBeginRenderListener, PageEndRenderListener, etc.) to Tapestry 5 lifecycle annotations (@SetupRender, @CleanupRender, etc.) and removes the interface implementations.
  • org.openrewrite.tapestry.RemoveIRequestCycleParameter
    • Remove IRequestCycle parameters
    • Removes IRequestCycle parameters from methods. In Tapestry 5, event handler methods don't receive the request cycle as a parameter.
  • org.openrewrite.tapestry.RemoveObsoleteFormTypes
    • Remove obsolete Tapestry form types
    • Removes field declarations and imports for Tapestry 4 form component types (IPropertySelectionModel, StringPropertySelectionModel, etc.) that don't exist in Tapestry 5. Code using these types will need manual refactoring to use Tapestry 5's SelectModel pattern.
  • org.openrewrite.tapestry.RemoveTapestryBaseClasses
    • Remove Tapestry 4 base classes
    • Removes Tapestry 4 base class inheritance (BasePage, BaseComponent, AbstractComponent) and converts the class to a POJO suitable for Tapestry 5. Abstract getter/setter methods are converted to fields with @Property annotation.
  • org.openrewrite.tapestry.ReplaceReverseComparator
    • Replace ReverseComparator with Collections.reverseOrder()
    • Replaces tapestry-contrib's ReverseComparator with the standard Java Collections.reverseOrder() method.

io.moderne.recipe:rewrite-vulncheck

License: Moderne Proprietary License

1 recipe

  • io.moderne.vulncheck.FixVulnCheckVulnerabilities
    • Use VulnCheck Exploit Intelligence to fix vulnerabilities
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.

org.openrewrite.meta:rewrite-analysis

License: Apache License Version 2.0

4 recipes

org.openrewrite.recipe:rewrite-ai-search

License: Moderne Proprietary License

6 recipes

org.openrewrite.recipe:rewrite-all

License: Apache License Version 2.0

3 recipes

  • org.openrewrite.FindCallGraph
    • Find call graph
    • Produces a data table where each row represents a method call.
  • org.openrewrite.FindDuplicateSourceFiles
    • Find duplicate source files
    • Record the presence of LSTs with duplicate paths, indicating that the same file was parsed more than once.
  • org.openrewrite.LanguageComposition
    • Language composition report
    • Counts the number of lines of the various kinds of source code and data formats parsed by OpenRewrite. Comments are not included in line counts. This recipe emits its results as two data tables, making no changes to any source file. One data table is per-file, the other is per-repository.

org.openrewrite.recipe:rewrite-android

License: Moderne Proprietary License

2 recipes

org.openrewrite.recipe:rewrite-apache

License: Moderne Source Available License

78 recipes

org.openrewrite.recipe:rewrite-azul

License: Moderne Proprietary License

2 recipes

org.openrewrite.recipe:rewrite-circleci

License: Moderne Proprietary License

2 recipes

org.openrewrite.recipe:rewrite-codemods

License: Moderne Source Available License

6 recipes

org.openrewrite.recipe:rewrite-codemods-ng

License: Moderne Proprietary License

1 recipe

org.openrewrite.recipe:rewrite-compiled-analysis

License: Moderne Proprietary License

2 recipes

org.openrewrite.recipe:rewrite-concourse

License: Moderne Proprietary License

5 recipes

org.openrewrite.recipe:rewrite-cucumber-jvm

License: Moderne Source Available License

5 recipes

org.openrewrite.recipe:rewrite-docker

License: Moderne Source Available License

1 recipe

org.openrewrite.recipe:rewrite-dotnet

License: Moderne Proprietary License

2 recipes

org.openrewrite.recipe:rewrite-dropwizard

License: Apache License Version 2.0

9 recipes

org.openrewrite.recipe:rewrite-feature-flags

License: Moderne Source Available License

25 recipes

org.openrewrite.recipe:rewrite-github-actions

License: Moderne Source Available License

42 recipes

org.openrewrite.recipe:rewrite-gitlab

License: Moderne Source Available License

8 recipes

org.openrewrite.recipe:rewrite-hibernate

License: Moderne Source Available License

8 recipes

org.openrewrite.recipe:rewrite-jackson

License: Apache License Version 2.0

14 recipes

org.openrewrite.recipe:rewrite-java-dependencies

License: Apache License Version 2.0

16 recipes

  • org.openrewrite.java.dependencies.AddDependency
    • Add Gradle or Maven dependency
    • For a Gradle project, add a gradle dependency to a build.gradle file in the correct configuration based on where it is used. Or For a maven project, Add a Maven dependency to a pom.xml file in the correct scope based on where it is used.
  • org.openrewrite.java.dependencies.ChangeDependency
    • Change Gradle or Maven dependency
    • Change the group ID, artifact ID, and/or the version of a specified Gradle or Maven dependency.
  • org.openrewrite.java.dependencies.DependencyInsight
    • Dependency insight for Gradle and Maven
    • Finds dependencies, including transitive dependencies, in both Gradle and Maven projects. Matches within all Gradle dependency configurations and Maven scopes.
  • org.openrewrite.java.dependencies.DependencyList
    • Dependency report
    • Emits a data table detailing all Gradle and Maven dependencies. This recipe makes no changes to any source file.
  • org.openrewrite.java.dependencies.DependencyResolutionDiagnostic
    • Dependency resolution diagnostic
    • Recipes which manipulate dependencies must be able to successfully access the artifact repositories and resolve dependencies from them. This recipe produces two data tables used to understand the state of dependency resolution. The Repository accessibility report lists all the artifact repositories known to the project and whether respond to network access. The network access is attempted while the recipe is run and so is representative of current conditions. The Gradle dependency configuration errors lists all the dependency configurations that failed to resolve one or more dependencies when the project was parsed. This is representative of conditions at the time the LST was parsed.
  • org.openrewrite.java.dependencies.FindDependency
    • Find Maven and Gradle dependencies
    • Finds direct dependencies declared in Maven and Gradle build files. This does not search transitive dependencies. To detect both direct and transitive dependencies use org.openrewrite.java.dependencies.DependencyInsight This recipe works for both Maven and Gradle projects.
  • org.openrewrite.java.dependencies.RelocatedDependencyCheck
    • Find relocated dependencies
    • Find Maven and Gradle dependencies and Maven plugins that have relocated to a new groupId or artifactId. Relocation information comes from the oga-maven-plugin maintained by Jonathan Lermitage, Filipe Roque and others. This recipe makes no changes to any source file by default. Add changeDependencies=true to change dependencies, but note that you might need to run additional recipes to update imports and adopt other breaking changes.
  • org.openrewrite.java.dependencies.RemoveDependency
    • Remove a Gradle or Maven dependency
    • For Gradle project, removes a single dependency from the dependencies section of the build.gradle. For Maven project, removes a single dependency from the <dependencies> section of the pom.xml.
  • org.openrewrite.java.dependencies.RemoveRedundantDependencies
    • Remove redundant explicit dependencies
    • Remove explicit dependencies that are already provided transitively by a specified dependency. This recipe downloads and resolves the parent dependency's POM to determine its true transitive dependencies, allowing it to detect redundancies even when both dependencies are explicitly declared.
  • org.openrewrite.java.dependencies.UpgradeDependencyVersion
    • Upgrade Gradle or Maven dependency versions
    • For Gradle projects, upgrade the version of a dependency in a build.gradle file. Supports updating dependency declarations of various forms: * String notation: "group:artifact:version" * Map notation: group: 'group', name: 'artifact', version: 'version' It is possible to update version numbers which are defined earlier in the same file in variable declarations. For Maven projects, upgrade the version of a dependency by specifying a group ID and (optionally) an artifact ID using Node Semver advanced range selectors, allowing more precise control over version updates to patch or minor releases.
  • org.openrewrite.java.dependencies.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Gradle or Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom.xml or Gradle build.gradle. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.java.dependencies.search.DoesNotIncludeDependency
    • Does not include dependency for Gradle and Maven
    • A precondition which returns false if visiting a Gradle file / Maven pom which includes the specified dependency in the classpath of some Gradle configuration / Maven scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • org.openrewrite.java.dependencies.search.FindMinimumDependencyVersion
    • Find the oldest matching dependency version in use
    • The oldest dependency version in use is the lowest dependency version in use in any source set of any subproject of a repository. It is possible that, for example, the main source set of a project uses Jackson 2.11, but a test source set uses Jackson 2.16. In this case, the oldest Jackson version in use is Java 2.11.
  • org.openrewrite.java.dependencies.search.FindMinimumJUnitVersion
    • Find minimum JUnit version
    • A recipe to find the minimum version of JUnit dependencies. This recipe is designed to return the minimum version of JUnit in a project. It will search for JUnit 4 and JUnit 5 dependencies in the project. If both versions are found, it will return the minimum version of JUnit 4. If a minimumVersion is provided, the recipe will search to see if the minimum version of JUnit used by the project is no lower than the minimumVersion. For example: if the minimumVersion is 4, and the project has JUnit 4.12 and JUnit 5.7, the recipe will return JUnit 4.12. If the project has only JUnit 5.7, the recipe will return JUnit 5.7. Another example: if the minimumVersion is 5, and the project has JUnit 4.12 and JUnit 5.7, the recipe will not return any results.
  • org.openrewrite.java.dependencies.search.ModuleHasDependency
    • Module has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.java.dependencies.search.RepositoryHasDependency
    • Repository has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a repository with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use a springframework dependency, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.

org.openrewrite.recipe:rewrite-java-security

License: Moderne Proprietary License

33 recipes

  • org.openrewrite.csharp.dependencies.DependencyInsight
    • Dependency insight for C#
    • Finds dependencies in *.csproj and packages.config.
  • org.openrewrite.csharp.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable Nuget dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
  • org.openrewrite.csharp.dependencies.UpgradeDependencyVersion
    • Upgrade C# dependency versions
    • Upgrades dependencies in *.csproj and packages.config.
  • org.openrewrite.java.dependencies.AddExplicitTransitiveDependencies
    • Add explicit transitive dependencies
    • Detects when Java source code or configuration files reference types from transitive Maven dependencies and promotes those transitive dependencies to explicit direct dependencies in the pom.xml. This ensures the build is resilient against changes in transitive dependency trees of upstream libraries.
  • org.openrewrite.java.dependencies.DependencyLicenseCheck
    • Find licenses in use in third-party dependencies
    • Locates and reports on all licenses in use.
  • org.openrewrite.java.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Upgrades dependencies versioned according to Semantic Versioning. ## Customizing Vulnerability Data This recipe can be customized by extending DependencyVulnerabilityCheckBase and overriding the vulnerability data sources: - baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file using ResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. - supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods return List<Vulnerability> objects. Vulnerability data can be loaded from CSV files using ResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer) or constructed programmatically. To customize, extend DependencyVulnerabilityCheckBase and override one or both methods depending on your needs. For example, override supplementalVulnerabilities() to add custom CVEs while keeping the standard vulnerability database, or override baselineVulnerabilities() to use an entirely different vulnerability data source. Last updated: 2026-02-02T1114.
  • org.openrewrite.java.dependencies.RemoveUnusedDependencies
    • Remove unused dependencies
    • Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This is best effort and not guaranteed to work well in all cases; false positives are still possible. This recipe takes reflective access into account: - When reflective access to a class is made unambiguously via a string literal, such as: Class.forName("java.util.List") that is counted correctly. - When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: - When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
  • org.openrewrite.java.dependencies.SoftwareBillOfMaterials
    • Software bill of materials
    • Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
  • org.openrewrite.java.security.FindTextDirectionChanges
    • Find text-direction changes
    • Finds unicode control characters which can change the direction text is displayed in. These control characters can alter how source code is presented to a human reader without affecting its interpretation by tools like compilers. So a malicious patch could pass code review while introducing vulnerabilities. Note that text direction-changing unicode control characters aren't inherently malicious. These characters can appear for legitimate reasons in code written in or dealing with right-to-left languages. See: https://trojansource.codes/ for more information.
  • org.openrewrite.java.security.FixCwe338
    • Fix CWE-338 with SecureRandom
    • Use a cryptographically strong pseudo-random number generator (PRNG).
  • org.openrewrite.java.security.ImproperPrivilegeManagement
    • Improper privilege management
    • Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.
  • org.openrewrite.java.security.PartialPathTraversalVulnerability
    • Partial path traversal vulnerability
    • Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()). To demonstrate this vulnerability, consider "/usr/outnot".startsWith("/usr/out"). The check is bypassed although /outnot is not under the /out directory. It's important to understand that the terminating slash may be removed when using various String representations of the File object. For example, on Linux, println(new File("/var")) will print /var, but println(new File("/var", "/") will print /var/; however, println(new File("/var", "/").getCanonicalPath()) will print /var.
  • org.openrewrite.java.security.RegularExpressionDenialOfService
    • Regular Expression Denial of Service (ReDOS)
    • ReDoS is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). See the OWASP description of this attack here for more details.
  • org.openrewrite.java.security.SecureRandom
    • Secure random
    • Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of java.util.Random with java.security.SecureRandom.
  • org.openrewrite.java.security.SecureRandomPrefersDefaultSeed
    • SecureRandom seeds are not constant or predictable
    • Remove SecureRandom#setSeed(*) method invocations having constant or predictable arguments.
  • org.openrewrite.java.security.SecureTempFileCreation
    • Use secure temporary file creation
    • java.io.File.createTempFile() has exploitable default file permissions. This recipe migrates to the more secure java.nio.file.Files.createTempFile().
  • org.openrewrite.java.security.UseFilesCreateTempDirectory
    • Use Files#createTempDirectory
    • Use Files#createTempDirectory when the sequence File#createTempFile(..)->File#delete()->File#mkdir() is used for creating a temp directory.
  • org.openrewrite.java.security.XmlParserXXEVulnerability
    • XML parser XXE vulnerability
    • Avoid exposing dangerous features of the XML parser by updating certain factory settings.
  • org.openrewrite.java.security.ZipSlip
    • Zip slip
    • Zip slip is an arbitrary file overwrite critical vulnerability, which typically results in remote command execution. A fuller description of this vulnerability is available in the Snyk documentation on it.
  • org.openrewrite.java.security.marshalling.InsecureJmsDeserialization
    • Insecure JMS deserialization
    • JMS Object messages depend on Java Serialization for marshalling/unmarshalling of the message payload when ObjectMessage#getObject is called. Deserialization of untrusted data can lead to security flaws.
  • org.openrewrite.java.security.marshalling.SecureJacksonDefaultTyping
    • Secure the use of Jackson default typing
    • See the blog post on this subject.
  • org.openrewrite.java.security.marshalling.SecureSnakeYamlConstructor
    • Secure the use of SnakeYAML's constructor
    • See the paper on this subject.
  • org.openrewrite.java.security.search.FindSensitiveApiEndpoints
    • Find sensitive API endpoints
    • Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
  • org.openrewrite.java.security.secrets.FindJwtSecrets
    • Find JWT secrets
    • Locates JWTs stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSecretsByPattern
    • Find secrets with regular expressions
    • A secret is a literal that matches any one of the provided patterns.
  • org.openrewrite.java.security.secrets.FindSlackSecrets
    • Find Slack secrets
    • Locates Slack secrets stored in plain text in code.
  • org.openrewrite.java.security.servlet.CookieSetSecure
    • Insecure cookies
    • Check for use of insecure cookies. Cookies should be marked as secure. This ensures that the cookie is sent only over HTTPS to prevent cross-site scripting attacks.
  • org.openrewrite.java.security.spring.CsrfProtection
    • Enable CSRF attack prevention
    • Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. See the full OWASP cheatsheet.
  • org.openrewrite.java.security.spring.InsecureSpringServiceExporter
    • Secure Spring service exporters
    • The default Java deserialization mechanism is available via ObjectInputStream class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’s RemoteInvocationSerializingExporter uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least HttpInvokerServiceExporter and SimpleHttpInvokerServiceExporter that extend RemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.
  • org.openrewrite.java.security.spring.PreventClickjacking
    • Prevent clickjacking
    • The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
  • org.openrewrite.text.FindHardcodedLoopbackAddresses
    • Find hard-coded loopback IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from the loopback IP range. The loopback IP range includes 127.0.0.0 to 127.255.255.255. This detects the entire localhost/loopback subnet range, not just the commonly used 127.0.0.1.
  • org.openrewrite.text.FindHardcodedPrivateIPAddresses
    • Find hard-coded private IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from private IP ranges. Private IP ranges include: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 It is not detecting the localhost subnet 127.0.0.0 to 127.255.255.255.
  • org.openrewrite.text.RemoveHardcodedIPAddressesFromComments
    • Remove hard-coded IP addresses from comments
    • Removes hard-coded IPv4 addresses from comments when they match private IP ranges or loopback addresses. This targets IP addresses that are commented out in various comment formats: Private IP ranges: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 Loopback IP range: * 127.0.0.0 to 127.255.255.255 Supported comment formats: * C-style line comments (//) * C-style block comments (/* */) * Shell/Python style comments (#) * XML comments (<!-- -->) * YAML comments (#) * Properties file comments (# or !) For line comments, the entire line is removed. For block comments, only the IP address is removed.

org.openrewrite.recipe:rewrite-jenkins

License: Moderne Source Available License

10 recipes

org.openrewrite.recipe:rewrite-joda

License: Moderne Source Available License

1 recipe

org.openrewrite.recipe:rewrite-kubernetes

License: Moderne Proprietary License

18 recipes

org.openrewrite.recipe:rewrite-liberty

License: Apache License Version 2.0

6 recipes

org.openrewrite.recipe:rewrite-logging-frameworks

License: Moderne Source Available License

101 recipes

org.openrewrite.recipe:rewrite-micrometer

License: Moderne Source Available License

4 recipes

org.openrewrite.recipe:rewrite-micronaut

License: Apache License Version 2.0

19 recipes

org.openrewrite.recipe:rewrite-migrate-java

License: Moderne Source Available License

169 recipes

org.openrewrite.recipe:rewrite-netty

License: Apache License Version 2.0

4 recipes

org.openrewrite.recipe:rewrite-nodejs

License: Moderne Proprietary License

4 recipes

org.openrewrite.recipe:rewrite-openapi

License: Apache License Version 2.0

8 recipes

org.openrewrite.recipe:rewrite-prethink

License: Moderne Source Available License

25 recipes

  • io.moderne.prethink.ComprehendCode
    • Comprehend code with AI
    • Use an LLM to generate descriptions for classes and methods in the codebase. Descriptions are cached based on source code checksums to avoid regenerating descriptions for unchanged code.
  • io.moderne.prethink.ComprehendCodeTokenCounter
    • Estimate comprehension token usage
    • Estimate the input token counts that would be sent to an LLM for method comprehension, without actually calling a model. Uses OpenAI's tokenizer locally. Outputs to the MethodDescriptions table with blank descriptions.
  • io.moderne.prethink.ExtractCodingConventions
    • Extract coding conventions
    • Analyze the codebase to extract coding conventions including naming patterns, import organization, and documentation patterns.
  • io.moderne.prethink.ExtractDependencyUsage
    • Extract dependency usage patterns
    • Analyze the codebase to extract dependency usage patterns by examining which types from external libraries are actually used in the code.
  • io.moderne.prethink.ExtractErrorPatterns
    • Extract error handling patterns
    • Analyze the codebase to extract error handling patterns including exception types, handling strategies, and logging frameworks used.
  • io.moderne.prethink.FindTestCoverage
    • Find test coverage mapping
    • Map test methods to their corresponding implementation methods. Uses JavaType.Method matching to determine coverage relationships. Optionally generates AI summaries of what each test is verifying when LLM provider is configured.
  • io.moderne.prethink.UpdatePrethinkContextNoAiStarter
    • Update Prethink context (no AI)
    • Generate Moderne Prethink context files with architectural discovery, test coverage mapping, dependency inventory, and FINOS CALM architecture diagrams. This recipe does not require an LLM provider - use UpdatePrethinkContextStarter if you want AI-generated code comprehension and test summaries.
  • io.moderne.prethink.UpdatePrethinkContextStarter
    • Update Prethink context (with AI)
    • Generate Moderne Prethink context files with AI-generated code comprehension, test coverage mapping, dependency inventory, and FINOS CALM architecture diagrams. Maps tests to implementation methods and optionally generates AI summaries of what each test verifies when LLM provider is configured.
  • io.moderne.prethink.calm.FindCalmRelationships
    • Find CALM relationships
    • Discover method call relationships within the repository for building interaction diagrams. Captures all method-to-method calls between in-repo classes. Entity IDs are resolved by GenerateCalmArchitecture when building CALM relationships.
  • io.moderne.prethink.calm.FindDataAssets
    • Find data assets
    • Identify data assets including JPA entities, MongoDB documents, Java records, and DTOs in the application.
  • io.moderne.prethink.calm.FindDatabaseConnections
    • Find database connections
    • Identify database connections and data access patterns in the application. Detects JPA entities, Spring Data repositories, JDBC templates, and MyBatis mappers.
  • io.moderne.prethink.calm.FindDeploymentArtifacts
    • Find deployment artifacts
    • Identify deployment artifacts including Dockerfiles, docker-compose files, and Kubernetes manifests.
  • io.moderne.prethink.calm.FindExternalServiceCalls
    • Find external service calls
    • Identify outbound HTTP calls to external services. Detects RestTemplate, WebClient, Feign clients, Apache HttpClient, OkHttp, and JAX-RS clients.
  • io.moderne.prethink.calm.FindMessagingConnections
    • Find messaging connections
    • Identify message queue producers and consumers. Detects Kafka, RabbitMQ, JMS, Spring Cloud Stream, and AWS SQS messaging.
  • io.moderne.prethink.calm.FindProjectMetadata
    • Find project metadata
    • Extract project metadata (artifact ID, group ID, name, description) from Maven pom.xml files.
  • io.moderne.prethink.calm.FindSecurityConfiguration
    • Find security configuration
    • Identify security configurations including Spring Security, OAuth2, and CORS settings.
  • io.moderne.prethink.calm.FindServerConfiguration
    • Find server configuration
    • Extract server configuration (port, SSL, context path) from application.properties and application.yml files.
  • io.moderne.prethink.calm.FindServiceComponents
    • Find service components
    • Identify service layer components (@Service, @Component, @Named) in the application. Excludes controllers and repositories which are handled by dedicated recipes.
  • io.moderne.prethink.calm.FindServiceEndpoints
    • Find service endpoints
    • Identify all REST/HTTP service endpoints exposed by the application. Supports Spring MVC, JAX-RS, Micronaut, and Quarkus REST endpoints.
  • io.moderne.prethink.calm.GenerateCalmMermaidDiagram
    • Generate architecture mermaid diagram
    • Generate a markdown file with a mermaid architecture diagram from discovered service endpoints, database connections, external service calls, and messaging connections.
  • org.openrewrite.prethink.ExportContext
    • Export context files
    • Export DataTables to CSV files in .moderne/context/ along with a markdown description file. The markdown file describes the context and includes schema information for each data table.
  • org.openrewrite.prethink.UpdateAgentConfig
    • Update agent configuration files
    • Update coding agent configuration files (CLAUDE.md, .cursorrules, etc.) to include references to Moderne Prethink context files in .moderne/context/.
  • org.openrewrite.prethink.UpdateGitignore
    • Update .gitignore for Prethink context
    • Updates .gitignore to allow committing the .moderne/context/ directory while ignoring other files in .moderne/. Transforms .moderne/ into .moderne/* with an exception for !.moderne/context/.
  • org.openrewrite.prethink.UpdatePrethinkContext
    • Update Prethink context
    • Generate FINOS CALM architecture diagram and update agent configuration files. This recipe expects CALM-related data tables (ServiceEndpoints, DatabaseConnections, ExternalServiceCalls, MessagingConnections, etc.) to be populated by other recipes in a composite.
  • org.openrewrite.prethink.calm.GenerateCalmArchitecture
    • Generate CALM architecture
    • Generate a FINOS CALM (Common Architecture Language Model) JSON file from discovered service endpoints, database connections, external service calls, and messaging connections.

org.openrewrite.recipe:rewrite-quarkus

License: Apache License Version 2.0

17 recipes

org.openrewrite.recipe:rewrite-reactive-streams

License: Moderne Proprietary License

23 recipes

org.openrewrite.recipe:rewrite-rewrite

License: Moderne Source Available License

28 recipes

org.openrewrite.recipe:rewrite-spring

License: Moderne Source Available License

139 recipes

org.openrewrite.recipe:rewrite-spring-to-quarkus

License: Moderne Source Available License

7 recipes

org.openrewrite.recipe:rewrite-sql

License: Moderne Proprietary License

5 recipes

org.openrewrite.recipe:rewrite-static-analysis

License: Moderne Source Available License

163 recipes

org.openrewrite.recipe:rewrite-struts

License: Moderne Source Available License

7 recipes

org.openrewrite.recipe:rewrite-terraform

License: Moderne Proprietary License

4 recipes

org.openrewrite.recipe:rewrite-testing-frameworks

License: Moderne Source Available License

169 recipes

org.openrewrite.recipe:rewrite-third-party

License: Apache License Version 2.0

1428 recipes

org.openrewrite:rewrite-core

License: Apache License Version 2.0

28 recipes

  • org.openrewrite.AddToGitignore
    • Add entries to .gitignore
    • Adds entries to the project's .gitignore file. If no .gitignore file exists, one will be created. Existing entries that match will not be duplicated.
  • org.openrewrite.DeleteSourceFiles
    • Delete files
    • Delete files by source path.
  • org.openrewrite.ExcludeFileFromGitignore
    • Remove ignoral of files or directories from .gitignore
    • This recipe will remove a file or directory from the .gitignore file. If the file or directory is already in the .gitignore file, it will be removed or negated. If the file or directory is not in the .gitignore file, no action will be taken.
  • org.openrewrite.FindCollidingSourceFiles
    • Find colliding source files
    • Finds source files which share a path with another source file. There should always be exactly one source file per path within a repository. This is a diagnostic for finding problems in OpenRewrite parsers/build plugins.
  • org.openrewrite.FindDeserializationErrors
    • Find deserialization errors
    • Produces a data table collecting all deserialization errors of serialized LSTs.
  • org.openrewrite.FindGitProvenance
    • Show Git source control metadata
    • List out the contents of each unique GitProvenance marker in the set of source files. When everything is working correctly, exactly one such marker should be printed as all source files are expected to come from the same repository / branch / commit hash.
  • org.openrewrite.FindLstProvenance
    • Find LST provenance
    • Produces a data table showing what versions of OpenRewrite/Moderne tooling was used to produce a given LST.
  • org.openrewrite.FindParseFailures
    • Find source files with ParseExceptionResult markers
    • This recipe explores parse failures after an LST is produced for classifying the types of failures that can occur and prioritizing fixes according to the most common problems.
  • org.openrewrite.FindQuarks
    • Find instances of type Quark
    • Quark source files are pointers to the existence of a file without capturing any of the contents of the file.
  • org.openrewrite.FindSourceFiles
    • Find files
    • Find files by source path. Paths are always interpreted as relative to the repository root.
  • org.openrewrite.IsInRepository
    • Is in repository
    • A search recipe which marks files that are in a repository with one of the supplied names. Intended for use as a precondition for other recipes being run over many different repositories.
  • org.openrewrite.ListRuntimeClasspath
    • List runtime classpath
    • A diagnostic utility which emits the runtime classpath to a data table.
  • org.openrewrite.MoveFile
    • Move a file
    • Move a file to a different directory. The file name will remain the same.
  • org.openrewrite.RenameFile
    • Rename a file
    • Rename a file while keeping it in the same directory.
  • org.openrewrite.SetFilePermissions
    • Set file permission attributes
    • Set a file's read, write and executable permission attributes.
  • org.openrewrite.Singleton
    • Singleton
    • Used as a precondition to ensure that a recipe attempts to make changes only once. Accidentally including multiple copies/instances of the same large composite recipes is a common mistake. If those recipes are marked with this precondition the performance penalty is limited. This recipe does nothing useful run on its own. ## Usage in YAML recipes Add org.openrewrite.Singleton as a precondition: yaml --- type: specs.openrewrite.org/v1beta/recipe name: com.example.Append displayName: My recipe preconditions: - org.openrewrite.Singleton recipeList: - org.openrewrite.text.AppendToTextFile: relativeFileName: report.txt content: 'Recipe executed' ## Usage in Java recipes Wrap visitors with Singleton.singleton(this, visitor) to ensure only the first equivalent recipe instance makes changes: java @Override public TreeVisitor<?, ExecutionContext> getVisitor(Accumulator acc) \{ return singleton(this, new TreeVisitor<Tree, ExecutionContext>() \{ @Override public Tree visit(@Nullable Tree tree, ExecutionContext ctx) \{ // Your transformation logic return tree; \} \}); \} @Override public Collection<SourceFile> generate(Accumulator acc, ExecutionContext ctx) \{ if (!isSingleton(this, ctx)) \{ return Collections.emptyList(); \} // Generate new sources return results; \} @Override public TreeVisitor<?, ExecutionContext> getVisitor(Accumulator acc) \{ return singleton(this, new TreeVisitor<Tree, ExecutionContext>() \{ // Visitor logic \}); \} Note: Singleton status is determined by the recipe's equals() and hashCode() methods. If equivalent instances of a recipe are not considered singletons, ensure your recipe class correctly implements these methods. The easiest way is to use Lombok's @Value annotation on your recipe class, which automatically generates correct equals() and hashCode() implementations based on all fields.
  • org.openrewrite.search.FindBuildMetadata
    • Find build metadata
    • Find source files with matching build metadata.
  • org.openrewrite.search.FindCommitters
    • Find committers on repositories
    • List the committers on a repository.
  • org.openrewrite.search.FindParseToPrintInequality
    • Find parse to print inequality
    • OpenRewrite Parser implementations should produce SourceFile objects whose printAll() method should be byte-for-byte equivalent with the original source file. When this isn't true, recipes can still run on the SourceFile and even produce diffs, but the diffs would fail to apply as a patch to the original source file. Most Parser use Parser#requirePrintEqualsInput to produce a ParseError when they fail to produce a SourceFile that is print idempotent.
  • org.openrewrite.search.RepositoryContainsFile
    • Repository contains file
    • Intended to be used primarily as a precondition for other recipes, this recipe checks if a repository contains a specific file or files matching a pattern. If present all files in the repository are marked with a SearchResult marker. If you want to get only the matching file as a search result, use FindSourceFiles instead.
  • org.openrewrite.text.AppendToTextFile
    • Append to text file
    • Appends or replaces content of an existing plain text file, or creates a new one if it doesn't already exist. Please note that this recipes requires existing plain text files' format to be successfully parsable by OpenRewrite. If a file is left unchanged, it might be parsed as a Quark rather than plain text. In such case, use the plainTextMask option. See the Gradle or Maven plugin configuration page.
  • org.openrewrite.text.ChangeText
    • Change text
    • Completely replaces the contents of the text file with other text. Use together with a FindSourceFiles precondition to limit which files are changed.
  • org.openrewrite.text.CreateTextFile
    • Create text file
    • Creates a new plain text file.
  • org.openrewrite.text.EndOfLineAtEndOfFile
    • End of Line @ End of File (EOL @ EOF)
    • Ensure that the file ends with the newline character. Note: If this recipe modifies a file, it converts the file into plain text. As such, this recipe should be run after any recipe that modifies the language-specific LST.
  • org.openrewrite.text.Find
    • Find text
    • Textual search, optionally using Regular Expression (regex) to query.
  • org.openrewrite.text.FindAndReplace
    • Find and replace
    • Textual find and replace, optionally interpreting the search query as a Regular Expression (regex). When operating on source files that are language-specific Lossless Semantic Tree, such as Java or XML, this operation converts the source file to plain text for the rest of the recipe run. So if you are combining this recipe with language-specific recipes in a single recipe run put all the language-specific recipes before this recipe.
  • org.openrewrite.text.FindMultiselect
    • Experimental find text with multiselect
    • Search for text, treating all textual sources as plain text. This version of the recipe exists to experiment with multiselect recipe options.
  • org.openrewrite.text.RemoveByteOrderMark
    • Remove byte order mark (BOM)
    • Removes UTF-8 byte order marks from the beginning of files. The BOM character (U+FEFF) is generally unnecessary in UTF-8 files and can cause issues with some tools.

org.openrewrite:rewrite-csharp

License: Moderne Source Available License

570 recipes

org.openrewrite:rewrite-gradle

License: Apache License Version 2.0

52 recipes

org.openrewrite:rewrite-groovy

License: Apache License Version 2.0

4 recipes

org.openrewrite:rewrite-hcl

License: Apache License Version 2.0

11 recipes

org.openrewrite:rewrite-java

License: Apache License Version 2.0

96 recipes

org.openrewrite:rewrite-javascript

License: Moderne Source Available License

1 recipe

  • org.openrewrite.javascript.search.DependencyInsight
    • Node.js dependency insight
    • Find direct and transitive npm dependencies matching a package name pattern. Results include dependencies that either directly match or transitively include a matching dependency.

org.openrewrite:rewrite-json

License: Apache License Version 2.0

10 recipes

org.openrewrite:rewrite-kotlin

License: Apache License Version 2.0

11 recipes

  • org.openrewrite.kotlin.FindKotlinSources
    • Find Kotlin sources and collect data metrics
    • Use data table to collect source files types and counts of files with extensions .kt.
  • org.openrewrite.kotlin.OrderImports
    • Order Kotlin imports
    • Groups and orders import statements. If a style has been defined, this recipe will order the imports according to that style. If no style is detected, this recipe will default to ordering imports in the same way that IntelliJ IDEA does.
  • org.openrewrite.kotlin.RenameTypeAlias
    • Rename type alias
    • Change the name of a given type alias.
  • org.openrewrite.kotlin.cleanup.EqualsMethodUsage
    • Structural equality tests should use == or !=
    • In Kotlin, == means structural equality and != structural inequality and both map to the left-side term’s equals() function. It is, therefore, redundant to call equals() as a function. Also, == and != are more general than equals() and !equals() because it allows either of both operands to be null. Developers using equals() instead of == or != is often the result of adapting styles from other languages like Java, where == means reference equality and != means reference inequality. The == and != operators are a more concise and elegant way to test structural equality than calling a function.
  • org.openrewrite.kotlin.cleanup.ImplicitParameterInLambda
    • it shouldn't be used as a lambda parameter name
    • it is a special identifier that allows you to refer to the current parameter being passed to a lambda expression without explicitly naming the parameter. Lambda expressions are a concise way of writing anonymous functions. Many lambda expressions have only one parameter, when this is true the compiler can determine the parameter type by context. Thus when using it with single parameter lambda expressions, you do not need to declare the type.
  • org.openrewrite.kotlin.cleanup.RemoveLambdaArgumentParentheses
    • Remove method invocation parentheses around single lambda argument
    • For example, convert 1.let(\{ it + 1 \}) to 1.let \{ it + 1 \}.
  • org.openrewrite.kotlin.cleanup.RemoveTrailingComma
    • Remove trailing comma in Kotlin
    • Remove trailing commas in variable, parameter, and class property lists.
  • org.openrewrite.kotlin.cleanup.RemoveTrailingSemicolon
    • Remove unnecessary trailing semicolon
    • Some Java programmers may mistakenly add semicolons at the end when writing Kotlin code, but in reality, they are not necessary.
  • org.openrewrite.kotlin.cleanup.ReplaceCharToIntWithCode
    • Replace Char#toInt() with Char#code
    • Replace the usage of the deprecated Char#toInt() with Char#code. Please ensure that your Kotlin version is 1.5 or later to support the Char#code property. Note that the current implementation does not perform a Kotlin version check.
  • org.openrewrite.kotlin.cleanup.UnnecessaryTypeParentheses
    • Remove unnecessary parentheses on Kotlin types
    • In Kotlin, it's possible to add redundant nested parentheses in type definitions. This recipe is designed to remove those unnecessary parentheses.
  • org.openrewrite.kotlin.format.AutoFormat
    • Format Kotlin code
    • Format Kotlin code using a standard comprehensive set of Kotlin formatting recipes.

org.openrewrite:rewrite-maven

License: Apache License Version 2.0

78 recipes

org.openrewrite:rewrite-properties

License: Apache License Version 2.0

7 recipes

org.openrewrite:rewrite-toml

License: Apache License Version 2.0

10 recipes

org.openrewrite:rewrite-xml

License: Apache License Version 2.0

28 recipes

org.openrewrite:rewrite-yaml

License: Apache License Version 2.0

18 recipes

other

License: Unknown

1591 recipes