Skip to main content

All Recipes by Module

This doc contains all recipes grouped by their module.

Total recipes: 6131

io.moderne.recipe

recipes-code-quality

License: Moderne Proprietary License

408 recipes

recipes-migrate-dotnet

License: Moderne Proprietary License

148 recipes

recipes-tunit

License: Moderne Proprietary License

19 recipes

rewrite-ai

License: Moderne Proprietary License

3 recipes

  • io.moderne.ai.FindAgentsInUse
    • Find AI agents configuration files
    • Scans codebases to identify usage of AI agents by looking at the agent configuration files present in the repository.
  • io.moderne.ai.FindLibrariesInUse
    • Find AI libraries in use
    • Scans codebases to identify usage of AI services. Detects AI libraries across Java dependencies. Useful for auditing and understanding AI integration patterns.
  • io.moderne.ai.FindModelsInUse
    • Find AI models in use
    • Scans codebases to identify usage of Large Language Models (LLMs). Detects model references and configuration patterns across Java classes, properties files, YAML configs... Useful for identifying model usage.

rewrite-angular

License: Moderne Proprietary License

105 recipes

  • org.openrewrite.angular.UpgradeToAngular10
    • Upgrade to Angular 10
    • Migrates Angular 9.x applications to Angular 10. This includes removing the deprecated es5BrowserSupport option from angular.json, renaming deprecated validator/asyncValidator to their plural forms, renaming browserslist to .browserslistrc, migrating to solution-style tsconfig.json, and upgrading Angular, TypeScript, and related dependency versions.
  • org.openrewrite.angular.UpgradeToAngular11
    • Upgrade to Angular 11
    • Migrates Angular 10.x applications to Angular 11. This includes replacing ViewEncapsulation.Native with ViewEncapsulation.ShadowDom, removing the deprecated extractCss build option from angular.json, flagging deprecated string-based loadChildren and preserveQueryParams usage, and upgrading Angular, TypeScript, and related dependency versions.
  • org.openrewrite.angular.UpgradeToAngular12
    • Upgrade to Angular 12
    • Migrates Angular 11.x applications to Angular 12. This includes adding defaultConfiguration: "production" to build targets in angular.json, replacing node-sass with sass (Dart Sass), flagging deprecated async test helper and View Engine APIs, and upgrading Angular, TypeScript, and related dependency versions.
  • org.openrewrite.angular.UpgradeToAngular13
    • Upgrade to Angular 13
    • Migrates Angular 12.x applications to Angular 13. This includes updating tsconfig.json target to es2017, removing IE11 polyfills, removing defaultProject from angular.json, adding TestBed module teardown, simplifying ComponentFactoryResolver usage, and upgrading Angular, TypeScript, and related dependency versions.
  • org.openrewrite.angular.UpgradeToAngular14
    • Upgrade to Angular 14
    • Migrates Angular 13.x applications to Angular 14. This includes replacing form classes with their Untyped* equivalents for backward compatibility with typed forms, updating deprecated initialNavigation router option values, removing aotSummaries from TestBed calls, and flagging pathMatch properties that may need type narrowing.
  • org.openrewrite.angular.UpgradeToAngular15
    • Upgrade to Angular 15
    • Migrates Angular 14.x applications to Angular 15. This includes removing the relativeLinkResolution option from RouterModule.forRoot(), removing the enableIvy compiler option from tsconfig.json, flagging the deprecated DATE_PIPE_DEFAULT_TIMEZONE token and providedIn: NgModule/'any' usage, and upgrading Angular, TypeScript, and related dependency versions.
  • org.openrewrite.angular.UpgradeToAngular16
    • Upgrade to Angular 16
    • Migrates Angular 15.x applications to Angular 16. This includes removing entryComponents and moduleId from decorators, replacing RouterLinkWithHref with RouterLink, moving the XhrFactory import to @angular/common, and flagging removed APIs like ReflectiveInjector, renderModuleFactory, and BrowserTransferStateModule.
  • org.openrewrite.angular.UpgradeToAngular17
    • Upgrade to Angular 17
    • Migrates Angular 16.x applications to Angular 17. This includes updating Angular package versions, replacing legacy deep zone.js imports, flagging the removed withNoDomReuse and setupTestingRouter APIs, and upgrading TypeScript and zone.js dependencies.
  • org.openrewrite.angular.UpgradeToAngular18
    • Upgrade to Angular 18
    • Migrates Angular 17.x applications to Angular 18. This includes replacing the deprecated async test helper with waitForAsync, migrating HttpClientModule to provideHttpClient(), moving Transfer State APIs to @angular/core, and flagging removed platform APIs.
  • org.openrewrite.angular.UpgradeToAngular19
    • Upgrade to Angular 19
    • Migrates Angular 18.x applications to Angular 19. This includes updating Angular package versions, adjusting the standalone default, renaming ExperimentalPendingTasks to PendingTasks, moving the ApplicationConfig import to @angular/core, and updating zone.js.
  • org.openrewrite.angular.UpgradeToAngular20
    • Upgrade to Angular 20
    • Migrates Angular 19.x applications to Angular 20. This includes running the Angular 19 migration first, then updating Angular package versions, renaming experimental APIs promoted to stable, and upgrading TypeScript to 5.8.x.
  • org.openrewrite.angular.UpgradeToAngular21
    • Upgrade to Angular 21
    • Migrates Angular 20.x applications to Angular 21. This includes running the Angular 20 migration first, flagging Karma test runner usage for Vitest migration, deprecated NgClass, zone.js-dependent test helpers, and upgrading TypeScript to 5.9.x.
  • org.openrewrite.angular.UpgradeToAngular8
    • Upgrade to Angular 8
    • Migrates Angular 7.x applications to Angular 8. This includes adding the now-required static: false to @ViewChild and @ContentChild decorators, moving the DOCUMENT import from @angular/platform-browser to @angular/common, removing rxjs-compat and flagging any remaining RxJS 5-style imports, flagging removed @angular/http imports, converting deprecated string-based loadChildren to dynamic imports, and upgrading Angular, TypeScript, and related dependency versions.
  • org.openrewrite.angular.UpgradeToAngular9
    • Upgrade to Angular 9
    • Migrates Angular 8.x applications to Angular 9. This includes removing the now-default static: false from view query decorators, replacing TestBed.get() with TestBed.inject(), adding generic type parameters to ModuleWithProviders, enabling AOT compilation in angular.json, updating tsconfig.json module settings for Ivy, flagging removed View Engine APIs (Renderer, RenderComponentType, RootRenderer), and upgrading Angular, TypeScript, and related dependency versions.
  • org.openrewrite.angular.migration.add-default-configuration
    • Add defaultConfiguration to build targets
    • Adds "defaultConfiguration": "production" to build architect targets in angular.json. Angular 12 changed ng build to produce production bundles by default.
  • org.openrewrite.angular.migration.add-localize-polyfill
    • Add @angular/localize/init polyfill import
    • Adds import '@angular/localize/init' to polyfills.ts. Angular 9 introduced the $localize runtime API for i18n. Projects using internationalization must import this polyfill or the application will fail at runtime with $localize is not defined. The @angular/localize package must also be added as a dependency.
  • org.openrewrite.angular.migration.add-module-with-providers-generic
    • Add generic type to ModuleWithProviders
    • Adds the required generic type parameter to bare ModuleWithProviders return types. Angular 10 requires ModuleWithProviders<T> where T is the NgModule type. The module type is inferred from the ngModule property in the return statement.
  • org.openrewrite.angular.migration.add-static-false-to-view-queries
    • Add static: false to view queries
    • Adds static: false to @ViewChild and @ContentChild decorators that don't have the static property. Angular 8 requires an explicit static flag for view query decorators. Using static: false preserves the Angular 7 default behavior (queries resolved after change detection).
  • org.openrewrite.angular.migration.add-testbed-teardown
    • Add TestBed module teardown
    • Adds \{ teardown: \{ destroyAfterEach: true \} \} as the third argument to TestBed.initTestEnvironment() calls. Angular 13 changed the default teardown behavior, and this ensures explicit opt-in for module teardown after each test.
  • org.openrewrite.angular.migration.enable-aot-build
    • Enable AOT compilation in angular.json
    • Adds "aot": true to build options in angular.json. Angular 9 made AOT compilation the default, and projects upgrading from Angular 8 should enable it explicitly.
  • org.openrewrite.angular.migration.explicit-standalone-flag
    • Make standalone flag explicit
    • Adds standalone: false to non-standalone Angular components, directives, and pipes, and removes redundant standalone: true since it became the default in Angular 19.
  • org.openrewrite.angular.migration.migrate-constructor-to-inject
    • Migrate constructor injection to inject()
    • Converts constructor parameter properties in Angular classes to field declarations using the inject() function. For example, constructor(private svc: MyService) \{\} becomes private svc = inject(MyService);.
  • org.openrewrite.angular.migration.migrate-input-to-signal
    • Migrate @Input() to signal-based input()
    • Converts @Input() decorated properties in Angular classes to signal-based input() declarations. For example, @Input() name: string becomes name = input<string>(), and @Input(\{ required: true \}) name!: string becomes name = input.required<string>().
  • org.openrewrite.angular.migration.migrate-output-to-signal
    • Migrate @Output() to signal-based output()
    • Converts @Output() decorated properties using EventEmitter in Angular classes to signal-based output() declarations. For example, @Output() clicked = new EventEmitter<void>() becomes clicked = output<void>().
  • org.openrewrite.angular.migration.migrate-query-to-signal
    • Migrate query decorators to signal-based functions
    • Converts @ViewChild(), @ViewChildren(), @ContentChild(), and @ContentChildren() decorated properties to signal-based query functions. For example, @ViewChild('ref') el: ElementRef becomes el = viewChild<ElementRef>('ref').
  • org.openrewrite.angular.migration.migrate-to-solution-style-tsconfig
    • Migrate to solution-style tsconfig
    • Migrates a project to use a solution-style tsconfig.json. The original tsconfig.json content is moved to tsconfig.base.json (with project-specific fields removed), and tsconfig.json is replaced with a solution-style config that references the project's TypeScript configurations. Other tsconfig files that extend ./tsconfig.json are updated to extend ./tsconfig.base.json.
  • org.openrewrite.angular.migration.move-document-import
    • Move DOCUMENT import to @angular/core
    • Moves the DOCUMENT import from older Angular modules to @angular/core.
  • org.openrewrite.angular.migration.remove-aot-summaries
    • Remove aotSummaries from TestBed
    • Removes the aotSummaries property from TestBed.configureTestingModule() and TestBed.initTestEnvironment() calls. The aotSummaries parameter was removed in Angular 14 as it was only needed for the View Engine compiler.
  • org.openrewrite.angular.migration.remove-browser-module-with-server-transition
    • Remove BrowserModule.withServerTransition
    • Replaces BrowserModule.withServerTransition(\{ appId: '...' \}) with BrowserModule and adds \{ provide: APP_ID, useValue: '...' \} to the NgModule providers. The withServerTransition method was removed in Angular 19.
  • org.openrewrite.angular.migration.remove-component-factory-resolver
    • Remove ComponentFactoryResolver
    • Replaces resolver.resolveComponentFactory(Component) with just Component and removes the ComponentFactoryResolver import. Since Ivy, ViewContainerRef.createComponent accepts the component class directly. ComponentFactoryResolver was deprecated in Angular 13 and removed in Angular 16.
  • org.openrewrite.angular.migration.remove-default-project
    • Remove defaultProject from angular.json
    • Removes the deprecated defaultProject property from angular.json. The defaultProject option was deprecated in Angular 13 and the CLI infers the default project from the workspace.
  • org.openrewrite.angular.migration.remove-empty-ng-on-init
    • Remove empty ngOnInit lifecycle hooks
    • Removes empty ngOnInit lifecycle hook methods and OnInit interface from Angular components.
  • org.openrewrite.angular.migration.remove-enable-ivy
    • Remove enableIvy compiler option
    • Removes the enableIvy option from angularCompilerOptions in tsconfig.json. Ivy is the only rendering engine since Angular 12, and the option was removed in Angular 15.
  • org.openrewrite.angular.migration.remove-entry-components
    • Remove entryComponents
    • Removes the entryComponents property from @NgModule and @Component decorators, and removes the ANALYZE_FOR_ENTRY_COMPONENTS import. These were removed in Angular 16 as they served no purpose since Ivy.
  • org.openrewrite.angular.migration.remove-es5-browser-support
    • Remove es5BrowserSupport from angular.json
    • Removes the deprecated es5BrowserSupport option from angular.json. es5BrowserSupport was deprecated in Angular 7.3 and removed in Angular 10. Differential loading is now handled automatically by the Angular CLI based on the project's browserslist configuration.
  • org.openrewrite.angular.migration.remove-extract-css
    • Remove extractCss from angular.json
    • Removes the deprecated extractCss build option from angular.json. In Angular 11, CSS extraction became the default behavior for production builds and the option was deprecated.
  • org.openrewrite.angular.migration.remove-ie-polyfills
    • Remove IE11 polyfills
    • Removes IE11-specific polyfill imports (core-js, classlist.js, web-animations-js) from polyfills.ts and angular.json. Angular 13 dropped IE11 support, making these polyfills unnecessary.
  • org.openrewrite.angular.migration.remove-module-id
    • Remove moduleId
    • Removes the moduleId property from @Component and @Directive decorators. moduleId was deprecated in Angular 16 and removed in Angular 17 as it served no purpose since Ivy.
  • org.openrewrite.angular.migration.remove-relative-link-resolution
    • Remove relativeLinkResolution
    • Removes the relativeLinkResolution option from RouterModule.forRoot() calls. This option was deprecated in Angular 14 and removed in Angular 15.
  • org.openrewrite.angular.migration.remove-standalone-true
    • Remove redundant standalone: true
    • Removes the standalone: true property from Angular component, directive, and pipe decorators since standalone is the default in Angular 19+.
  • org.openrewrite.angular.migration.remove-static-false
    • Remove static: false from view queries
    • Removes static: false from @ViewChild, @ContentChild, @ViewChildren, and @ContentChildren decorators. In Angular 9 with Ivy, static: false became the default behavior, making the explicit option unnecessary.
  • org.openrewrite.angular.migration.remove-zone-js-polyfill
    • Remove zone.js polyfill from angular.json
    • Removes zone.js entries from the polyfills array in angular.json. Angular 20 supports zoneless change detection via provideZonelessChangeDetection(), making the zone.js polyfill unnecessary.
  • org.openrewrite.angular.migration.rename-after-render
    • Rename afterRender to afterEveryRender
    • Renames afterRender to afterEveryRender in imports and usages. The afterRender function was renamed to afterEveryRender in Angular 20, and Angular provides no migration schematic for this change.
  • org.openrewrite.angular.migration.rename-check-no-changes
    • Rename provideExperimentalCheckNoChangesForDebug to provideCheckNoChangesForDebug
    • Renames provideExperimentalCheckNoChangesForDebug to provideCheckNoChangesForDebug in imports and usages. The experimental API was promoted to developer preview in Angular 20.
  • org.openrewrite.angular.migration.rename-file
    • Rename file
    • Renames files matching a glob pattern to a new file name, preserving the directory.
  • org.openrewrite.angular.migration.rename-pending-tasks
    • Rename ExperimentalPendingTasks to PendingTasks
    • Renames ExperimentalPendingTasks to PendingTasks in imports and usages. ExperimentalPendingTasks was renamed in Angular 19.
  • org.openrewrite.angular.migration.rename-zoneless-provider
    • Rename provideExperimentalZonelessChangeDetection to provideZonelessChangeDetection
    • Renames provideExperimentalZonelessChangeDetection to provideZonelessChangeDetection in imports and usages. The experimental API was promoted to developer preview in Angular 20.
  • org.openrewrite.angular.migration.replace-async-with-wait-for-async
    • Replace async with waitForAsync
    • Replaces the removed async test helper from @angular/core/testing with waitForAsync. The async function was deprecated in Angular 11 and removed in Angular 18.
  • org.openrewrite.angular.migration.replace-deep-zone-js-imports
    • Replace deep zone.js imports
    • Replaces legacy deep imports from zone.js such as zone.js/dist/zone or zone.js/bundles/zone-testing.js with the standard zone.js or zone.js/testing imports, in both TypeScript files and angular.json polyfills. Deep imports are no longer allowed in Angular 17.
  • org.openrewrite.angular.migration.replace-http-client-module
    • Replace HttpClientModule with provideHttpClient()
    • Replaces deprecated HttpClientModule, HttpClientJsonpModule, HttpClientXsrfModule, and HttpClientTestingModule with their functional equivalents: provideHttpClient() with feature functions and provideHttpClientTesting().
  • org.openrewrite.angular.migration.replace-initial-navigation
    • Replace initialNavigation option values
    • Replaces deprecated initialNavigation router option values: 'legacy_enabled' and true become 'enabledBlocking', 'legacy_disabled' and false become 'disabled', and 'enabled' becomes 'enabledNonBlocking'. The legacy values were removed in Angular 11; 'enabled' was renamed in Angular 14.
  • org.openrewrite.angular.migration.replace-inject-flags
    • Replace InjectFlags with options object
    • Replaces deprecated InjectFlags enum usage in inject() calls with the corresponding options object. For example, inject(MyService, InjectFlags.Optional) becomes inject(MyService, \{ optional: true \}).
  • org.openrewrite.angular.migration.replace-load-children-string
    • Replace string-based loadChildren with dynamic import()
    • Converts the deprecated string-based loadChildren: 'path#Module' syntax to dynamic imports: loadChildren: () => import('path').then(m => m.Module).
  • org.openrewrite.angular.migration.replace-node-sass-with-sass
    • Replace node-sass with sass
    • Replaces the deprecated node-sass package with sass (Dart Sass). Angular 12 requires Dart Sass; node-sass is no longer supported.
  • org.openrewrite.angular.migration.replace-router-link-with-href
    • Replace RouterLinkWithHref with RouterLink
    • Replaces RouterLinkWithHref with RouterLink in imports and usages. RouterLinkWithHref was merged into RouterLink in Angular 16.
  • org.openrewrite.angular.migration.replace-testbed-get-with-inject
    • Replace TestBed.get() with TestBed.inject()
    • Replaces deprecated TestBed.get() calls with TestBed.inject(). TestBed.get() was deprecated in Angular 9 and removed in Angular 13.
  • org.openrewrite.angular.migration.replace-untyped-forms
    • Replace form classes with untyped variants
    • Renames FormControl, FormGroup, FormArray, and FormBuilder to their Untyped* equivalents in imports and usages. Angular 14 introduced strictly typed forms, requiring existing untyped usages to migrate to the Untyped* aliases.
  • org.openrewrite.angular.migration.replace-validator-with-validators
    • Replace validator/asyncValidator with plural forms
    • Renames the deprecated singular validator and asyncValidator property names to validators and asyncValidators (plural). Angular 10 deprecated the singular forms in favor of AbstractControlOptions.
  • org.openrewrite.angular.migration.replace-view-encapsulation-native
    • Replace ViewEncapsulation.Native with ViewEncapsulation.ShadowDom
    • Replaces ViewEncapsulation.Native with ViewEncapsulation.ShadowDom. ViewEncapsulation.Native was deprecated in Angular 6 and removed in Angular 11.
  • org.openrewrite.angular.migration.update-component-template-url
    • Update component templateUrl
    • Updates the templateUrl property value in Angular @Component decorators. Useful for refactoring template file paths or standardizing path conventions.
  • org.openrewrite.angular.migration.update-tsconfig-module
    • Update tsconfig.json module settings for Ivy
    • Updates compilerOptions.module to esnext and compilerOptions.moduleResolution to node in tsconfig.json. Angular 9's Ivy compiler requires ES module format. Already-current values like es2020, node16, nodenext, or bundler are left unchanged.
  • org.openrewrite.angular.migration.update-tsconfig-target
    • Update tsconfig.json target to es2017
    • Updates the compilerOptions.target in tsconfig.json from es5, es2015, or es2016 to es2017. Angular 13 dropped IE11 support and requires at least ES2017.
  • org.openrewrite.angular.search.FindAngularComponent
    • Find Angular component
    • Locates usages of Angular components across the codebase including template elements and other references. If componentName is null, finds all Angular components.
  • org.openrewrite.angular.search.find-analyze-for-entry-components-usage
    • Find deprecated ANALYZE_FOR_ENTRY_COMPONENTS usage
    • Finds usages of the deprecated ANALYZE_FOR_ENTRY_COMPONENTS injection token from @angular/core. ANALYZE_FOR_ENTRY_COMPONENTS was deprecated in Angular 9 and removed in Angular 13.
  • org.openrewrite.angular.search.find-angular-decorator
    • Find Angular decorators
    • Finds all Angular decorators like @Component, @Directive, @Injectable, etc.
  • org.openrewrite.angular.search.find-angular-http-usage
    • Find removed @angular/http usage
    • Finds imports from the @angular/http module, which was deprecated in Angular 5 and removed in Angular 8. Use @angular/common/http (HttpClient, HttpClientModule) instead.
  • org.openrewrite.angular.search.find-animation-driver-matches-element
    • Find AnimationDriver.matchesElement usage
    • Finds imports of AnimationDriver from @angular/animations/browser, which had its matchesElement method removed in Angular 18.
  • org.openrewrite.angular.search.find-async-test-helper-usage
    • Find deprecated async test helper usage
    • Finds usages of the deprecated async test helper from @angular/core/testing. The async function was deprecated in Angular 11 and should be replaced with waitForAsync.
  • org.openrewrite.angular.search.find-bare-module-with-providers
    • Find ModuleWithProviders without generic type
    • Finds imports of ModuleWithProviders from @angular/core. Starting in Angular 10, ModuleWithProviders requires a generic type parameter (e.g. ModuleWithProviders<MyModule>). Ensure all usages specify the module type.
  • org.openrewrite.angular.search.find-browser-transfer-state-module-usage
    • Find BrowserTransferStateModule usage
    • Finds usages of BrowserTransferStateModule from @angular/platform-browser which was removed in Angular 16. TransferState can be used directly without this module.
  • org.openrewrite.angular.search.find-common-module-usage
    • Find CommonModule usage
    • Finds imports of CommonModule from @angular/common. Since Angular 19, standalone components are the default and CommonModule is no longer needed in component imports arrays. Built-in directives and pipes are available automatically.
  • org.openrewrite.angular.search.find-compiler-factory-usage
    • Find View Engine API usage
    • Finds usages of View Engine APIs from @angular/core (CompilerFactory, Compiler, CompilerOptions, ModuleWithComponentFactories, NgModuleFactory, NgModuleFactoryLoader) which were deprecated in Angular 13.
  • org.openrewrite.angular.search.find-date-pipe-default-timezone-usage
    • Find DATE_PIPE_DEFAULT_TIMEZONE usage
    • Finds usages of DATE_PIPE_DEFAULT_TIMEZONE which was deprecated in Angular 15. Use DATE_PIPE_DEFAULT_OPTIONS with a \{timezone: '...'\} object value instead.
  • org.openrewrite.angular.search.find-effect-timing-usage
    • Find effect() usage affected by Angular 19 timing changes
    • Finds effect() calls from @angular/core. In Angular 19, effects triggered outside change detection now run as part of the change detection process instead of as a microtask, and effects triggered during change detection run earlier, before the component's template.
  • org.openrewrite.angular.search.find-empty-projectable-nodes
    • Find createComponent calls with empty projectableNodes
    • Finds createComponent() calls that pass empty arrays in projectableNodes. In Angular 19, passing an empty array now renders the default ng-content fallback content. To suppress fallback content, pass [document.createTextNode('')] instead.
  • org.openrewrite.angular.search.find-fake-async-usage
    • Find zone.js-dependent test helper usage
    • Finds fakeAsync(), tick(), and waitForAsync() calls from @angular/core/testing. These zone.js-dependent test helpers are incompatible with Vitest, the default test runner in Angular 21. Migrate to native async/await patterns instead.
  • org.openrewrite.angular.search.find-hammer-js-usage
    • Find HammerJS usage
    • Finds HammerModule imports and HammerJS references. Angular has deprecated HammerJS support and it will be removed in Angular 21.
  • org.openrewrite.angular.search.find-i18n-usage
    • Find i18n usage
    • Finds i18n usage indicators: legacy i18n configuration in angular.json (i18nLocale, i18nFile, i18nFormat, i18nMissingTranslation), $localize tagged template literals, and @angular/localize imports. Projects with these markers need @angular/localize installed and import '@angular/localize/init' in polyfills.ts for Angular 9+.
  • org.openrewrite.angular.search.find-karma-usage
    • Find Karma test runner usage
    • Finds Karma test runner configuration in package.json dependencies and angular.json test builder. Angular 21 replaces Karma with Vitest as the default test runner.
  • org.openrewrite.angular.search.find-load-children-string-usage
    • Find deprecated string-based loadChildren usage
    • Finds usages of the deprecated string-based loadChildren syntax (e.g. loadChildren: './path/to/module#ModuleName'). String-based lazy loading was deprecated in Angular 8 and removed in Angular 11. Use dynamic imports instead: loadChildren: () => import('./path/to/module').then(m => m.ModuleName).
  • org.openrewrite.angular.search.find-missing-injectable
    • Find classes with DI dependencies but missing @Injectable()
    • Finds classes that have constructor parameters (suggesting dependency injection) but lack an @Injectable() or other Angular class-level decorator. Angular 9 with Ivy requires an explicit @Injectable() decorator for all services that use dependency injection.
  • org.openrewrite.angular.search.find-ng-class-usage
    • Find NgClass usage
    • Finds imports of NgClass from @angular/common. The ngClass directive is soft deprecated in Angular 21 in favor of native [class.*] bindings.
  • org.openrewrite.angular.search.find-ng-style-usage
    • Find NgStyle usage
    • Finds imports of NgStyle from @angular/common. The ngStyle directive is soft deprecated in Angular 21 in favor of native [style.*] bindings.
  • org.openrewrite.angular.search.find-path-match-type-usage
    • Find pathMatch route properties that may need type narrowing
    • Finds pathMatch property assignments in route configurations. In Angular 14, the pathMatch type was narrowed from string to 'full' | 'prefix'. Routes defined as plain objects without explicit Route or Routes typing may fail type checking.
  • org.openrewrite.angular.search.find-platform-dynamic-server-usage
    • Find platformDynamicServer usage
    • Finds usages of the removed platformDynamicServer API from @angular/platform-server. In Angular 18, replace with platformServer and add import '@angular/compiler'.
  • org.openrewrite.angular.search.find-platform-webworker-usage
    • Find removed @angular/platform-webworker usage
    • Finds imports from @angular/platform-webworker and @angular/platform-webworker-dynamic, which were removed in Angular 8 with no direct replacement.
  • org.openrewrite.angular.search.find-platform-worker-usage
    • Find isPlatformWorkerUi and isPlatformWorkerApp usage
    • Finds usages of the removed isPlatformWorkerUi and isPlatformWorkerApp APIs from @angular/common. These were removed in Angular 18 with no replacement, as they served no purpose since the removal of the WebWorker platform.
  • org.openrewrite.angular.search.find-preserve-fragment-usage
    • Find deprecated preserveFragment usage
    • Finds usages of the deprecated preserveFragment navigation option. preserveFragment was deprecated in Angular 4 and removed in Angular 11. Fragments are now preserved by default.
  • org.openrewrite.angular.search.find-preserve-query-params-usage
    • Find deprecated preserveQueryParams usage
    • Finds usages of the deprecated preserveQueryParams navigation option. preserveQueryParams was deprecated in Angular 4 and removed in Angular 11. Use queryParamsHandling: 'preserve' instead.
  • org.openrewrite.angular.search.find-provided-in-deprecated-usage
    • Find deprecated providedIn values
    • Finds usages of providedIn: 'any' and providedIn: NgModule in @Injectable and InjectionToken declarations. These were deprecated in Angular 15. Use providedIn: 'root' or add the service to NgModule.providers instead.
  • org.openrewrite.angular.search.find-reflective-injector-usage
    • Find ReflectiveInjector usage
    • Finds usages of ReflectiveInjector which was removed in Angular 16. Use Injector.create as a replacement.
  • org.openrewrite.angular.search.find-render-application-usage
    • Find renderApplication usage
    • Finds usages of renderApplication from @angular/platform-server. In Angular 16 the signature changed: it no longer accepts a root component as the first argument. Use a bootstrapping function that returns Promise<ApplicationRef> instead.
  • org.openrewrite.angular.search.find-render-component-type-usage
    • Find deprecated RenderComponentType usage
    • Finds imports of the deprecated RenderComponentType from @angular/core. RenderComponentType was part of the View Engine API, deprecated in Angular 4, and removed in Angular 9.
  • org.openrewrite.angular.search.find-render-module-factory-usage
    • Find renderModuleFactory usage
    • Finds usages of renderModuleFactory from @angular/platform-server which was removed in Angular 16. Use renderModule instead.
  • org.openrewrite.angular.search.find-renderer-usage
    • Find deprecated Renderer usage
    • Finds imports of the deprecated Renderer from @angular/core. Renderer was deprecated in Angular 4 and removed in Angular 9. Users should use Renderer2 instead.
  • org.openrewrite.angular.search.find-resource-cache-provider-usage
    • Find RESOURCE_CACHE_PROVIDER usage
    • Finds usages of the removed RESOURCE_CACHE_PROVIDER from @angular/platform-browser-dynamic. This unused API was removed in Angular 18.
  • org.openrewrite.angular.search.find-root-renderer-usage
    • Find deprecated RootRenderer usage
    • Finds imports of the deprecated RootRenderer from @angular/core. RootRenderer was part of the View Engine API, deprecated in Angular 4, and removed in Angular 9. Use RendererFactory2 instead.
  • org.openrewrite.angular.search.find-rxjs-compat-usage
    • Find RxJS 5-style imports requiring rxjs-compat
    • Finds imports using RxJS 5-style deep import paths (e.g. rxjs/Observable, rxjs/add/operator/map) that require the rxjs-compat package. These should be migrated to RxJS 6+ import paths before removing rxjs-compat.
  • org.openrewrite.angular.search.find-server-transfer-state-module-usage
    • Find ServerTransferStateModule usage
    • Finds usages of the removed ServerTransferStateModule from @angular/platform-server. In Angular 18, TransferState works without providing this module.
  • org.openrewrite.angular.search.find-setup-testing-router-usage
    • Find setupTestingRouter usage
    • Finds usages of the removed setupTestingRouter function from @angular/router/testing. This function was removed in Angular 17. Use RouterModule.forRoot or provideRouter to set up the Router for tests instead.
  • org.openrewrite.angular.search.find-testability-pending-request-usage
    • Find removed Testability pending request methods
    • Finds imports of Testability from @angular/core, which had increasePendingRequestCount, decreasePendingRequestCount, and getPendingRequestCount removed in Angular 18. These are now tracked with zones.
  • org.openrewrite.angular.search.find-undecorated-angular-class
    • Find undecorated classes with Angular features
    • Finds classes that use Angular member decorators (@Input, @Output, @ViewChild, etc.) or implement lifecycle hooks (ngOnInit, ngOnDestroy, etc.) but lack a class-level Angular decorator. Angular 9 with Ivy requires all classes using Angular features to have an explicit decorator.
  • org.openrewrite.angular.search.find-with-no-dom-reuse-usage
    • Find withNoDomReuse usage
    • Finds usages of the removed withNoDomReuse function from @angular/platform-browser. This function was removed in Angular 17. To disable hydration, remove the provideClientHydration() call from your providers or use the ngSkipHydration attribute on specific components.
  • org.openrewrite.angular.search.find-wrapped-value-usage
    • Find deprecated WrappedValue usage
    • Finds usages of the deprecated WrappedValue from @angular/core. WrappedValue was deprecated in Angular 11 and removed in Angular 13.
  • org.openrewrite.angular.search.find-zone-js-usage
    • Find zone.js usage
    • Finds zone.js imports and NgZone references. Angular 20 supports zoneless change detection via provideZonelessChangeDetection(), making zone.js optional.

rewrite-cryptography

License: Moderne Proprietary License

17 recipes

  • io.moderne.cryptography.FindCryptoVulnerabilitiesPipeline
    • Find cryptographic vulnerability chains
    • Detects cryptographic vulnerabilities that span multiple operations, tracking flow from hardcoded algorithms through key material to encryption operations.
  • io.moderne.cryptography.FindDirectSSLConfigurationEditing
    • Find direct SSL configuration editing
    • Detects direct configuration of protocols or cipher suites on SSL objects like SSLSocket, SSLServerSocket, or SSLEngine. This pattern makes SSL/TLS configuration scattered throughout the codebase and prevents centralized security policy management, hindering crypto-agility.
  • io.moderne.cryptography.FindHardcodedAlgorithmChoice
    • Find hardcoded algorithm choices
    • Detects hardcoded algorithm choices in cryptographic operations. Hardcoded algorithms prevent easy migration to stronger or quantum-resistant algorithms when needed. This is a critical crypto-agility issue that makes systems vulnerable to future attacks.
  • io.moderne.cryptography.FindHardcodedAlgorithmParameters
    • Find hardcoded algorithm-specific parameters
    • Detects hardcoded algorithm-specific parameters like RSA public exponents or EC curve parameters. These hardcoded values prevent algorithm agility and may use weak or non-standard parameters that compromise security.
  • io.moderne.cryptography.FindHardcodedCertificate
    • Find hardcoded certificates
    • Detects hardcoded certificates in the code, including certificates that are hardcoded as strings and used to generate X509Certificate instances via CertificateFactory. Hardcoded certificates can lead to security issues when they expire or need to be revoked.
  • io.moderne.cryptography.FindHardcodedCiphersuiteChoice
    • Find hardcoded cipher suite choices
    • Detects hardcoded cipher suite choices used in SSL/TLS configurations. Hardcoded cipher suites prevent easy updates when cipher suites become weak or need to be changed for compliance reasons.
  • io.moderne.cryptography.FindHardcodedKeyLength
    • Find hardcoded cryptographic key lengths
    • Detects hardcoded key lengths used in cryptographic operations like KeyGenerator.init(), KeyPairGenerator.initialize(), RSAKeyGenParameterSpec, and PBEKeySpec. Hardcoded key lengths reduce flexibility and may not meet changing security requirements.
  • io.moderne.cryptography.FindHardcodedPrivateKey
    • Find hardcoded private keys
    • Detects hardcoded private keys in the code, including PEM-encoded keys that flow into KeyFactory.generatePrivate() calls. Hardcoded private keys are a severe security vulnerability as they compromise the entire cryptographic system.
  • io.moderne.cryptography.FindHardcodedProtocolChoice
    • Find hardcoded SSL/TLS protocol choices
    • Detects hardcoded SSL/TLS protocol choices like 'TLSv1.2', 'SSLv3' used in SSLContext.getInstance() and setProtocols() calls. Hardcoded protocols prevent easy updates when protocols become obsolete or insecure.
  • io.moderne.cryptography.FindHardcodedProviderName
    • Find hardcoded cryptographic provider names
    • Detects hardcoded cryptographic provider names (like 'BC', 'SunJCE') used in getInstance() calls. Hardcoding provider names reduces portability and can cause issues when the provider is not available on different systems.
  • io.moderne.cryptography.FindProgrammaticProviderEditing
    • Find programmatic security provider editing
    • Detects programmatic modifications to the Java Security Provider list through Security.addProvider(), insertProviderAt(), or removeProvider() calls. Modifying providers at runtime makes the security configuration unpredictable and prevents crypto-agility by hardcoding provider dependencies.
  • io.moderne.cryptography.FindRSAKeyGenParameters
    • Find RSA key generation parameters
    • Finds RSAKeyGenParameterSpec instantiations and extracts their parameter values into a data table.
  • io.moderne.cryptography.FindSSLContextSetDefault
    • Find SSLContext.setDefault() usage
    • Detects calls to SSLContext.setDefault() which sets the system-wide default SSL context. This is problematic because it affects all SSL/TLS connections in the JVM, potentially overriding security configurations set by other parts of the application or libraries. It also prevents crypto-agility as the configuration becomes global.
  • io.moderne.cryptography.FindSSLSocketParameters
    • Find SSL socket configuration parameters
    • Finds SSLSocket setter method invocations and extracts their parameter values into a data table.
  • io.moderne.cryptography.FindSecurityModifications
    • Find Security class modifications
    • Finds invocations of java.security.Security methods that modify security configuration such as removeProvider, addProvider, insertProviderAt, setProperty, and removeProperty.
  • io.moderne.cryptography.FindSecuritySetProperties
    • Find Security.setProperty(..) calls for certain properties
    • There is a defined set of properties that should not be set using Security.setProperty(..) as they can lead to security vulnerabilities.
  • io.moderne.cryptography.PostQuantumCryptography
    • Post quantum cryptography
    • This recipe searches for instances in code that may be impacted by post quantum cryptography. Applications may need to support larger key sizes, different algorithms, or use crypto agility to handle the migration. The recipe includes detection of hardcoded values that affect behavior in a post-quantum world, programmatic configuration that may prevent algorithm changes, and general cryptographic usage patterns that should be reviewed.

rewrite-devcenter

License: Moderne Source Available License

31 recipes

rewrite-dropwizard

License: Moderne Proprietary License

21 recipes

rewrite-elastic

License: Moderne Proprietary License

11 recipes

  • io.moderne.elastic.elastic9.ChangeApiNumericFieldType
    • Change numeric field type with conversion
    • Adds conversion methods with null checks for numeric type changes in Elasticsearch 9 API.
  • io.moderne.elastic.elastic9.ChangeApiNumericFieldTypes
    • Change numeric field types for Elasticsearch 9
    • Handles changes between different numeric types (Long to Integer, int to Long...) in Elasticsearch 9 API responses by adding appropriate conversion methods with null checks.
  • io.moderne.elastic.elastic9.MigrateDenseVectorElementType
    • Migrate DenseVectorProperty.elementType from String to DenseVectorElementType enum
    • In Elasticsearch 9, DenseVectorProperty.elementType() returns DenseVectorElementType enum instead of String, and the builder method elementType(String) now accepts the enum type. This recipe handles both builder calls and getter calls.
  • io.moderne.elastic.elastic9.MigrateDenseVectorSimilarity
    • Migrate DenseVectorProperty.similarity from String to DenseVectorSimilarity enum
    • In Elasticsearch 9, DenseVectorProperty.similarity() returns DenseVectorSimilarity enum instead of String, and the builder method similarity(String) now accepts the enum type. This recipe handles both builder calls and getter calls.
  • io.moderne.elastic.elastic9.MigrateMatchedQueries
    • Migrate matchedQueries from List to Map
    • In Elasticsearch Java Client 9.0, Hit.matchedQueries() changed from returning List<String> to Map<String, Double>. This recipe migrates the usage by adding .keySet() for iterations and using new ArrayList<>(result.keySet()) for assignments.
  • io.moderne.elastic.elastic9.MigrateScriptSource
    • Migrate script source from String to Script/ScriptSource
    • Migrates Script.source(String) calls to use ScriptSource.scriptString(String) wrapper in Elasticsearch Java client 9.x.
  • io.moderne.elastic.elastic9.MigrateSpanTermQueryValue
    • Migrate SpanTermQuery.value() from String to FieldValue
    • In Elasticsearch 9, SpanTermQuery.value() returns a FieldValue instead of String. This recipe updates calls to handle the new return type by checking if it's a string and extracting the string value.
  • io.moderne.elastic.elastic9.MigrateToElasticsearch9
    • Migrate from Elasticsearch 8 to 9
    • This recipe performs a comprehensive migration from Elasticsearch 8 to Elasticsearch 9, addressing breaking changes, API removals, deprecations, and required code modifications.
  • io.moderne.elastic.elastic9.RenameApiField
    • Rename Elasticsearch valueBody() methods
    • In Elasticsearch Java Client 9.0, the generic valueBody() method and valueBody(...) builder methods have been replaced with specific getter and setter methods that better reflect the type of data being returned. Similarly, for GetRepositoryResponse, the result field also got altered to repositories.
  • io.moderne.elastic.elastic9.RenameApiFields
    • Rename API fields for Elasticsearch 9
    • Renames various API response fields from valueBody to align with Elasticsearch 9 specifications.
  • io.moderne.elastic.elastic9.UseNamedValueParameters
    • Use NamedValue parameters instead of Map
    • Migrates indicesBoost and dynamicTemplates parameters from Map to NamedValue in Elasticsearch Java client 9.x.

rewrite-hibernate

License: Moderne Proprietary License

38 recipes

rewrite-jasperreports

License: Moderne Proprietary License

6 recipes

rewrite-java-application-server

License: Moderne Proprietary License

17 recipes

rewrite-kafka

License: Moderne Proprietary License

32 recipes

  • io.moderne.kafka.MigrateAdminListConsumerGroups
    • Migrate Admin.listConsumerGroups() to listGroups()
    • Migrates the deprecated Admin.listConsumerGroups() method to listGroups() and updates related types for Kafka 4.1 compatibility.
  • io.moderne.kafka.MigrateAlterConfigsToIncrementalAlterConfigs
    • Migrate AdminClient.alterConfigs() to incrementalAlterConfigs()
    • Migrates the removed AdminClient.alterConfigs() method to incrementalAlterConfigs() for Kafka 4.0 compatibility.
  • io.moderne.kafka.MigrateConsumerCommittedToSet
    • Migrate KafkaConsumer.committed(TopicPartition) to committed(Set<TopicPartition>)
    • Migrates from the removed KafkaConsumer.committed(TopicPartition) to committed(Set<TopicPartition>) for Kafka 4.0 compatibility. Converts single TopicPartition arguments to Collections.singleton() calls.
  • io.moderne.kafka.MigrateConsumerGroupStateToGroupState
    • Migrate ConsumerGroupState to GroupState
    • Migrates from the deprecated ConsumerGroupState to GroupState for Kafka 4.0 compatibility. ConsumerGroupState was deprecated in favor of GroupState which supports both consumer groups and share groups.
  • io.moderne.kafka.MigrateConsumerPollToDuration
    • Migrate KafkaConsumer.poll(long) to poll(Duration)
    • Migrates from the deprecated KafkaConsumer.poll(long) to poll(Duration) for Kafka 4.0 compatibility. Converts millisecond timeout values to Duration.ofMillis() calls.
  • io.moderne.kafka.MigrateSendOffsetsToTransaction
    • Migrate deprecated sendOffsetsToTransaction to use ConsumerGroupMetadata
    • Migrates from the deprecated KafkaProducer.sendOffsetsToTransaction(Map, String) to sendOffsetsToTransaction(Map, ConsumerGroupMetadata) for Kafka 4.0 compatibility. This recipe uses a conservative approach with new ConsumerGroupMetadata(groupId).
  • io.moderne.kafka.MigrateToKafka23
    • Migrate to Kafka 2.3
    • Migrate applications to the latest Kafka 2.3 release.
  • io.moderne.kafka.MigrateToKafka24
    • Migrate to Kafka 2.4
    • Migrate applications to the latest Kafka 2.4 release.
  • io.moderne.kafka.MigrateToKafka25
    • Migrate to Kafka 2.5
    • Migrate applications to the latest Kafka 2.5 release.
  • io.moderne.kafka.MigrateToKafka26
    • Migrate to Kafka 2.6
    • Migrate applications to the latest Kafka 2.6 release.
  • io.moderne.kafka.MigrateToKafka27
    • Migrate to Kafka 2.7
    • Migrate applications to the latest Kafka 2.7 release.
  • io.moderne.kafka.MigrateToKafka28
    • Migrate to Kafka 2.8
    • Migrate applications to the latest Kafka 2.8 release.
  • io.moderne.kafka.MigrateToKafka30
    • Migrate to Kafka 3.0
    • Migrate applications to the latest Kafka 3.0 release.
  • io.moderne.kafka.MigrateToKafka31
    • Migrate to Kafka 3.1
    • Migrate applications to the latest Kafka 3.1 release.
  • io.moderne.kafka.MigrateToKafka32
    • Migrate to Kafka 3.2
    • Migrate applications to the latest Kafka 3.2 release.
  • io.moderne.kafka.MigrateToKafka33
    • Migrate to Kafka 3.3
    • Migrate applications to the latest Kafka 3.3 release.
  • io.moderne.kafka.MigrateToKafka40
    • Migrate to Kafka 4.0
    • Migrate applications to the latest Kafka 4.0 release. This includes updating dependencies to 4.0.x, ensuring Java 11+ for clients and Java 17+ for brokers/tools, and handling changes.
  • io.moderne.kafka.MigrateToKafka41
    • Migrate to Kafka 4.1
    • Migrate applications to the latest Kafka 4.1 release. This includes updating dependencies to 4.1.x, migrating deprecated Admin API methods, updating Streams configuration properties, and removing deprecated broker properties.
  • io.moderne.kafka.RemoveDeprecatedKafkaProperties
    • Remove deprecated Kafka property
    • Removes a specific Kafka property that is no longer supported in Kafka 4.0.
  • io.moderne.kafka.UpgradeJavaForKafkaBroker
    • Upgrade Java to 17+ for Kafka broker/tools
    • Ensures Java 17 or higher is used when Kafka broker or tools dependencies are present.
  • io.moderne.kafka.UpgradeJavaForKafkaClients
    • Upgrade Java to 11+ for Kafka clients
    • Ensures Java 11 or higher is used when Kafka client libraries are present.
  • io.moderne.kafka.streams.MigrateJoinedNameMethod
    • Migrate Joined.named() to Joined.as()
    • In Kafka Streams 2.3, Joined.named() was deprecated in favor of Joined.as(). Additionally, the name() method was deprecated for removal and should not be used.
  • io.moderne.kafka.streams.MigrateKStreamToTable
    • Migrate KStream to KTable conversion to use toTable() method
    • In Kafka Streams 2.5, a new toTable() method was added to simplify converting a KStream to a KTable. This recipe replaces the manual aggregation pattern .groupByKey().reduce((oldVal, newVal) -> newVal) with the more concise .toTable() method.
  • io.moderne.kafka.streams.MigrateKafkaStreamsStoreMethod
    • Migrate deprecated KafkaStreams#store method
    • In Kafka Streams 2.5, the method KafkaStreams#store(String storeName, QueryableStoreType<T> storeType) was deprecated. It only allowed querying active stores and did not support any additional query options. Use the new StoreQueryParameters API instead.
  • io.moderne.kafka.streams.MigrateRetryConfiguration
    • Migrate deprecated retry configuration to task timeout
    • In Kafka 2.7, RETRIES_CONFIG and RETRY_BACKOFF_MS_CONFIG were deprecated in favor of TASK_TIMEOUT_MS_CONFIG. This recipe migrates the old retry configuration to the new task timeout configuration, attempting to preserve the retry budget by multiplying retries × backoff time. If only one config is present, it falls back to 60000ms (1 minute).
  • io.moderne.kafka.streams.MigrateStreamsUncaughtExceptionHandler
    • Migrate to StreamsUncaughtExceptionHandler API
    • Migrates from the JVM-level Thread.UncaughtExceptionHandler to Kafka Streams' StreamsUncaughtExceptionHandler API introduced in version 2.8. This new API provides explicit control over how the Streams client should respond to uncaught exceptions (REPLACE_THREAD, SHUTDOWN_CLIENT, or SHUTDOWN_APPLICATION).
  • io.moderne.kafka.streams.MigrateTaskAndThreadMetadata
    • Migrate TaskMetadata and ThreadMetadata
    • Migrates TaskMetadata and ThreadMetadata from org.apache.kafka.streams.processor package to org.apache.kafka.streams package, and updates TaskMetadata.taskId() calls to include .toString() for String compatibility.
  • io.moderne.kafka.streams.MigrateTaskMetadataTaskId
    • Migrate TaskMetadata.taskId() to return TaskId
    • In Kafka Streams 3.0, TaskMetadata.taskId() changed its return type from String to TaskId. This recipe adds .toString() calls where necessary to maintain String compatibility.
  • io.moderne.kafka.streams.MigrateWindowStorePutMethod
    • Migrate WindowStore.put() to include timestamp
    • In Kafka Streams 2.4, WindowStore.put() requires a timestamp parameter. This recipe adds context.timestamp() as the third parameter.
  • io.moderne.kafka.streams.ProcessingGuaranteeExactlyOnceToBeta
    • Migrate exactly_once to exactly_once_beta
    • Kafka Streams 2.6 introduces the exactly-once semantics v2, which is a more efficient implementation with improved internal handling. Though it is beta, it’s fully backward-compatible from the API standpoint, but internally it uses a different transaction/commit protocol. Starting from 3.0, it becomes the default "exactly_once_v2".
  • io.moderne.kafka.streams.ProcessingGuaranteeExactlyOnceToV2
    • Migrate exactly_once and exactly_once_beta to exactly_once_v2
    • Kafka Streams 2.6 introduces the exactly-once semantics v2, which is a more efficient implementation with improved internal handling. Starting from 3.0, it becomes the default "exactly_once_v2".
  • io.moderne.kafka.streams.RemovePartitionGrouperConfiguration
    • Remove PartitionGrouper configuration
    • Starting with Kafka Streams 2.4, the PartitionGrouper API was deprecated and partition grouping is now fully handled internally by the library. This recipe removes the deprecated PARTITION_GROUPER_CLASS_CONFIG configuration.

rewrite-prethink

License: Moderne Proprietary License

59 recipes

rewrite-program-analysis

License: Moderne Proprietary License

23 recipes

  • io.moderne.recipe.rewrite-program-analysis.InlineDeprecatedMethods
    • Inline deprecated delegating methods
    • Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
  • org.openrewrite.analysis.java.FindNullPointerIssues
    • Find null pointer issues
    • Detects potential null pointer dereferences using path-sensitive analysis to distinguish between definite NPEs, possible NPEs, and safe dereferences.
  • org.openrewrite.analysis.java.controlflow.FindUnusedDefinitions
    • Find unused variable definitions
    • Identifies variable assignments whose values are never used before being overwritten.
  • org.openrewrite.analysis.java.controlflow.search.FindCyclomaticComplexity
    • Find cyclomatic complexity
    • Calculates the cyclomatic complexity of methods and produces a data table containing the class name, method name, argument types, complexity value, and complexity threshold.
  • org.openrewrite.analysis.java.controlflow.search.FindUnreachableCode
    • Find unreachable code
    • Uses control flow analysis to identify statements that can never be executed.
  • org.openrewrite.analysis.java.dataflow.FindDeadStores
    • Find dead stores
    • Identifies variable assignments whose values are never used before being overwritten or going out of scope.
  • org.openrewrite.analysis.java.dataflow.FindUnclosedResources
    • Find unclosed resources (S2095)
    • Identifies resources implementing AutoCloseable/Closeable that are opened but not properly closed on all execution paths. Unclosed resources can lead to resource leaks that degrade application performance and stability.
  • org.openrewrite.analysis.java.datalineage.TrackDataLineage
    • Track data lineage
    • Tracks the flow of data from database sources to API sinks to understand data dependencies and support compliance requirements. ## Prerequisites for detecting a data flow All of the following conditions must be met for the recipe to report a flow: 1. The source code must contain at least one method call matching a recognized source (see below). 2. The source code must contain at least one method call matching a recognized sink (see below). 3. The tainted data must propagate from the source to the sink through variable assignments within the same method or via fields across methods in the same compilation unit. 4. No flow breaker (see below) may appear on the path between source and sink. 5. The relevant library types (e.g., java.sql.ResultSet, javax.ws.rs.core.Response) must be on the classpath so that OpenRewrite can resolve types. If types are unresolved, method matchers will not trigger and no flows will be detected. ## Recognized sources (database reads) | Category | Classes | | --- | --- | | JDBC | java.sql.ResultSet | | JPA (javax) | javax.persistence.EntityManager, Query, TypedQuery | | JPA (jakarta) | jakarta.persistence.EntityManager, Query, TypedQuery | | Hibernate | org.hibernate.Session, org.hibernate.query.Query | | Spring Data | org.springframework.data.repository.CrudRepository | | Spring JDBC | org.springframework.jdbc.core.JdbcTemplate | | MyBatis | org.apache.ibatis.session.SqlSession, org.mybatis.spring.SqlSessionTemplate | | MongoDB | com.mongodb.client.MongoCollection, org.springframework.data.mongodb.core.MongoTemplate | | Redis | redis.clients.jedis.Jedis, org.springframework.data.redis.core.RedisTemplate, ValueOperations, HashOperations | | Cassandra | com.datastax.driver.core.Session, org.springframework.data.cassandra.core.CassandraTemplate | | Elasticsearch | org.elasticsearch.client.RestHighLevelClient, org.springframework.data.elasticsearch.core.ElasticsearchTemplate | | Heuristic | Any class with Repository, Dao, or Mapper in its name calling methods starting with find, get, query, search, load, fetch, or select | ## Recognized sinks (API responses) | Category | Classes | | --- | --- | | JAX-RS (javax) | javax.ws.rs.core.Response, Response.ResponseBuilder | | JAX-RS (jakarta) | jakarta.ws.rs.core.Response, Response.ResponseBuilder | | Spring MVC | org.springframework.http.ResponseEntity, ResponseEntity.BodyBuilder | | Servlet (javax) | javax.servlet.http.HttpServletResponse, javax.servlet.ServletOutputStream | | Servlet (jakarta) | jakarta.servlet.http.HttpServletResponse, jakarta.servlet.ServletOutputStream | | Java I/O | java.io.PrintWriter, java.io.Writer, java.io.OutputStream | | Jackson | com.fasterxml.jackson.databind.ObjectMapper, com.fasterxml.jackson.core.JsonGenerator | | Gson | com.google.gson.Gson, com.google.gson.JsonWriter | | GraphQL | graphql.schema.DataFetcher, graphql.schema.PropertyDataFetcher | | Spring WebFlux | ServerResponse, reactor.core.publisher.Mono, reactor.core.publisher.Flux | | gRPC | io.grpc.stub.StreamObserver | | WebSocket | javax.websocket.Session, RemoteEndpoint.Basic, jakarta.websocket.*, org.springframework.web.socket.WebSocketSession | ## Flow breakers Flows are broken by methods matching common sanitization patterns (anonymize, redact, mask, encrypt, hash, sanitize, etc.) or authorization checks (isAuthorized, hasPermission, hasRole, etc.).
  • org.openrewrite.analysis.java.privacy.FindPiiExposure
    • Find PII exposure in logs and external APIs
    • Detects when Personally Identifiable Information (PII) is exposed through logging statements or sent to external APIs without proper sanitization. This helps prevent data leaks and ensures compliance with privacy regulations like GDPR and CCPA.
  • org.openrewrite.analysis.java.security.FindArrayIndexInjection
    • Find improper validation of array index
    • Detects when user-controlled input flows into array or collection index expressions without proper bounds validation, which could allow out-of-bounds access or denial of service (CWE-129).
  • org.openrewrite.analysis.java.security.FindCommandInjection
    • Find command injection vulnerabilities
    • Detects when user-controlled input flows into system command execution methods like Runtime.exec() or ProcessBuilder, which could allow attackers to execute arbitrary commands.
  • org.openrewrite.analysis.java.security.FindJndiInjection
    • Find JNDI injection vulnerabilities
    • Detects when user-controlled input flows into JNDI lookup operations without proper validation, which could allow an attacker to connect to malicious naming/directory services (CWE-99).
  • org.openrewrite.analysis.java.security.FindLdapInjection
    • Find LDAP injection vulnerabilities
    • Finds LDAP injection vulnerabilities by tracking tainted data flow from user input to LDAP queries.
  • org.openrewrite.analysis.java.security.FindLogInjection
    • Find log injection vulnerabilities
    • Detects when user-controlled input flows into logging methods without sanitization, which could allow attackers to forge log entries by injecting newline characters.
  • org.openrewrite.analysis.java.security.FindPathTraversal
    • Find path traversal vulnerabilities
    • Detects potential path traversal vulnerabilities where user input flows to file system operations without proper validation.
  • org.openrewrite.analysis.java.security.FindProcessControlInjection
    • Find process control vulnerabilities
    • Detects when user-controlled input flows into native library loading methods without proper validation, which could allow an attacker to load arbitrary native code (CWE-114).
  • org.openrewrite.analysis.java.security.FindSecurityVulnerabilities
    • Find security vulnerabilities using taint analysis
    • Identifies potential security vulnerabilities where untrusted data from sources flows to sensitive sinks without proper sanitization.
  • org.openrewrite.analysis.java.security.FindSqlInjection
    • Find SQL injection vulnerabilities
    • Detects potential SQL injection vulnerabilities where user input flows to SQL execution methods without proper sanitization.
  • org.openrewrite.analysis.java.security.FindUnencryptedPiiStorage
    • Find unencrypted PII storage
    • Identifies when personally identifiable information (PII) is stored in databases, files, or other persistent storage without encryption.
  • org.openrewrite.analysis.java.security.FindUnsafeReflectionInjection
    • Find unsafe reflection vulnerabilities
    • Detects when user-controlled input flows into reflection-based class loading or instantiation without proper validation, which could allow an attacker to instantiate arbitrary classes (CWE-470).
  • org.openrewrite.analysis.java.security.FindXssVulnerability
    • Find XSS vulnerabilities
    • Detects potential cross-site scripting vulnerabilities where user input flows to output methods without proper sanitization.
  • org.openrewrite.analysis.java.security.FindXxeVulnerability
    • Find XXE vulnerabilities
    • Locates XML parsers that are not configured to prevent XML External Entity (XXE) attacks.
  • org.openrewrite.analysis.java.security.SanitizeLogInjection
    • Sanitize log injection vulnerabilities
    • Sanitizes user-controlled input before it flows into logging methods by stripping newline, carriage return, and tab characters that could enable log forging.

rewrite-react

License: Moderne Proprietary License

2 recipes

rewrite-release-metromap

License: Moderne Proprietary License

6 recipes

rewrite-spring

License: Moderne Proprietary License

158 recipes

  • io.moderne.java.jsf.MigrateToJsf_2_3
    • Migrate to JSF 2.3
    • Complete migration to JSF 2.3, including associated technologies like RichFaces. Updates dependencies, transforms XHTML views, and migrates Java APIs.
  • io.moderne.java.jsf.richfaces.ConvertExtendedDataTableHeightToStyle
    • Convert height/width attributes to extendedDataTable style
    • Converts height and width attributes to inline style attribute for RichFaces extendedDataTable components.
  • io.moderne.java.jsf.richfaces.MigrateRichFaces_4_5
    • Migrate RichFaces 3.x to 4.5
    • Complete RichFaces 3.x to 4.5 migration including tag renames, attribute migrations, and Java API updates.
  • io.moderne.java.jsf.richfaces.update45.UpdateXHTMLTags
    • Migrate RichFaces tags in xhtml files
    • Migrate RichFaces tags in xhtml files to RichFaces 4.
  • io.moderne.java.spring.boot.AddSpringBootApplication
    • Add @SpringBootApplication class
    • Adds a @SpringBootApplication class containing a main method to bootify your Spring Framework application.
  • io.moderne.java.spring.boot.FieldToConstructorInjection
    • Convert field injection to constructor injection
    • Converts @Autowired field injection to constructor injection pattern. For non-final classes, adds both a no-args constructor and the autowired constructor to maintain compatibility with extending classes. Moves @Qualifier annotations to constructor parameters.
  • io.moderne.java.spring.boot.IsLikelyNotSpringBoot
    • Is likely not a Spring Boot project
    • Marks the project if it's likely not a Spring Boot project.
  • io.moderne.java.spring.boot.IsLikelySpringBoot
    • Is likely a Spring Boot project
    • Marks the project if it's likely a Spring Boot project.
  • io.moderne.java.spring.boot.MarkEmbeddedServerProvidedForWar
    • Mark embedded server as provided for WAR projects
    • For WAR-packaged projects migrating to Spring Boot, add the embedded Tomcat starter with provided scope to prevent conflicts with the external servlet container.
  • io.moderne.java.spring.boot.MigrateSpringFrameworkDependenciesToSpringBoot
    • Migrate Spring Framework dependencies to Spring Boot
    • Migrate Spring Framework dependencies to Spring Boot.
  • io.moderne.java.spring.boot.ReplaceSpringFrameworkDepsWithBootStarters
    • Replace Spring Framework dependencies with Spring Boot starters
    • Replace common Spring Framework dependencies with their Spring Boot starter equivalents. This recipe handles the direct dependency replacement; any remaining Spring Framework dependencies that become transitively available through starters are cleaned up separately by RemoveRedundantDependencies.
  • io.moderne.java.spring.boot.SpringToSpringBoot
    • Migrate Spring Framework to Spring Boot
    • Migrate non Spring Boot applications to the latest compatible Spring Boot release. This recipe will modify an application's build files introducing Maven dependency management for Spring Boot, or adding the Gradle Spring Boot build plugin.
  • io.moderne.java.spring.boot3.AddValidToConfigurationPropertiesFields
    • Add @Valid annotation to fields
    • In Spring Boot 3.4, validation of @ConfigurationProperties classes annotated with @Validated now follows the Bean Validation specification, only cascading to nested properties if the corresponding field is annotated with @Valid. The recipe will add a @Valid annotation to each field which has a type that has a field which is annotated with a jakarta.validation.constraints.* annotation.
  • io.moderne.java.spring.boot3.CommentDeprecations
    • Comment deprecated methods in Spring 3.4
    • Spring Boot 3.4 deprecates methods that are not commonly used or need manual interaction.
  • io.moderne.java.spring.boot3.CommentOnMockAndSpyBeansInConfigSpring34
    • Comment on @MockitoSpyBean and @MockitoBean in @Configuration
    • Deprecated: use io.moderne.java.spring.boot3.ReplaceMockitoBeanWithBeanMethod instead, which rewrites the field into a working @Bean method rather than adding a TODO comment. As stated in Spring Docs @MockitoSpyBean and @MockitoBean will only work in tests, explicitly not in @Configuration annotated classes.
  • io.moderne.java.spring.boot3.ConditionalOnAvailableEndpointMigrationSpring34
    • Migrate ConditionalOnAvailableEndpoint for Spring Boot 3.4
    • Migrate @ConditionalOnAvailableEndpoint(EndpointExposure.CLOUD_FOUNDRY) to @ConditionalOnAvailableEndpoint(EndpointExposure.WEB) for Spring Boot 3.4.
  • io.moderne.java.spring.boot3.MigrateAbstractDiscoveredEndpointConstructor
    • Migrate AbstractDiscoveredEndpoint deprecated constructor
    • The boolean-parameter constructor of AbstractDiscoveredEndpoint has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with an Access parameter.
  • io.moderne.java.spring.boot3.MigrateAbstractExposableEndpointConstructor
    • Migrate AbstractExposableEndpoint deprecated constructor
    • The boolean-parameter constructor of AbstractExposableEndpoint has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new constructor with an Access parameter instead of boolean enableByDefault.
  • io.moderne.java.spring.boot3.MigrateEndpointAnnotationAccessValueSpring34
    • Migrate @Endpoints defaultAccess value
    • Since Spring Boot 3.4 the @Endpoint access configuration values are no longer true|false but none|read-only|unrestricted.
  • io.moderne.java.spring.boot3.MigrateEndpointDiscovererConstructor
    • Migrate EndpointDiscoverer deprecated constructor
    • The 4-parameter constructor of EndpointDiscoverer has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
  • io.moderne.java.spring.boot3.MigrateEntityManagerFactoryBuilderConstructor
    • Migrate EntityManagerFactoryBuilder deprecated constructor
    • The constructors of EntityManagerFactoryBuilder have been deprecated in Spring Boot 3.4. This recipe transforms them to use the new constructor with a Function parameter for property mapping.
  • io.moderne.java.spring.boot3.MigrateJmxEndpointDiscovererConstructor
    • Migrate JmxEndpointDiscoverer deprecated constructor
    • The 4-parameter constructor of JmxEndpointDiscoverer has been deprecated in Spring Boot 3.4. This recipe transforms it to use the new 5-parameter constructor with an additional Collection parameter.
  • io.moderne.java.spring.boot3.MigrateRestTemplateToRestClient
    • Migrate RestTemplate to RestClient
    • Migrates Spring's RestTemplate to the modern RestClient API introduced in Spring Framework 6.1. RestClient provides a fluent, synchronous API that is the recommended approach for new development. This recipe converts constructor calls, type declarations, and common method invocations (getForObject, getForEntity, postForObject, postForEntity, patchForObject, put, delete, headForHeaders, postForLocation, optionsForAllow, exchange) to their RestClient equivalents.
  • io.moderne.java.spring.boot3.MigrateWebEndpointDiscovererConstructor
    • Migrate WebEndpointDiscoverer 6-parameter constructor to 8-parameter
    • The 6-parameter constructor of WebEndpointDiscoverer has been deprecated in Spring Boot 3.3. This recipe adds two new parameters (AdditionalPathsMapper and OperationFilter<WebOperation>) to the constructor and updates the Bean method signature to inject them as ObjectProvider types.
  • io.moderne.java.spring.boot3.RemoveDeprecatedConditions
    • Remove Spring Boot 3.5 deprecated conditions
    • Replace Spring Boot 3.5 deprecated condition classes with their corresponding conditional annotations.
  • io.moderne.java.spring.boot3.RemoveReplaceNoneFromAutoConfigureTestDatabase
    • Remove Replace.NONE from @AutoConfigureTestDatabase
    • Replace.NONE is the default value for @AutoConfigureTestDatabase since Spring Boot 3.4.
  • io.moderne.java.spring.boot3.RemoveTestRestTemplateEnableRedirectsOptionRecipe
    • Remove TestRestTemplate.HttpClientOption.ENABLE_REDIRECTS option
    • The TestRestTemplate now uses the same follow redirects settings as the regular RestTemplate. The HttpOption.ENABLE_REDIRECTS option has also been deprecated. This recipe removes the option from the TestRestTemplate constructor arguments.
  • io.moderne.java.spring.boot3.ReplaceConditionalOutcomeInverse
    • Replace ConditionOutcome.inverse() with constructor
    • Replace deprecated ConditionOutcome.inverse(ConditionOutcome outcome) calls with new ConditionOutcome(!outcome.isMatch(), outcome.getConditionMessage()).
  • io.moderne.java.spring.boot3.ReplaceDeprecatedKafkaConnectionDetailsBootstrapServerGetters
    • Replace deprecated KafkaConnectionDetails bootstrap server methods
    • Replace deprecated KafkaConnectionDetails bootstrap server methods with chained calls. For example, getProducerBootstrapServers() becomes getProducer().getBootstrapServers().
  • io.moderne.java.spring.boot3.ReplaceDeprecatedThreadPoolTaskSchedulerConstructor
    • Replace deprecated ThreadPoolTaskSchedulerBuilder 5-argument constructor
    • The 5-parameter constructor of ThreadPoolTaskSchedulerBuilder has been deprecated in Spring Boot 3.5. This recipe transforms it to use the builder pattern instead, omitting null values and defaults.
  • io.moderne.java.spring.boot3.ReplaceKafkaTransactionManagerSetter
    • Use kafkaAwareTransactionManager setter
    • Replace deprecated ContainerProperties#setTransactionManager(org.springframework.transaction.PlatformTransactionManager) method with ContainerProperties#setKafkaAwareTransactionManager(org.springframework.kafka.transaction.KafkaAwareTransactionManager). The method will be replaced only if its argument has the type KafkaAwareTransactionManager.
  • io.moderne.java.spring.boot3.ReplaceMockitoBeanWithBeanMethod
    • Replace @MockitoBean and @MockitoSpyBean with @Bean methods in @Configuration classes
    • @MockitoBean and @MockitoSpyBean only work in test classes, not in @Configuration classes. This recipe converts annotated fields into @Bean methods using Mockito.mock() or Mockito.spy().
  • io.moderne.java.spring.boot3.ReplaceTaskExecutorNameByApplicationTaskExecutorName
    • Use bean name applicationTaskExecutor instead of taskExecutor
    • Spring Boot 3.5 removed the bean name taskExecutor. Where this bean name is used, the recipe replaces the bean name to applicationTaskExecutor. This also includes instances where the developer provided their own bean named taskExecutor. This also includes scenarios where JSR-250's @Resource annotation is used.
  • io.moderne.java.spring.boot3.ResolveDeprecationsSpringBoot_3_3
    • Resolve Deprecations in Spring Boot 3.3
    • Migrates Deprecations in the Spring Boot 3.3 Release. Contains the removal of DefaultJmsListenerContainerFactoryConfigurer.setObservationRegistry and adds new parameter of WebEndpointDiscoverer constructor.
  • io.moderne.java.spring.boot3.ResolveTaskExecutorFromContext
    • Replace taskExecutor with applicationTaskExecutor
    • Use bean name applicationTaskExecutor instead of taskExecutor when resolving TaskExecutor Bean from application context.
  • io.moderne.java.spring.boot3.SpringBoot34Deprecations
    • Migrate Spring Boot 3.4 deprecated classes and methods
    • Migrate deprecated classes and methods that have been marked for removal in Spring Boot 4.0. This includes constructor changes for EntityManagerFactoryBuilder, HikariCheckpointRestoreLifecycle, and various actuator endpoint discovery classes.
  • io.moderne.java.spring.boot3.SpringBoot35Deprecations
    • Migrate Spring Boot 3.5 deprecated classes and methods
    • Migrate deprecated classes and methods that have been marked for removal in Spring Boot 3.5.
  • io.moderne.java.spring.boot3.SpringBoot3BestPractices
    • Spring Boot 3.5 best practices
    • Applies best practices to Spring Boot 3.5+ applications.
  • io.moderne.java.spring.boot3.SpringBootProperties_3_4
    • Migrate @Endpoint Security properties to 3.4 (Moderne Edition)
    • Migrate the settings for Spring Boot Management Endpoint Security from true|false to read-only|none.
  • io.moderne.java.spring.boot3.UpdateOpenTelemetryResourceAttributes
    • Update OpenTelemetry resource attributes
    • The service.group resource attribute has been deprecated for OpenTelemetry in Spring Boot 3.5. Consider using alternative attributes or remove the deprecated attribute.
  • io.moderne.java.spring.boot3.UpgradeGradle7Spring34
    • Upgrade Gradle to 7.6.4+ for Spring Boot 3.4
    • Spring Boot 3.4 requires Gradle 7.6.4.
  • io.moderne.java.spring.boot3.UpgradeGradle8Spring34
    • Upgrade Gradle 8 to 8.4+ for Spring Boot 3.4
    • Spring Boot 3.4 requires Gradle 8.4+.
  • io.moderne.java.spring.boot3.UpgradeMyBatisToSpringBoot_3_4
    • Upgrade MyBatis to Spring Boot 3.4
    • Upgrade MyBatis Spring modules to a version corresponding to Spring Boot 3.4.
  • io.moderne.java.spring.boot3.UpgradeMyBatisToSpringBoot_3_5
    • Upgrade MyBatis to Spring Boot 3.5
    • Upgrade MyBatis Spring modules to a version corresponding to Spring Boot 3.5.
  • io.moderne.java.spring.boot3.UpgradeSpringBoot_3_4
    • Migrate to Spring Boot 3.4 (Moderne Edition)
    • Migrate applications to the latest Spring Boot 3.4 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.4.
  • io.moderne.java.spring.boot3.UpgradeSpringBoot_3_5
    • Migrate to Spring Boot 3.5 (Moderne Edition)
    • Migrate applications to the latest Spring Boot 3.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 3.5.
  • io.moderne.java.spring.boot3.UpgradeSpringCloudAWSToSpringBoot_3_4
    • Upgrade Spring Cloud AWS to Spring Boot 3.4 compatible version
    • Upgrade the Spring Cloud AWS dependency to a version compatible with Spring Boot 3.4.
  • io.moderne.java.spring.boot3.UpgradeSpringKafka_3_3
    • Migrate to Spring Kafka 3.3
    • Migrate applications to the latest Spring Kafka 3.3 release.
  • io.moderne.java.spring.boot4.AddAutoConfigureMockMvc
    • Add @AutoConfigureMockMvc to @SpringBootTest classes using MockMvc
    • Adds @AutoConfigureMockMvc annotation to classes annotated with @SpringBootTest that use MockMvc.
  • io.moderne.java.spring.boot4.AddFlywayStarters
    • Add Flyway starters
    • Adds spring-boot-starter-flyway and spring-boot-starter-flyway-test dependencies when Flyway usage is detected in the module.
  • io.moderne.java.spring.boot4.AddJackson2ForJerseyJson
    • Add Jackson2 for Jersey using JSON
    • Check whether a module uses Jersey on combination with JSON and adds the needed spring-boot-jackson dependency and conditionally spring-boot-jackson2 dependency.
  • io.moderne.java.spring.boot4.AddLenientMockitoSettings
    • Add @MockitoSettings(strictness = Strictness.LENIENT) for @MockitoBean tests
    • When migrating from @MockBean to @MockitoBean, the implicit LENIENT Mockito strictness from Spring Boot's MockitoPostProcessor is lost. If @ExtendWith(MockitoExtension.class) is present, Mockito enforces STRICT_STUBS by default, causing UnnecessaryStubbingException for tests with unused stubs. This recipe adds @MockitoSettings(strictness = Strictness.LENIENT) to preserve the original behavior.
  • io.moderne.java.spring.boot4.AddLiquibaseStarters
    • Add Liquibase starters
    • Adds spring-boot-starter-liquibase and spring-boot-starter-liquibase-test dependencies when Liquibase usage is detected in the module.
  • io.moderne.java.spring.boot4.AddModularStarters
    • Add Spring Boot 4.0 modular starters
    • Add Spring Boot 4.0 starter dependencies based on package usage. Note: Higher-level starters (like data-jpa) include lower-level ones (like jdbc) transitively, so only the highest-level detected starter is added for each technology.
  • io.moderne.java.spring.boot4.AddMongoDbRepresentationProperties
    • Add MongoDB representation properties for UUID and BigDecimal
    • Adds the 'spring.mongodb.representation.uuid' property with value 'standard' and the 'spring.data.mongodb.representation.big-decimal' property with the value 'decimal128' to Spring configuration files when a MongoDB dependency is detected.
  • io.moderne.java.spring.boot4.AddMssqlKerberosJaasConfig
    • Add useDefaultJaasConfig=true to MSSQL Kerberos JDBC URLs
    • For MSSQL JDBC connections using Kerberos authentication (authenticationScheme=JavaKerberos or integratedSecurity=true), adds useDefaultJaasConfig=true to the connection string. This is required for compatibility with Keycloak 26.4+ which changes JAAS configuration handling.
  • io.moderne.java.spring.boot4.AddValidationStarterDependency
    • Add spring-boot-starter-validation dependency
    • In Spring Boot 4, validation is no longer auto-included from the web starter. This recipe adds the spring-boot-starter-validation dependency when Jakarta Validation annotations are used in the project.
  • io.moderne.java.spring.boot4.AdoptJackson3
    • Adopt Jackson 3
    • Adopt Jackson 3 which is supported by Spring Boot 4 and Jackson 2 support is deprecated.
  • io.moderne.java.spring.boot4.FlagDeprecatedReactorNettyHttpClientMapper
    • Flag deprecated ReactorNettyHttpClientMapper for migration
    • Adds a TODO comment to classes implementing the deprecated ReactorNettyHttpClientMapper interface. Migration to ClientHttpConnectorBuilderCustomizer<ReactorClientHttpConnectorBuilder> requires wrapping the HttpClient configuration in builder.withHttpClientCustomizer(...).
  • io.moderne.java.spring.boot4.InsertPropertyMapperAlwaysMethodInvocation
    • Preserve PropertyMapper null-passing behavior
    • Spring Boot 4.0 changes the PropertyMapper behavior so that from() no longer calls to() when the source value is null. This recipe inserts .always() before terminal mapping methods to preserve the previous behavior. Chains that already contain .whenNonNull() or .alwaysApplyingWhenNonNull() are skipped, as they explicitly opted into null-skipping behavior which is now the default.
  • io.moderne.java.spring.boot4.MigrateHazelcastSpringSession
    • Migrate Spring Session Hazelcast to Hazelcast Spring Session
    • Spring Boot 4.0 removed direct support for Spring Session Hazelcast. The Hazelcast team now maintains their own Spring Session integration. This recipe changes the dependency from org.springframework.session:spring-session-hazelcast to com.hazelcast.spring:hazelcast-spring-session and updates the package from org.springframework.session.hazelcast to com.hazelcast.spring.session.
  • io.moderne.java.spring.boot4.MigrateMockMvcToAssertJ
    • Migrate MockMvc to AssertJ assertions
    • Migrates Spring MockMvc tests from Hamcrest-style andExpect() assertions to AssertJ-style fluent assertions. Changes MockMvc to MockMvcTester and converts assertion chains.
  • io.moderne.java.spring.boot4.MigratePropertyMapper
    • Migrate PropertyMapper API for Spring Boot 4.0
    • Migrates PropertyMapper usage to accommodate Spring Boot 4.0 behavioral changes. In Boot 4.0, PropertyMapper.from() no longer calls to() when the source value is null. This recipe first inserts .always() on bare chains to preserve null-passing behavior, then removes the now-redundant .whenNonNull() and .alwaysApplyingWhenNonNull() calls. Guarded by a Spring Boot < 4.0 precondition so that on subsequent recipe cycles (after the version is bumped by the parent migration recipe), this recipe becomes a no-op — preventing it from incorrectly adding .always() to chains that just had .whenNonNull() stripped.
  • io.moderne.java.spring.boot4.MigrateRestAssured
    • Add explicit version for REST Assured
    • REST Assured is no longer managed by Spring Boot 4.0. This recipe adds an explicit version to REST Assured dependencies.
  • io.moderne.java.spring.boot4.MigrateSpringRetry
    • Migrate Spring Retry to Spring Resilience
    • Handle spring-retry no longer managed by Spring Boot and the possible migration to Spring Core Resilience.
  • io.moderne.java.spring.boot4.MigrateSpringRetryToSpringFramework7
    • Migrate spring-retry to Spring Framework resilience
    • Migrate spring-retrys @Retryable and @Backoff annotation to Spring Framework 7 Resilience annotations.
  • io.moderne.java.spring.boot4.MigrateToModularStarters
    • Migrate to Spring Boot 4.0 modular starters (Moderne Edition)
    • Remove monolithic starters and adds the necessary Spring Boot 4.0 starter dependencies based on package usage, where any spring-boot-starter was used previously.
  • io.moderne.java.spring.boot4.MockMvcAssertionsToAssertJ
    • Migrate MockMvc andExpect() chains to AssertJ assertions
    • Converts MockMvc Hamcrest-style andExpect() assertion chains to AssertJ-style fluent assertions using assertThat(). Handles status, content, JSON path, header, redirect, and forward assertions.
  • io.moderne.java.spring.boot4.MockMvcRequestBuildersToMockMvcTester
    • Migrate MockMvcRequestBuilders to MockMvcTester request methods
    • Converts mockMvcTester.perform(get(&quot;/api&quot;).param(&quot;k&quot;,&quot;v&quot;)) to mockMvcTester.get().uri(&quot;/api&quot;).param(&quot;k&quot;,&quot;v&quot;), removing the perform() wrapper and MockMvcRequestBuilders static method calls.
  • io.moderne.java.spring.boot4.MockMvcToMockMvcTester
    • Migrate MockMvc to MockMvcTester
    • Converts MockMvc fields and initialization to MockMvcTester. Changes field types, renames fields from mockMvc to mockMvcTester, and converts MockMvcBuilders.standaloneSetup().build() to MockMvcTester.of() and MockMvcBuilders.webAppContextSetup().build() to MockMvcTester.from().
  • io.moderne.java.spring.boot4.ModuleHasMonolithicStarter
    • Module has monolithic Spring Boot starter
    • Precondition that matches modules with the monolithic Spring Boot starters that need to be migrated to modular starters. Matches the production monolithic spring-boot-starter and spring-boot-starter-classic, but not specific modular starters like spring-boot-starter-test or spring-boot-starter-ldap.
  • io.moderne.java.spring.boot4.ModuleStarterRelocations
    • Spring Boot 4.0 Module Starter Relocations
    • Relocate types and packages for Spring Boot 4.0 modular starters.
  • io.moderne.java.spring.boot4.ModuleUsesFlyway
    • Module uses Flyway
    • Precondition that marks all files in a module if Flyway usage is detected. Detection is based on having a Flyway dependency, using Flyway types, or having migration files.
  • io.moderne.java.spring.boot4.ModuleUsesLiquibase
    • Module uses Liquibase
    • Precondition that marks all files in a module if Liquibase usage is detected. Detection is based on having a Liquibase dependency, using Liquibase types, or having changelog files.
  • io.moderne.java.spring.boot4.RemoveContentNegotiationFavorPathExtension
    • Remove ContentNegotiationConfigurer.favorPathExtension() calls
    • Spring Framework 7 removed favorPathExtension() from ContentNegotiationConfigurer. Path extension content negotiation is no longer supported. This recipe removes calls to favorPathExtension().
  • io.moderne.java.spring.boot4.RemoveGradleUberJarLoaderImplementationConfig
    • Remove loaderImplementation from Gradle
    • Removes the Spring Boot Uber-Jar loaderImplementation configuration from Gradle build files.
  • io.moderne.java.spring.boot4.RemoveHttpMessageConvertersAutoConfigurationReferences
    • Remove HttpMessageConvertersAutoConfiguration references
    • Removes references to the deprecated HttpMessageConvertersAutoConfiguration class which was removed in Spring Boot 4.0. For @AutoConfigureAfter and @AutoConfigureBefore annotations, the reference is removed. For @Import annotations, a TODO comment is added since manual migration may be required.
  • io.moderne.java.spring.boot4.RemoveKafkaPropertiesSslBundlesParameter
    • Remove SslBundles parameter from KafkaProperties build methods
    • In Spring Boot 4.0, the SslBundles parameter was removed from KafkaProperties.buildProducerProperties, buildConsumerProperties, buildAdminProperties, and buildStreamsProperties. This recipe removes the argument from method calls.
  • io.moderne.java.spring.boot4.RemoveSpringPulsarReactive
    • Remove Spring Pulsar Reactive support
    • Spring Boot 4.0 removed support for Spring Pulsar Reactive as it is no longer maintained. This recipe removes the Spring Pulsar Reactive dependencies.
  • io.moderne.java.spring.boot4.RemoveZipkinAutoConfigurationExclude
    • Remove ZipkinAutoConfiguration
    • Zipkin is no longer auto-configured by default in Spring Boot 4.0; remove references to it from exclusions on annotations.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedAutoconfigureMongoApi
    • Replace deprecated org.springframework.boot.autoconfigure.mongo API
    • Replace deprecated org.springframework.boot.autoconfigure.mongo API.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedDockerApi
    • Replace deprecated DockerApi
    • Replaces deprecated DockerApi constructors and configuration methods with their modern equivalents.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedRequestMatcherProvider
    • Replace deprecated RequestMatcherProvider with new API
    • Replaces the deprecated org.springframework.boot.autoconfigure.security.servlet.RequestMatcherProvider with org.springframework.boot.security.autoconfigure.actuate.web.servlet.RequestMatcherProvider. The new interface adds an HttpMethod parameter to the getRequestMatcher method.
  • io.moderne.java.spring.boot4.ReplaceDeprecatedThreadPoolTaskSchedulerBuilderApi
    • Replace deprecated ThreadPoolTaskSchedulerBuilder constructor
    • Replaces the deprecated 5-argument constructor of ThreadPoolTaskSchedulerBuilder with the builder pattern.
  • io.moderne.java.spring.boot4.SpringBoot4BestPractices
    • Spring Boot 4.0 best practices
    • Applies best practices to Spring Boot 4.+ applications.
  • io.moderne.java.spring.boot4.UpgradeMyBatisToSpringBoot_4_0
    • Upgrade MyBatis to Spring Boot 4.0
    • Upgrade MyBatis Spring modules to a version corresponding to Spring Boot 4.0.
  • io.moderne.java.spring.boot4.UpgradeSpringBoot_4_0
    • Migrate to Spring Boot 4.0 (Moderne Edition)
    • Migrate applications to the latest Spring Boot 4.0 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions. This recipe will also chain additional framework migrations (Spring Framework, Spring Data, etc) that are required as part of the migration to Spring Boot 4.0.
  • io.moderne.java.spring.boot4.UpgradeSpringKafka_4_0
    • Migrate to Spring Kafka 4.0
    • Migrate applications to Spring Kafka 4.0. This includes removing deprecated configuration options that are no longer supported.
  • io.moderne.java.spring.cloud2020.SpringCloudProperties_2020
    • Migrate Spring Cloud properties to 2020
    • Migrate properties found in application.properties and application.yml.
  • io.moderne.java.spring.cloud2021.SpringCloudProperties_2021
    • Migrate Spring Cloud properties to 2021
    • Migrate properties found in application.properties and application.yml.
  • io.moderne.java.spring.cloud2022.SpringCloudProperties_2022
    • Migrate Spring Cloud properties to 2022
    • Migrate properties found in application.properties and application.yml.
  • io.moderne.java.spring.cloud2023.SpringCloudProperties_2023
    • Migrate Spring Cloud properties to 2023
    • Migrate properties found in application.properties and application.yml.
  • io.moderne.java.spring.cloud2024.SpringCloudProperties_2024
    • Migrate Spring Cloud properties to 2024
    • Migrate properties found in application.properties and application.yml.
  • io.moderne.java.spring.cloud2025.SpringCloudProperties_2025
    • Migrate Spring Cloud properties to 2025
    • Migrate properties found in application.properties and application.yml.
  • io.moderne.java.spring.cloud20251.SpringCloudProperties_2025_1
    • Migrate Spring Cloud properties to 2025.1
    • Migrate properties found in application.properties and application.yml for Spring Cloud 2025.1 (Oakwood). This includes the stubrunner property prefix migration from stubrunner. to spring.cloud.contract.stubrunner..
  • io.moderne.java.spring.cloud20251.UpgradeSpringCloud_2025_1
    • Upgrade to Spring Cloud 2025.1
    • Upgrade to Spring Cloud 2025.1 (Oakwood). This release is based on Spring Framework 7 and Spring Boot 4. Each Spring Cloud project has been updated to version 5.0.0.
  • io.moderne.java.spring.framework.AddSetUseSuffixPatternMatch
    • Add setUseSuffixPatternMatch(true) in Spring MVC configuration
    • In Spring Framework 5.2.4 and earlier, suffix pattern matching was enabled by default. This meant a controller method mapped to /users would also match /users.json, /users.xml, etc. Spring Framework 5.3 deprecated this behavior and changed the default to false. This recipe adds setUseSuffixPatternMatch(true) to WebMvcConfigurer implementations to preserve the legacy behavior during migration. Note: This only applies to Spring MVC; Spring WebFlux does not support suffix pattern matching.
  • io.moderne.java.spring.framework.AddSetUseSuffixPatternMatchIfPreSpring53
    • Add setUseSuffixPatternMatch(true) for pre-Spring Framework 5.3 projects
    • Only adds setUseSuffixPatternMatch(true) when the project is on Spring Framework < 5.3, where suffix pattern matching was enabled by default. Projects already on 5.3+ have been running with the new default (false) and should not get this configuration added.
  • io.moderne.java.spring.framework.FindDeprecatedPathMatcherUsage
    • Find deprecated PathMatcher usage
    • In Spring Framework 7.0, PathMatcher and AntPathMatcher are deprecated in favor of PathPatternParser. This recipe finds usages of the deprecated AntPathMatcher class that may require manual migration to PathPatternParser.
  • io.moderne.java.spring.framework.FlagSuffixPatternMatchUsage
    • Flag deprecated suffix pattern matching usage for manual review
    • Handles deprecated setUseSuffixPatternMatch() and setUseRegisteredSuffixPatternMatch() calls. When suffix pattern matching is explicitly enabled, adds TODO comments and search markers since there is no automatic migration path. When explicitly disabled, the call is safely removed since false is already the default since Spring Framework 5.3.
  • io.moderne.java.spring.framework.IsLikelySpringFramework
    • Is likely a Spring Framework project
    • Marks the project if it's likely a Spring Framework project.
  • io.moderne.java.spring.framework.JaxRsToSpringWeb
    • Convert JAX-RS annotations to Spring Web
    • Converts JAX-RS annotations such as @Path, @GET, @POST, etc., to their Spring Web equivalents like @RestController, @RequestMapping, @GetMapping, etc.
  • io.moderne.java.spring.framework.MigrateConverterSetObjectMapper
    • Replace setObjectMapper with constructor injection
    • Folds setObjectMapper calls on MappingJackson2HttpMessageConverter into the constructor. If the converter is instantiated in the same block with no other invocations, the setter call is replaced with constructor injection. Otherwise, a TODO comment is added.
  • io.moderne.java.spring.framework.MigrateDefaultResponseErrorHandler
    • Migrate DefaultResponseErrorHandler.handleError method signature
    • Migrates overridden handleError(ClientHttpResponse response) methods to the new signature handleError(URI url, HttpMethod method, ClientHttpResponse response) in classes extending DefaultResponseErrorHandler. The old single-argument method was removed in Spring Framework 7.0.
  • io.moderne.java.spring.framework.MigrateDeprecatedBeanXmlProperties
    • Migrate Bean XML properties deprecated in Spring Framework 3.0
    • Migrate Bean XML properties that were deprecated in Spring Framework 3.0.
  • io.moderne.java.spring.framework.MigrateFilterToOncePerRequestFilter
    • Migrate Filter to OncePerRequestFilter
    • Migrates classes that implement javax.servlet.Filter (or jakarta.servlet.Filter) to extend org.springframework.web.filter.OncePerRequestFilter. This transformation renames doFilter to doFilterInternal, changes parameter types to HTTP variants, removes manual casting, and removes empty init() and destroy() methods.
  • io.moderne.java.spring.framework.MigrateHandleErrorMethodInvocations
    • Migrate handleError method invocations to new signature
    • Updates invocations of handleError(ClientHttpResponse) to the new handleError(URI, HttpMethod, ClientHttpResponse) signature introduced in Spring Framework 7.0. In test sources, example values are used. In main sources, null is passed with a TODO comment.
  • io.moderne.java.spring.framework.MigrateHttpHeadersMultiValueMapMethods
    • Migrate HttpHeaders methods removed when MultiValueMap contract was dropped
    • Spring Framework 7.0 changed HttpHeaders to no longer implement MultiValueMap. This recipe replaces removed inherited method calls: containsKey() with containsHeader(), keySet() with headerNames(), and entrySet() with headerSet().
  • io.moderne.java.spring.framework.MigrateTrailingSlashMatch
    • Migrate trailing slash matching to explicit routes
    • Migrates deprecated setUseTrailingSlashMatch() configuration removed in Spring Framework 7.0. Only adds explicit trailing slash routes when the project previously enabled trailing slash matching via setUseTrailingSlashMatch(true). The deprecated configuration calls are always removed.
  • io.moderne.java.spring.framework.ModularSpringFrameworkDependencies
    • Add Spring Framework modular dependencies
    • Adds Spring Framework modular dependencies based on package usage, replacing legacy monolithic org.springframework:spring.
  • io.moderne.java.spring.framework.NullableSpringWebParameters
    • Add @Nullable to optional Spring web parameters
    • In Spring Boot 4, JSpecify's @Nullable annotation should be used to indicate that a parameter can be null. This recipe adds @Nullable to parameters annotated with @PathVariable(required = false) or @RequestParam(required = false) and removes the now-redundant required = false attribute.
  • io.moderne.java.spring.framework.RemoveDeprecatedPathMappingOptions
    • Migrate deprecated path mapping options
    • Migrates deprecated path mapping configuration options that have been removed in Spring Framework 7.0. For trailing slash matching, this recipe adds explicit dual routes to controller methods before removing the deprecated configuration. For suffix pattern matching, this recipe flags usages for manual review since there is no automatic migration path. Path extension content negotiation options are removed as they should be replaced with query parameter-based negotiation.
  • io.moderne.java.spring.framework.RemoveEmptyPathMatchConfiguration
    • Remove empty path match configuration methods
    • Removes empty configurePathMatch (WebMvc) and configurePathMatching (WebFlux) method overrides. These methods may become empty after deprecated path matching options are removed.
  • io.moderne.java.spring.framework.RemovePathExtensionContentNegotiation
    • Remove path extension content negotiation methods
    • Remove calls to favorPathExtension() and ignoreUnknownPathExtensions() on ContentNegotiationConfigurer. These methods and the underlying PathExtensionContentNegotiationStrategy were removed in Spring Framework 7.0. Path extension content negotiation was deprecated due to URI handling issues. Use query parameter-based negotiation with favorParameter(true) as an alternative.
  • io.moderne.java.spring.framework.RemoveSetPathMatcherCall
    • Remove deprecated setPathMatcher() calls
    • In Spring Framework 7.0, PathMatcher and AntPathMatcher are deprecated in favor of PathPatternParser, which has been the default in Spring MVC since 6.0. This recipe removes calls to setPathMatcher(new AntPathMatcher()) since they are now redundant. The default PathPatternParser provides better performance through pre-parsed patterns.
  • io.moderne.java.spring.framework.ReplaceControllerWithRestController
    • Replace @Controller with @RestController
    • When a class is annotated with @Controller and either the class itself or all of its handler methods are annotated with @ResponseBody, the class can use @RestController instead. This removes the need for individual @ResponseBody annotations.
  • io.moderne.java.spring.framework.UpgradeSpringFramework_3_0
    • Migrate to Spring Framework 3.x
    • Migrate applications to the latest Spring Framework 3 release, pulling in additional proprietary Moderne recipes.
  • io.moderne.java.spring.framework.UpgradeSpringFramework_5_3
    • Migrate to Spring Framework 5.3 (Moderne Edition)
    • Migrate applications to the latest Spring Framework 5.3 release, pulling in additional proprietary Moderne recipes.
  • io.moderne.java.spring.framework.beansxml.BeansXmlToConfiguration
    • Migrate beans.xml to Spring Framework configuration class
    • Converts Java/Jakarta EE beans.xml configuration files to Spring Framework @Configuration classes.
  • io.moderne.java.spring.framework.jsf23.MigrateFacesConfig
    • Migrate JSF variable-resolver to el-resolver
    • Migrates JSF faces-config.xml from namespaces, tags and values that was deprecated in JSF 1.2 and removed in later versions, to the JSF 2.3 compatible constructs.
  • io.moderne.java.spring.framework.webxml.FindWelcomeFileConfiguration
    • Add landing page controller for welcome file configuration
    • Generates a LandingPageController when welcome-file-list is found in web.xml or context-root in jboss-web.xml. When migrating to Spring Framework 5.3+, applications that rely on these server-side landing page configurations need a @Controller with a @RequestMapping for / to avoid 404 errors, as Spring MVC can take over the root mapping. Skips generation if a controller already maps to /.
  • io.moderne.java.spring.framework.webxml.WebXmlToWebApplicationInitializer
    • Migrate web.xml to WebApplicationInitializer
    • Migrate web.xml to WebApplicationInitializer for Spring applications. This allows for programmatic configuration of the web application context, replacing the need for XML-based configuration. This recipe only picks up web.xml files located in the src/main/webapp/WEB-INF directory to avoid inference with tests. It creates a WebXmlWebAppInitializer class in src/main/java with respect to submodules if they contain java files. If it finds an existing WebXmlWebAppInitializer, it skips the creation.
  • io.moderne.java.spring.framework7.AddDynamicDestinationResolverToJmsTemplate
    • Explicitly set DynamicDestinationResolver on JmsTemplate
    • Spring Framework 7.0 changed the default DestinationResolver for JmsTemplate from DynamicDestinationResolver to SimpleDestinationResolver, which caches Session-resolved Queue and Topic instances. This recipe adds an explicit call to setDestinationResolver(new DynamicDestinationResolver()) to preserve the previous behavior. The caching behavior of SimpleDestinationResolver should be fine for most JMS brokers, so this explicit configuration can be removed once compatibility with the new default is verified.
  • io.moderne.java.spring.framework7.AddSpringExtensionConfigForNestedTests
    • Add @SpringExtensionConfig for nested tests
    • Spring Framework 7.0 changed SpringExtension to use test-method scoped ExtensionContext instead of test-class scoped. This can break @Nested test class hierarchies. Adding @SpringExtensionConfig(useTestClassScopedExtensionContext = true) restores the previous behavior.
  • io.moderne.java.spring.framework7.FindOkHttp3IntegrationUsage
    • Find Spring OkHttp3 integration usage
    • Spring Framework 7.0 removes OkHttp3 integration classes. This recipe identifies usages of OkHttp3ClientHttpRequestFactory and OkHttp3ClientHttpConnector that need to be replaced. Consider migrating to Java's built-in HttpClient with JdkClientHttpRequestFactory or JdkClientHttpConnector, or to Apache HttpClient 5 with HttpComponentsClientHttpRequestFactory.
  • io.moderne.java.spring.framework7.FindRemovedAPIs
    • Find removed APIs in Spring Framework 7.0
    • Finds usages of APIs that were removed in Spring Framework 7.0 and require manual intervention. This includes Theme support, OkHttp3 integration, and servlet view document/feed classes which have no direct automated replacement.
  • io.moderne.java.spring.framework7.FindServletViewSupportUsage
    • Find removed Spring servlet view classes
    • Spring Framework 7.0 removes the org.springframework.web.servlet.view.document and org.springframework.web.servlet.view.feed packages. This recipe adds TODO comments to imports of AbstractPdfView, AbstractXlsView, AbstractXlsxView, AbstractXlsxStreamingView, AbstractPdfStampView, AbstractFeedView, AbstractAtomFeedView, and AbstractRssFeedView that need to be replaced with direct usage of the underlying libraries (Apache POI, OpenPDF/iText, ROME) in web handlers.
  • io.moderne.java.spring.framework7.FindThemeSupportUsage
    • Find Spring Theme support usage
    • Spring Framework 7.0 removes Theme support entirely. This recipe identifies usages of Theme-related classes like ThemeResolver, ThemeSource, and ThemeChangeInterceptor that need to be removed or replaced with CSS-based alternatives. The Spring team recommends using CSS directly for theming functionality.
  • io.moderne.java.spring.framework7.MigrateDeprecatedAPIs
    • Migrate deprecated APIs removed in Spring Framework 7.0
    • Migrates deprecated APIs that were removed in Spring Framework 7.0. This includes ListenableFuture to CompletableFuture migration, ContentCachingRequestWrapper constructor changes, and NestedServletException to ServletException type migration.
  • io.moderne.java.spring.framework7.MigrateHttpStatusToRfc9110
    • Migrate HttpStatus enum values to RFC 9110 names
    • Spring Framework 7.0 aligns HttpStatus enum values with RFC 9110. This recipe replaces deprecated status code constants with their RFC 9110 equivalents: PAYLOAD_TOO_LARGE becomes CONTENT_TOO_LARGE and UNPROCESSABLE_ENTITY becomes UNPROCESSABLE_CONTENT.
  • io.moderne.java.spring.framework7.MigrateJackson2ObjectMapperBuilder
    • Migrate Jackson2ObjectMapperBuilder to mapper builder pattern
    • Replaces Jackson2ObjectMapperBuilder.json().build() and similar factory methods with the corresponding Jackson mapper builder pattern (e.g. JsonMapper.builder()...build()). Setter calls on the resulting mapper are folded into the builder chain when safe, or annotated with a TODO comment when automatic migration is not possible.
  • io.moderne.java.spring.framework7.MigrateJmsDestinationResolver
    • Preserve DynamicDestinationResolver behavior for JmsTemplate
    • Spring Framework 7.0 changed the default DestinationResolver for JmsTemplate from DynamicDestinationResolver to SimpleDestinationResolver, which caches Session-resolved Queue and Topic instances. This recipe explicitly configures DynamicDestinationResolver to preserve the pre-7.0 behavior. The caching behavior of SimpleDestinationResolver should be fine for most JMS brokers, so this explicit configuration can be removed once verified.
  • io.moderne.java.spring.framework7.MigrateListenableFuture
    • Migrate ListenableFuture to CompletableFuture
    • Spring Framework 6.0 deprecated ListenableFuture in favor of CompletableFuture. Spring Framework 7.0 removes ListenableFuture entirely. This recipe migrates usages of ListenableFuture and its callbacks to use CompletableFuture and BiConsumer instead.
  • io.moderne.java.spring.framework7.MigrateResponseEntityGetStatusCodeValueMethod
    • Migrate ResponseEntity#getStatusCodeValue() to getStatusCode().value()
    • Replaces calls to ResponseEntity#getStatusCodeValue() which was deprecated in Spring Framework 6.0 and removed in Spring Framework 7.0 with getStatusCode().value().
  • io.moderne.java.spring.framework7.RemoveSpringJcl
    • Remove spring-jcl dependency
    • The spring-jcl module has been removed in Spring Framework 7.0 in favor of Apache Commons Logging 1.3.0. This recipe removes any explicit dependency on org.springframework:spring-jcl. The change should be transparent for most applications, as spring-jcl was typically a transitive dependency and the logging API calls (org.apache.commons.logging.*) remain unchanged.
  • io.moderne.java.spring.framework7.RenameMemberCategoryConstants
    • Rename MemberCategory field constants for Spring Framework 7.0
    • Renames deprecated MemberCategory constants to their new names in Spring Framework 7.0. MemberCategory.PUBLIC_FIELDS is renamed to MemberCategory.INVOKE_PUBLIC_FIELDS and MemberCategory.DECLARED_FIELDS is renamed to MemberCategory.INVOKE_DECLARED_FIELDS. These renames clarify the original intent of these categories and align with the rest of the API.
  • io.moderne.java.spring.framework7.RenameRequestContextJstlPresent
    • Rename RequestContext.jstPresent to JSTL_PRESENT
    • Renames the protected static field RequestContext.jstPresent to JSTL_PRESENT in Spring Framework 7.0. This field was renamed as part of a codebase-wide effort to use uppercase for classpath-related static final field names (see https://github.com/spring-projects/spring-framework/issues/35525).
  • io.moderne.java.spring.framework7.ReplaceJUnit4SpringTestBaseClasses
    • Replace JUnit 4 Spring test base classes with JUnit Jupiter annotations
    • Replace AbstractJUnit4SpringContextTests and AbstractTransactionalJUnit4SpringContextTests base classes with @ExtendWith(SpringExtension.class) and @Transactional annotations. These base classes are deprecated in Spring Framework 7.0 in favor of the SpringExtension for JUnit Jupiter.
  • io.moderne.java.spring.framework7.SimplifyReflectionHintRegistration
    • Simplify reflection hint registrations for Spring Framework 7.0
    • Removes deprecated MemberCategory arguments from registerType() calls on ReflectionHints. In Spring Framework 7.0, registering a reflection hint for a type now implies methods, constructors, and fields introspection. All MemberCategory values except INVOKE_* have been deprecated. This recipe removes those deprecated arguments, simplifying code like hints.reflection().registerType(MyType.class, MemberCategory.DECLARED_FIELDS) to hints.reflection().registerType(MyType.class).
  • io.moderne.java.spring.framework7.UpdateGraalVmNativeHints
    • Update GraalVM native reflection hints for Spring Framework 7.0
    • Migrates GraalVM native reflection hints to Spring Framework 7.0 conventions. Spring Framework 7.0 adopts the unified reachability metadata format for GraalVM. This recipe renames deprecated MemberCategory constants and simplifies reflection hint registrations where explicit member categories are no longer needed.
  • io.moderne.java.spring.framework7.UpgradeSpringFramework_7_0
    • Migrate to Spring Framework 7.0
    • Migrates applications to Spring Framework 7.0. This recipe applies all necessary changes including API migrations, removed feature detection, and configuration updates.
  • io.moderne.java.spring.framework7.WrapGenericMessageMapInMessageHeaders
    • Wrap GenericMessage map argument in MessageHeaders
    • Wraps the Map argument in GenericMessage constructors in Kotlin sources with MessageHeaders(map) to explicitly use the MessageHeaders overload. This resolves Kotlin overload resolution ambiguity between the Map and MessageHeaders constructor overloads.
  • io.moderne.java.spring.hibernate.MigrateDaoSupportGetSession
    • Migrate HibernateDaoSupport#getSession() usage
    • Migrate HibernateDaoSupport#getSession() usage to HibernateDaoSupport#getSessionFactory()#getCurrentSession() and annotate the methods with @Transactional.
  • io.moderne.java.spring.hibernate.MigrateSaveOrUpdateAll
    • Migrate HibernateDaoSupport#getHibernateTemplate#saveOrUpdateAll
    • Migrate removed HibernateDaoSupport#getHibernateTemplate#.saveOrUpdateAll to an iterative HibernateDaoSupport#getHibernateTemplate#.saveOrUpdate.
  • io.moderne.java.spring.kafka.consumer.FindKafkaListenerWithoutErrorHandling
    • Find @KafkaListener methods without error handling
    • Flags @KafkaListener methods that lack proper error handling. Methods should have @RetryableTopic, specify an errorHandler in the annotation, or implement try-catch blocks for error handling.
  • io.moderne.java.spring.kafka.consumer.FindMissingDltHandler
    • Find @RetryableTopic without @DltHandler
    • Flags classes that use @RetryableTopic without a corresponding @DltHandler method. A DLT handler should be defined to process messages that have exhausted all retries.
  • io.moderne.java.spring.kafka.consumer.IsKafkaConsumer
    • Is likely a Kafka consumer module
    • Marks the project if it's likely a Kafka consumer module.
  • io.moderne.java.spring.kafka.producer.FindCustomKeyUsage
    • Find KafkaTemplate.send() with custom key
    • Flags KafkaTemplate.send() calls that use a custom key (3+ arguments). Custom keys should be reviewed to ensure they provide appropriate partition distribution.
  • io.moderne.java.spring.kafka.producer.IsKafkaProducer
    • Is likely a Kafka producer module
    • Marks the project if it's likely a Kafka producer module.
  • io.moderne.java.spring.orm.SpringORM5
    • Migrate to Spring ORM to 5
    • Migrate applications using Spring ORM Hibernate Support to Hibernate 5 compatible version. This will enable a further migration by the Spring Framework migration past 5.
  • io.moderne.java.spring.security.MigrateAcegiToSpringSecurity_5_0
    • Migrate from Acegi Security 1.0.x to Spring Security 5.0
    • Migrates Acegi Security 1.0.x directly to Spring Security 5.0. This recipe handles dependency changes, type renames, XML configuration updates, web.xml filter migration, and adds TODO comments for password encoders that require manual migration.
  • io.moderne.java.spring.security6.MigrateAntPathRequestMatcher
    • Migrate antPathRequestMatcher to pathPatternRequestMatcher
    • In Spring Security 6.5, AntPathRequestMatcher is deprecated in favor of PathPatternRequestMatcher. This recipe migrates static method calls and constructor usage to the new pattern.
  • io.moderne.java.spring.security6.UpgradeSpringSecurity_6_5
    • Migrate to Spring Security 6.5 (Moderne Edition)
    • Migrate applications to the latest Spring Security 6.5 release. This recipe will modify an application's build files, make changes to deprecated/preferred APIs, and migrate configuration settings that have changes between versions.
  • io.moderne.java.spring.security7.MigrateMvcRequestMatcher
    • Migrate MvcRequestMatcher to PathPatternRequestMatcher
    • In Spring Security 7.0, MvcRequestMatcher which depends on the deprecated HandlerMappingIntrospector is removed in favor of PathPatternRequestMatcher. This recipe migrates constructor and builder usage to the new pattern.
  • io.moderne.java.spring.security7.MigrateOAuth2AccessTokenResponseClient
    • Migrate OAuth2AccessTokenResponseClient from RestOperations to RestClient based implementations
    • A new set of OAuth2AccessTokenResponseClient implementations were introduced based on RestClient. This recipe replaces the RestOperations-based implementations which have been deprecated. The RestClient implementations are drop-in replacements for the deprecated implementations.
  • io.moderne.java.spring.security7.MigrateOAuth2RestOperationsToRestClient
    • Migrate OAuth2 token response client from RestOperations to RestClient
    • Migrates setRestOperations(RestOperations) calls to setRestClient(RestClient) on the new RestClient-based OAuth2 AccessTokenResponseClient implementations. The RestClient-based implementations introduced in Spring Security 7 use RestClient instead of RestOperations.
  • io.moderne.java.spring.security7.MigrateRequiresChannelToRedirectToHttps
    • Migrate requiresChannel() to redirectToHttps()
    • In Spring Security 7.0, HttpSecurity.requiresChannel() is deprecated in favor of HttpSecurity.redirectToHttps(). This recipe renames the method call and simplifies anyRequest().requiresSecure() to Customizer.withDefaults().
  • io.moderne.java.spring.security7.ModularizeSpringSecurity7
    • Spring Security 7 modularization
    • Spring Security Core was modularized in version 7, deprecated classes that are still a crucial part of some applications are moved to spring-security-access.

rewrite-tapestry

License: Moderne Proprietary License

11 recipes

  • org.openrewrite.tapestry.ChangeTapestryPackages
    • Change Tapestry 4 packages to Tapestry 5
    • Updates package imports from org.apache.tapestry to org.apache.tapestry5. Only renames packages that have direct equivalents in Tapestry 5.
  • org.openrewrite.tapestry.ChangeTapestryTypes
    • Change Tapestry 4 types to Tapestry 5 equivalents
    • Renames Tapestry 4 types that have direct equivalents in Tapestry 5. This handles types from different packages that were reorganized in T5.
  • org.openrewrite.tapestry.ConvertAnnotatedMethodToField
    • Convert annotated abstract method to field
    • Converts abstract getter methods annotated with sourceAnnotation to private fields annotated with targetAnnotation. Also removes corresponding abstract setter methods.
  • org.openrewrite.tapestry.ConvertBeanAnnotation
    • Convert Tapestry 4 @Bean to @Property
    • Converts Tapestry 4's @Bean annotation to @Property fields. Bean initialization with 'initializer' attribute requires manual migration.
  • org.openrewrite.tapestry.ConvertListenerInterfaces
    • Convert Tapestry 4 listener interfaces to Tapestry 5 annotations
    • Converts Tapestry 4 page lifecycle listener interfaces (PageBeginRenderListener, PageEndRenderListener, etc.) to Tapestry 5 lifecycle annotations (@SetupRender, @CleanupRender, etc.) and removes the interface implementations.
  • org.openrewrite.tapestry.MigrateTapestry4To5
    • Migrate Tapestry 4 to Tapestry 5
    • Migrates Apache Tapestry 4 applications to Tapestry 5. This includes package renames, removing base class inheritance, converting listener interfaces to annotations, and updating dependencies.
  • org.openrewrite.tapestry.RemoveIRequestCycleParameter
    • Remove IRequestCycle parameters
    • Removes IRequestCycle parameters from methods. In Tapestry 5, event handler methods don't receive the request cycle as a parameter.
  • org.openrewrite.tapestry.RemoveObsoleteFormTypes
    • Remove obsolete Tapestry form types
    • Removes field declarations and imports for Tapestry 4 form component types (IPropertySelectionModel, StringPropertySelectionModel, etc.) that don't exist in Tapestry 5. Code using these types will need manual refactoring to use Tapestry 5's SelectModel pattern.
  • org.openrewrite.tapestry.RemoveTapestryBaseClasses
    • Remove Tapestry 4 base classes
    • Removes Tapestry 4 base class inheritance (BasePage, BaseComponent, AbstractComponent) and converts the class to a POJO suitable for Tapestry 5. Abstract getter/setter methods are converted to fields with @Property annotation.
  • org.openrewrite.tapestry.ReplaceReverseComparator
    • Replace ReverseComparator with Collections.reverseOrder()
    • Replaces tapestry-contrib's ReverseComparator with the standard Java Collections.reverseOrder() method.
  • org.openrewrite.tapestry.UpdateTapestryDependencies
    • Update Tapestry dependencies
    • Updates dependencies from Tapestry 4 to Tapestry 5.

rewrite-vulncheck

License: Moderne Proprietary License

1 recipe

  • io.moderne.vulncheck.FixVulnCheckVulnerabilities
    • Use VulnCheck Exploit Intelligence to fix vulnerabilities
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from VulnCheck Vulnerability Intelligence. The recipe has an option to limit fixes to only those vulnerabilities that have evidence of exploitation at various levels of severity.

org.openrewrite

rewrite-cobol

License: Moderne Source Available License

7 recipes

rewrite-core

License: Apache License Version 2.0

29 recipes

  • org.openrewrite.AddToGitignore
    • Add entries to .gitignore
    • Adds entries to the project's .gitignore file. If no .gitignore file exists, one will be created. Existing entries that match will not be duplicated.
  • org.openrewrite.DeleteSourceFiles
    • Delete files
    • Delete files by source path.
  • org.openrewrite.ExcludeFileFromGitignore
    • Remove ignoral of files or directories from .gitignore
    • This recipe will remove a file or directory from the .gitignore file. If the file or directory is already in the .gitignore file, it will be removed or negated. If the file or directory is not in the .gitignore file, no action will be taken.
  • org.openrewrite.FindCollidingSourceFiles
    • Find colliding source files
    • Finds source files which share a path with another source file. There should always be exactly one source file per path within a repository. This is a diagnostic for finding problems in OpenRewrite parsers/build plugins.
  • org.openrewrite.FindDeserializationErrors
    • Find deserialization errors
    • Produces a data table collecting all deserialization errors of serialized LSTs.
  • org.openrewrite.FindGitProvenance
    • Show Git source control metadata
    • List out the contents of each unique GitProvenance marker in the set of source files. When everything is working correctly, exactly one such marker should be printed as all source files are expected to come from the same repository / branch / commit hash.
  • org.openrewrite.FindLstProvenance
    • Find LST provenance
    • Produces a data table showing what versions of OpenRewrite/Moderne tooling was used to produce a given LST.
  • org.openrewrite.FindParseFailures
    • Find source files with ParseExceptionResult markers
    • This recipe explores parse failures after an LST is produced for classifying the types of failures that can occur and prioritizing fixes according to the most common problems.
  • org.openrewrite.FindQuarks
    • Find instances of type Quark
    • Quark source files are pointers to the existence of a file without capturing any of the contents of the file.
  • org.openrewrite.FindSourceFiles
    • Find files
    • Find files by source path. Paths are always interpreted as relative to the repository root.
  • org.openrewrite.FindStyles
    • Find styles
    • Find and report the styles attached to each source file. Styles are output as valid OpenRewrite style YAML that can be used directly in rewrite.yml configuration.
  • org.openrewrite.IsInRepository
    • Is in repository
    • A search recipe which marks files that are in a repository with one of the supplied names. Intended for use as a precondition for other recipes being run over many different repositories.
  • org.openrewrite.ListRuntimeClasspath
    • List runtime classpath
    • A diagnostic utility which emits the runtime classpath to a data table.
  • org.openrewrite.MoveFile
    • Move a file
    • Move a file to a different directory. The file name will remain the same.
  • org.openrewrite.RenameFile
    • Rename a file
    • Rename a file while keeping it in the same directory.
  • org.openrewrite.SetFilePermissions
    • Set file permission attributes
    • Set a file's read, write and executable permission attributes.
  • org.openrewrite.Singleton
    • Singleton
    • Used as a precondition to ensure that a recipe attempts to make changes only once. Accidentally including multiple copies/instances of the same large composite recipes is a common mistake. If those recipes are marked with this precondition the performance penalty is limited. This recipe does nothing useful run on its own. ## Usage in YAML recipes Add org.openrewrite.Singleton as a precondition: yaml --- type: specs.openrewrite.org/v1beta/recipe name: com.example.Append displayName: My recipe preconditions: - org.openrewrite.Singleton recipeList: - org.openrewrite.text.AppendToTextFile: relativeFileName: report.txt content: 'Recipe executed' ## Usage in Java recipes Wrap visitors with Singleton.singleton(this, visitor) to ensure only the first equivalent recipe instance makes changes: java @Override public TreeVisitor&lt;?, ExecutionContext&gt; getVisitor(Accumulator acc) \{ return singleton(this, new TreeVisitor&lt;Tree, ExecutionContext&gt;() \{ @Override public Tree visit(@Nullable Tree tree, ExecutionContext ctx) \{ // Your transformation logic return tree; \} \}); \} @Override public Collection&lt;SourceFile&gt; generate(Accumulator acc, ExecutionContext ctx) \{ if (!isSingleton(this, ctx)) \{ return Collections.emptyList(); \} // Generate new sources return results; \} @Override public TreeVisitor&lt;?, ExecutionContext&gt; getVisitor(Accumulator acc) \{ return singleton(this, new TreeVisitor&lt;Tree, ExecutionContext&gt;() \{ // Visitor logic \}); \} Note: Singleton status is determined by the recipe's equals() and hashCode() methods. If equivalent instances of a recipe are not considered singletons, ensure your recipe class correctly implements these methods. The easiest way is to use Lombok's @Value annotation on your recipe class, which automatically generates correct equals() and hashCode() implementations based on all fields.
  • org.openrewrite.search.FindBuildMetadata
    • Find build metadata
    • Find source files with matching build metadata.
  • org.openrewrite.search.FindCommitters
    • Find committers on repositories
    • List the committers on a repository.
  • org.openrewrite.search.FindParseToPrintInequality
    • Find parse to print inequality
    • OpenRewrite Parser implementations should produce SourceFile objects whose printAll() method should be byte-for-byte equivalent with the original source file. When this isn't true, recipes can still run on the SourceFile and even produce diffs, but the diffs would fail to apply as a patch to the original source file. Most Parser use Parser#requirePrintEqualsInput to produce a ParseError when they fail to produce a SourceFile that is print idempotent.
  • org.openrewrite.search.RepositoryContainsFile
    • Repository contains file
    • Intended to be used primarily as a precondition for other recipes, this recipe checks if a repository contains a specific file or files matching a pattern. If present all files in the repository are marked with a SearchResult marker. If you want to get only the matching file as a search result, use FindSourceFiles instead.
  • org.openrewrite.text.AppendToTextFile
    • Append to text file
    • Appends or replaces content of an existing plain text file, or creates a new one if it doesn't already exist. Please note that this recipes requires existing plain text files' format to be successfully parsable by OpenRewrite. If a file is left unchanged, it might be parsed as a Quark rather than plain text. In such case, use the plainTextMask option. See the Gradle or Maven plugin configuration page.
  • org.openrewrite.text.ChangeText
    • Change text
    • Completely replaces the contents of the text file with other text. Use together with a FindSourceFiles precondition to limit which files are changed.
  • org.openrewrite.text.CreateTextFile
    • Create text file
    • Creates a new plain text file.
  • org.openrewrite.text.EndOfLineAtEndOfFile
    • End of Line @ End of File (EOL @ EOF)
    • Ensure that the file ends with the newline character. Note: If this recipe modifies a file, it converts the file into plain text. As such, this recipe should be run after any recipe that modifies the language-specific LST.
  • org.openrewrite.text.Find
    • Find text
    • Textual search, optionally using Regular Expression (regex) to query.
  • org.openrewrite.text.FindAndReplace
    • Find and replace
    • Textual find and replace, optionally interpreting the search query as a Regular Expression (regex). When operating on source files that are language-specific Lossless Semantic Tree, such as Java or XML, this operation converts the source file to plain text for the rest of the recipe run. So if you are combining this recipe with language-specific recipes in a single recipe run put all the language-specific recipes before this recipe.
  • org.openrewrite.text.FindMultiselect
    • Experimental find text with multiselect
    • Search for text, treating all textual sources as plain text. This version of the recipe exists to experiment with multiselect recipe options.
  • org.openrewrite.text.RemoveByteOrderMark
    • Remove byte order mark (BOM)
    • Removes UTF-8 byte order marks from the beginning of files. The BOM character (U+FEFF) is generally unnecessary in UTF-8 files and can cause issues with some tools.

rewrite-docker

License: Apache License Version 2.0

18 recipes

  • org.openrewrite.docker.AddAptGetCleanup
    • Add apt-get cleanup
    • Adds cleanup commands to apt-get RUN instructions to reduce Docker image size. By default, adds 'rm -rf /var/lib/apt/lists/*' to remove cached package lists.
  • org.openrewrite.docker.AddOciLabels
  • org.openrewrite.docker.AddOrUpdateLabel
    • Add Docker LABEL instruction
    • Adds or updates a LABEL instruction in a Dockerfile. By default, adds to the final stage only.
  • org.openrewrite.docker.AddUserInstruction
    • Add USER instruction
    • Adds a USER instruction to run the container as a non-root user (CIS Docker Benchmark 4.1). By default, adds to the final stage only and skips if a USER instruction already exists.
  • org.openrewrite.docker.ChangeFrom
    • Change Docker FROM
    • Change the base image in a Dockerfile FROM instruction. Each * in an old* glob is a positional capture; $N in the paired new* substitutes capture N. $0 substitutes the full original value; \$ is a literal dollar.
  • org.openrewrite.docker.CombineRunInstructions
    • Combine consecutive RUN instructions
    • Combines consecutive RUN instructions into a single instruction to reduce image layers. Only shell form RUN instructions without flags are combined.
  • org.openrewrite.docker.DockerBestPractices
    • Apply Docker best practices
    • Apply a set of Docker best practices to Dockerfiles. This recipe applies security hardening, build optimization, and maintainability improvements based on CIS Docker Benchmark and industry best practices.
  • org.openrewrite.docker.DockerBuildOptimization
    • Optimize Docker builds
    • Apply build optimization best practices to Dockerfiles. This includes combining RUN instructions to reduce layers and adding cleanup commands to reduce image size.
  • org.openrewrite.docker.DockerSecurityBestPractices
    • Apply Docker security best practices
    • Apply security-focused Docker best practices to Dockerfiles. This includes running as a non-root user (CIS 4.1) and using COPY instead of ADD where appropriate (CIS 4.9).
  • org.openrewrite.docker.NormalizeDockerHubImageName
    • Normalize Docker Hub image names
    • Normalizes Docker Hub image names to their canonical short form by removing redundant registry prefixes like docker.io/library/ or index.docker.io/.
  • org.openrewrite.docker.ReplaceAddWithCopy
    • Replace ADD with COPY
    • Replaces ADD instructions with COPY where appropriate. ADD is only kept when the source is a URL or a tar archive that should be auto-extracted. Using COPY is preferred for transparency (CIS Docker Benchmark 4.9).
  • org.openrewrite.docker.UseExecFormEntrypoint
    • Use exec form for ENTRYPOINT and CMD
    • Converts shell form ENTRYPOINT and CMD instructions to exec form (JSON array). Exec form is preferred because it runs the command as PID 1, allowing it to receive Unix signals properly. Shell form wraps commands in /bin/sh -c which can cause signal handling issues.
  • org.openrewrite.docker.search.FindBaseImages
    • Find Docker base images
    • Find all base images (FROM instructions) in Dockerfiles.
  • org.openrewrite.docker.search.FindEndOfLifeImages
    • Find end-of-life Docker base images
    • Identifies Docker base images that have reached end-of-life. Using EOL images poses security risks as they no longer receive security updates. Detected images include EOL versions of Debian, Ubuntu, Alpine, Python, and Node.js.
  • org.openrewrite.docker.search.FindExposedPorts
    • Find exposed ports
    • Find all EXPOSE instructions in Dockerfiles and report the exposed ports.
  • org.openrewrite.docker.search.FindMissingHealthcheck
    • Find missing HEALTHCHECK
    • Finds Dockerfiles where the final stage is missing a HEALTHCHECK instruction (CIS Docker Benchmark 4.6). Health checks help container orchestrators determine if a container is healthy and ready to receive traffic.
  • org.openrewrite.docker.search.FindRootUser
    • Find containers running as root
    • Finds containers that run as root user (CIS Docker Benchmark 4.1). This includes explicit USER root or USER 0 instructions, and optionally containers with no USER instruction in the final stage (which default to root).
  • org.openrewrite.docker.search.FindUnpinnedBaseImages
    • Find unpinned base images
    • Finds FROM instructions that use unpinned base images (CIS Docker Benchmark 4.2). Images without an explicit tag default to 'latest', which is not reproducible. Images pinned by digest are considered acceptable.

rewrite-gradle

License: Apache License Version 2.0

68 recipes

rewrite-groovy

License: Apache License Version 2.0

4 recipes

rewrite-hcl

License: Apache License Version 2.0

11 recipes

rewrite-java

License: Apache License Version 2.0

101 recipes

rewrite-javascript

License: Moderne Source Available License

17 recipes

rewrite-json

License: Apache License Version 2.0

10 recipes

rewrite-kotlin

License: Apache License Version 2.0

11 recipes

  • org.openrewrite.kotlin.FindKotlinSources
    • Find Kotlin sources and collect data metrics
    • Use data table to collect source files types and counts of files with extensions .kt.
  • org.openrewrite.kotlin.OrderImports
    • Order Kotlin imports
    • Groups and orders import statements. If a style has been defined, this recipe will order the imports according to that style. If no style is detected, this recipe will default to ordering imports in the same way that IntelliJ IDEA does.
  • org.openrewrite.kotlin.RenameTypeAlias
    • Rename type alias
    • Change the name of a given type alias.
  • org.openrewrite.kotlin.cleanup.EqualsMethodUsage
    • Structural equality tests should use == or !=
    • In Kotlin, == means structural equality and != structural inequality and both map to the left-side term’s equals() function. It is, therefore, redundant to call equals() as a function. Also, == and != are more general than equals() and !equals() because it allows either of both operands to be null. Developers using equals() instead of == or != is often the result of adapting styles from other languages like Java, where == means reference equality and != means reference inequality. The == and != operators are a more concise and elegant way to test structural equality than calling a function.
  • org.openrewrite.kotlin.cleanup.ImplicitParameterInLambda
    • it shouldn't be used as a lambda parameter name
    • it is a special identifier that allows you to refer to the current parameter being passed to a lambda expression without explicitly naming the parameter. Lambda expressions are a concise way of writing anonymous functions. Many lambda expressions have only one parameter, when this is true the compiler can determine the parameter type by context. Thus when using it with single parameter lambda expressions, you do not need to declare the type.
  • org.openrewrite.kotlin.cleanup.RemoveLambdaArgumentParentheses
    • Remove method invocation parentheses around single lambda argument
    • For example, convert 1.let(\{ it + 1 \}) to 1.let \{ it + 1 \}.
  • org.openrewrite.kotlin.cleanup.RemoveTrailingComma
    • Remove trailing comma in Kotlin
    • Remove trailing commas in variable, parameter, and class property lists.
  • org.openrewrite.kotlin.cleanup.RemoveTrailingSemicolon
    • Remove unnecessary trailing semicolon
    • Some Java programmers may mistakenly add semicolons at the end when writing Kotlin code, but in reality, they are not necessary.
  • org.openrewrite.kotlin.cleanup.ReplaceCharToIntWithCode
    • Replace Char#toInt() with Char#code
    • Replace the usage of the deprecated Char#toInt() with Char#code. Please ensure that your Kotlin version is 1.5 or later to support the Char#code property. Note that the current implementation does not perform a Kotlin version check.
  • org.openrewrite.kotlin.cleanup.UnnecessaryTypeParentheses
    • Remove unnecessary parentheses on Kotlin types
    • In Kotlin, it's possible to add redundant nested parentheses in type definitions. This recipe is designed to remove those unnecessary parentheses.
  • org.openrewrite.kotlin.format.AutoFormat
    • Format Kotlin code
    • Format Kotlin code using a standard comprehensive set of Kotlin formatting recipes.

rewrite-maven

License: Apache License Version 2.0

88 recipes

  • org.openrewrite.maven.AddAnnotationProcessor
    • Add an annotation processor to maven-compiler-plugin
    • Add an annotation processor path to the maven-compiler-plugin configuration. For modules with an in-reactor parent, adds to the parent's build/pluginManagement/plugins section. For modules without a parent or with a parent outside the reactor, adds directly to build/plugins. Updates the annotation processor version if a newer version is specified.
  • org.openrewrite.maven.AddCommentToMavenDependency
    • Add a comment to a Maven dependency or plugin
    • Adds a comment as the first element in a Maven dependency or plugin.
  • org.openrewrite.maven.AddDependency
    • Add Maven dependency
    • Add a Maven dependency to a pom.xml file in the correct scope based on where it is used.
  • org.openrewrite.maven.AddDevelocityMavenExtension
    • Add the Develocity Maven extension
    • To integrate the Develocity Maven extension into Maven projects, ensure that the develocity-maven-extension is added to the .mvn/extensions.xml file if not already present. Additionally, configure the extension by adding the .mvn/develocity.xml configuration file.
  • org.openrewrite.maven.AddManagedDependency
    • Add managed Maven dependency
    • Add a managed Maven dependency to a pom.xml file.
  • org.openrewrite.maven.AddManagedPlugin
    • Add Managed Maven plugin
    • Add the specified Maven plugin to the Plugin Managed of the pom.xml.
  • org.openrewrite.maven.AddParentPom
    • Add Maven parent
    • Add a parent pom to a Maven pom.xml. Does nothing if a parent pom is already present.
  • org.openrewrite.maven.AddPlugin
    • Add Maven plugin
    • Add the specified Maven plugin to the pom.xml.
  • org.openrewrite.maven.AddPluginDependency
    • Add Maven plugin dependencies
    • Adds the specified dependencies to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • org.openrewrite.maven.AddProfile
    • Add Maven profile
    • Add a maven profile to a pom.xml file.
  • org.openrewrite.maven.AddProperty
    • Add Maven project property
    • Add a new property to the Maven project property. Prefers to add the property to the parent if the project has multiple modules.
  • org.openrewrite.maven.AddRepository
    • Add repository
    • Adds a new Maven Repository or updates a matching repository.
  • org.openrewrite.maven.AddRuntimeConfig
    • Add a configuration option for the Maven runtime
    • Add a new configuration option for the Maven runtime if not already present.
  • org.openrewrite.maven.BestPractices
    • Apache Maven best practices
    • Applies best practices to Maven POMs.
  • org.openrewrite.maven.ChangeDependencyClassifier
    • Change Maven dependency classifier
    • Add or alter the classifier of the specified dependency.
  • org.openrewrite.maven.ChangeDependencyGroupIdAndArtifactId
    • Change Maven dependency
    • Change a Maven dependency coordinates. The newGroupId or newArtifactId MUST be different from before. Matching &lt;dependencyManagement&gt; coordinates are also updated if a newVersion or versionPattern is provided. Exclusions that reference the old dependency coordinates are preserved, and a sibling exclusion for the new coordinates is added alongside them.
  • org.openrewrite.maven.ChangeDependencyScope
    • Change Maven dependency scope
    • Add or alter the scope of the specified dependency.
  • org.openrewrite.maven.ChangeExclusion
    • Change Maven dependency exclusion
    • Modify Maven dependency exclusions, changing the group ID, artifact Id, or both. Useful when an excluded dependency has been renamed and references to it must be updated.
  • org.openrewrite.maven.ChangeManagedDependencyGroupIdAndArtifactId
    • Change Maven managed dependency groupId, artifactId and optionally the version
    • Change the groupId, artifactId and optionally the version of a specified Maven managed dependency.
  • org.openrewrite.maven.ChangePackaging
    • Set Maven project packaging
    • Sets the packaging type of Maven projects. Either adds the packaging tag if it is missing or changes its context if present.
  • org.openrewrite.maven.ChangeParentPom
    • Change Maven parent
    • Change the parent pom of a Maven pom.xml by matching the existing parent via groupId and artifactId, and updating it to a new groupId, artifactId, version, and optional relativePath. Also updates the project to retain dependency management and properties previously inherited from the old parent that are no longer provided by the new parent. Removes redundant dependency versions already managed by the new parent.
  • org.openrewrite.maven.ChangePluginConfiguration
    • Change Maven plugin configuration
    • Apply the specified configuration to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • org.openrewrite.maven.ChangePluginDependencies
    • Change Maven plugin dependencies
    • Applies the specified dependencies to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • org.openrewrite.maven.ChangePluginExecutions
    • Change Maven plugin executions
    • Apply the specified executions to a Maven plugin. Will not add the plugin if it does not already exist in the pom.
  • org.openrewrite.maven.ChangePluginGroupIdAndArtifactId
    • Change Maven plugin group and artifact ID
    • Change the groupId and/or the artifactId of a specified Maven plugin. Optionally update the plugin version. This recipe does not perform any validation and assumes all values passed are valid.
  • org.openrewrite.maven.ChangeProjectVersion
    • Change Maven Project Version
    • Change the project version of a Maven pom.xml. Identifies the project to be changed by its groupId and artifactId. If the version is defined as a property, this recipe will only change the property value if the property exists within the same pom.
  • org.openrewrite.maven.ChangePropertyValue
    • Change Maven project property value
    • Changes the specified Maven project property value leaving the key intact.
  • org.openrewrite.maven.EnableDevelocityBuildCache
    • Enable Develocity build cache
    • Add Develocity build cache configuration to any .mvn/ Develocity configuration file that lack existing configuration.
  • org.openrewrite.maven.ExcludeDependency
    • Exclude Maven dependency
    • Exclude specified dependency from any dependency that transitively includes it.
  • org.openrewrite.maven.IncrementProjectVersion
    • Increment Maven project version
    • Increase Maven project version by incrementing either the major, minor, or patch version as defined by semver. Other versioning schemes are not supported.
  • org.openrewrite.maven.ManageDependencies
    • Manage dependencies
    • Make existing dependencies managed by moving their version to be specified in the dependencyManagement section of the POM.
  • org.openrewrite.maven.ManagedToRuntimeDependencies
    • Convert managed dependencies to runtime dependencies
    • This recipe processes Maven POMs, converting all &lt;dependencyManagement&gt; entries into runtime scoped &lt;dependencies&gt; entries. Import scoped BOMs (like jackson-bom) are left unmodified in &lt;dependencyManagement&gt;. Some style guidelines prefer that &lt;dependencyManagement&gt; be used only for BOMs. This maintain that style while avoiding introducing new symbols onto the compile classpath unintentionally.
  • org.openrewrite.maven.MigrateToMaven4
    • Migrate to Maven 4
    • Migrates Maven POMs from Maven 3 to Maven 4, addressing breaking changes and deprecations. This recipe updates property expressions, lifecycle phases, removes duplicate plugin declarations, and replaces removed properties to ensure compatibility with Maven 4.
  • org.openrewrite.maven.ModernizeObsoletePoms
    • Modernize obsolete Maven poms
    • Very old Maven poms are no longer supported by current versions of Maven. This recipe updates poms with &lt;pomVersion&gt;3&lt;/pomVersion&gt; to &lt;modelVersion&gt;4.0.0&lt;/modelVersion&gt; of the Maven pom schema. This does not attempt to upgrade old dependencies or plugins and is best regarded as the starting point of a migration rather than an end-point.
  • org.openrewrite.maven.OrderPomElements
    • Order POM elements
    • Order POM elements according to the recommended order.
  • org.openrewrite.maven.RemoveDependency
    • Remove Maven dependency
    • Removes a single dependency from the <dependencies> section of the pom.xml. Does not remove usage of the dependency classes, nor guard against the resulting compilation errors.
  • org.openrewrite.maven.RemoveDuplicateDependencies
    • Remove duplicate Maven dependencies
    • Removes duplicated dependencies in the &lt;dependencies&gt; and &lt;dependencyManagement&gt; sections of the pom.xml.
  • org.openrewrite.maven.RemoveDuplicatePluginDeclarations
    • Remove duplicate plugin declarations
    • Maven 4 rejects duplicate plugin declarations (same groupId and artifactId) with an error. This recipe removes duplicate plugin declarations, keeping only the first occurrence.
  • org.openrewrite.maven.RemoveExclusion
    • Remove exclusion
    • Remove any matching exclusion from any matching dependency.
  • org.openrewrite.maven.RemoveManagedDependency
    • Remove Maven managed dependency
    • Removes a single managed dependency from the <dependencyManagement><dependencies> section of the pom.xml.
  • org.openrewrite.maven.RemoveMavenWrapper
    • Remove Maven wrapper
    • Remove Maven wrapper files from a project. This includes the mvnw and mvnw.cmd scripts, and the .mvn/wrapper directory.
  • org.openrewrite.maven.RemovePlugin
    • Remove Maven plugin
    • Remove the specified Maven plugin from the POM.
  • org.openrewrite.maven.RemovePluginDependency
    • Remove Maven plugin dependency
    • Removes a dependency from the <dependencies> section of a plugin in the pom.xml.
  • org.openrewrite.maven.RemoveProperty
    • Remove Maven project property
    • Removes the specified Maven project property from the pom.xml.
  • org.openrewrite.maven.RemoveRedundantDependencyVersions
    • Remove redundant explicit dependency and plugin versions
    • Remove explicitly-specified dependency/plugin versions when a parent POM's dependencyManagement/pluginManagement specifies the version.
  • org.openrewrite.maven.RemoveRedundantProperties
    • Remove redundant properties
    • Remove properties when a parent POM specifies the same property.
  • org.openrewrite.maven.RemoveRepository
    • Remove repository
    • Removes a matching Maven repository.
  • org.openrewrite.maven.RemoveUnusedProperties
    • Remove unused properties
    • Detect and remove Maven property declarations which do not have any usage within the project.
  • org.openrewrite.maven.RenamePropertyKey
    • Rename Maven property key
    • Rename the specified Maven project property key leaving the value unchanged.
  • org.openrewrite.maven.ReplaceDeprecatedLifecyclePhases
    • Replace deprecated lifecycle phases
    • Maven 4 deprecated all pre-* and post-* lifecycle phases in favor of the before: and after: syntax. This recipe updates plugin phase declarations to use the new syntax, including pre-cleanbefore:clean, pre-sitebefore:site, pre-integration-testbefore:integration-test, and their post-* equivalents.
  • org.openrewrite.maven.ReplaceModulesWithSubprojects
    • Replace modules with subprojects
    • Maven 4 model version 4.1.0 deprecates the &lt;modules&gt; element in favor of &lt;subprojects&gt; to eliminate confusion with Java's Platform Module System (JPMS). This recipe renames &lt;modules&gt; to &lt;subprojects&gt; and &lt;module&gt; children to &lt;subproject&gt;.
  • org.openrewrite.maven.ReplaceRemovedRootDirectoryProperties
    • Replace removed root directory properties
    • Maven 4 removed support for deprecated root directory properties. This recipe replaces $\{executionRootDirectory\} with $\{session.rootDirectory\} and $\{multiModuleProjectDirectory\} with $\{project.rootDirectory\}.
  • org.openrewrite.maven.SortDependencies
    • Sort dependencies
    • Sort dependencies alphabetically by groupId then artifactId. Test-scoped dependencies are sorted after non-test dependencies. Applies to both &lt;dependencies&gt; and &lt;dependencyManagement&gt; sections.
  • org.openrewrite.maven.UpdateMavenProjectPropertyJavaVersion
    • Update Maven Java project properties
    • The Java version is determined by several project properties, including: * java.version * jdk.version * javaVersion * jdkVersion * maven.compiler.source * maven.compiler.target * maven.compiler.release * release.version If none of these properties are in use and the maven compiler plugin is not otherwise configured, adds the maven.compiler.release property.
  • org.openrewrite.maven.UpdateMavenWrapper
    • Update Maven wrapper
    • Update the version of Maven used in an existing Maven wrapper.
  • org.openrewrite.maven.UpdateScmFromGitOrigin
    • Update SCM with Git origin
    • Updates or adds the Maven &lt;scm&gt; tag based on the Git remote origin. By default, only existing Source Control Management (SCM) sections are updated. Set addIfMissing to true to also add missing SCM sections to root POMs (POMs without a parent element).
  • org.openrewrite.maven.UpgradeDependencyVersion
    • Upgrade Maven dependency version
    • Upgrade the version of a dependency by specifying a group and (optionally) an artifact using Node Semver advanced range selectors, allowing more precise control over version updates to patch or minor releases.
  • org.openrewrite.maven.UpgradeParentVersion
    • Upgrade Maven parent project version
    • Set the parent pom version number according to a version selector or to a specific version number.
  • org.openrewrite.maven.UpgradePluginVersion
    • Upgrade Maven plugin version
    • Upgrade the version of a plugin using Node Semver advanced range selectors, allowing more precise control over version updates to patch or minor releases.
  • org.openrewrite.maven.UpgradeToModelVersion410
    • Upgrade to Maven model version 4.1.0
    • Upgrades Maven POMs from model version 4.0.0 to 4.1.0, enabling new Maven 4 features like &lt;subprojects&gt;, bom packaging, and automatic version inference. This recipe updates the &lt;modelVersion&gt; element, xmlns namespace, and xsi:schemaLocation from 4.0.0 to 4.1.0.
  • org.openrewrite.maven.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom file. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.maven.UseMavenCompilerPluginReleaseConfiguration
    • Use Maven compiler plugin release configuration
    • Replaces any explicit source or target configuration (if present) on the maven-compiler-plugin with release, and updates the release value if needed. When testSource or testTarget differ from the main version, introduces testRelease. Will not downgrade the Java version if the current version is higher. Also removes stale maven.compiler.source, maven.compiler.target, maven.compiler.testSource, and maven.compiler.testTarget properties that are no longer referenced.
  • org.openrewrite.maven.UseParentInference
    • Use Maven 4 parent inference
    • Maven 4.1.0 supports automatic parent version inference when using a relative path. This recipe simplifies parent declarations by using the shorthand &lt;parent/&gt; form when the parent is in the default location (..), removing the explicit &lt;relativePath&gt;, &lt;groupId&gt;, &lt;artifactId&gt;, and &lt;version&gt; elements. Maven automatically infers these values from the parent POM.
  • org.openrewrite.maven.cleanup.DependencyManagementDependencyRequiresVersion
    • Dependency management dependencies should have a version
    • If they don't have a version, they can't possibly affect dependency resolution anywhere, and can be safely removed.
  • org.openrewrite.maven.cleanup.ExplicitDependencyVersion
    • Add explicit dependency versions
    • Add explicit dependency versions to POMs for reproducibility, as the LATEST and RELEASE version keywords are deprecated.
  • org.openrewrite.maven.cleanup.ExplicitPluginGroupId
    • Add explicit groupId to Maven plugins
    • Add the default &lt;groupId&gt;org.apache.maven.plugins&lt;/groupId&gt; to plugins for clarity.
  • org.openrewrite.maven.cleanup.ExplicitPluginVersion
    • Add explicit plugin versions
    • Add explicit plugin versions to POMs for reproducibility, as MNG-4173 removes automatic version resolution for POM plugins.
  • org.openrewrite.maven.cleanup.NoSystemScopeDependencies
    • Dependencies should not have system scope
    • Replaces &lt;scope&gt;system&lt;/scope&gt; with the default compile scope and removes &lt;systemPath&gt; for dependencies that are available in configured repositories.
  • org.openrewrite.maven.cleanup.PrefixlessExpressions
    • Drop prefixless expressions in POM
    • MNG-7404 drops support for prefixless in POMs. This recipe will add the project. prefix where missing.
  • org.openrewrite.maven.plugin.DependencyPluginGoalResolveSources
    • Migrate to maven-dependency-plugin goal resolve-sources
    • Migrate from sources to resolve-sources for the maven-dependency-plugin.
  • org.openrewrite.maven.search.DependencyInsight
    • Maven dependency insight
    • Find direct and transitive dependencies matching a group, artifact, and scope. Results include dependencies that either directly match or transitively include a matching dependency.
  • org.openrewrite.maven.search.DoesNotIncludeDependency
    • Does not include Maven dependency
    • A precondition which returns false if visiting a Maven pom which includes the specified dependency in the classpath of some scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • org.openrewrite.maven.search.EffectiveDependencies
    • Effective dependencies
    • Emit the data of binary dependency relationships.
  • org.openrewrite.maven.search.EffectiveManagedDependencies
    • Effective managed dependencies
    • Emit the data of binary dependency relationships.
  • org.openrewrite.maven.search.EffectiveMavenRepositories
    • List effective Maven repositories
    • Lists the Maven repositories that would be used for dependency resolution, in order of precedence. This includes Maven repositories defined in the Maven settings file (and those contributed by active profiles) as determined when the LST was produced.
  • org.openrewrite.maven.search.FindDependency
    • Find Maven dependency
    • Finds first-order dependency uses, i.e. dependencies that are defined directly in a project.
  • org.openrewrite.maven.search.FindManagedDependency
    • Find Maven dependency management entry
    • Finds first-order dependency management entries, i.e. dependencies that are defined directly in a project.
  • org.openrewrite.maven.search.FindMavenProject
    • Find Maven projects
    • Maven projects are pom.xml files with a MavenResolutionResult marker.
  • org.openrewrite.maven.search.FindMavenSettings
    • Find effective maven settings
    • List the effective maven settings file for the current project.
  • org.openrewrite.maven.search.FindPlugin
    • Find Maven plugin
    • Finds a Maven plugin within a pom.xml.
  • org.openrewrite.maven.search.FindProperties
    • Find Maven project properties
    • Finds the specified Maven project properties within a pom.xml.
  • org.openrewrite.maven.search.FindRepositoryOrder
    • Maven repository order
    • Determine the order in which dependencies will be resolved for each pom.xml based on its defined repositories and effective settings.xml.
  • org.openrewrite.maven.search.FindScm
    • Find SCM tag
    • Finds any &lt;scm&gt; tag directly inside the &lt;project&gt; root of a Maven pom.xml file.
  • org.openrewrite.maven.search.ModuleHasDependency
    • Module has dependency
    • Searches for Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.maven.search.ModuleHasPlugin
    • Module has plugin
    • Searches for Maven modules that have a plugin matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching plugin. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that apply the spring boot plugin, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) file applying the plugin, use the FindPlugins recipe instead.
  • org.openrewrite.maven.search.ParentPomInsight
    • Maven parent insight
    • Find Maven parents matching a groupId and artifactId.
  • org.openrewrite.maven.security.UseHttpsForRepositories
    • Use HTTPS for repositories
    • Use HTTPS for repository URLs.
  • org.openrewrite.maven.utilities.PrintMavenAsDot
    • Print Maven dependency hierarchy in DOT format
    • The DOT language format is specified here.

rewrite-properties

License: Apache License Version 2.0

8 recipes

rewrite-python

License: Moderne Proprietary License

15 recipes

rewrite-toml

License: Apache License Version 2.0

10 recipes

rewrite-xml

License: Apache License Version 2.0

28 recipes

rewrite-yaml

License: Apache License Version 2.0

18 recipes

org.openrewrite.meta

rewrite-analysis

License: Apache License Version 2.0

4 recipes

org.openrewrite.recipe

License: Moderne Proprietary License

7 recipes

rewrite-all

License: Apache License Version 2.0

3 recipes

  • org.openrewrite.FindCallGraph
    • Find call graph
    • Produces a data table where each row represents a method call.
  • org.openrewrite.FindDuplicateSourceFiles
    • Find duplicate source files
    • Record the presence of LSTs with duplicate paths, indicating that the same file was parsed more than once.
  • org.openrewrite.LanguageComposition
    • Language composition report
    • Counts the number of lines of the various kinds of source code and data formats parsed by OpenRewrite. Comments are not included in line counts. This recipe emits its results as two data tables, making no changes to any source file. One data table is per-file, the other is per-repository.

rewrite-android

License: Moderne Proprietary License

16 recipes

rewrite-apache

License: Moderne Source Available License

116 recipes

rewrite-circleci

License: Moderne Proprietary License

2 recipes

rewrite-codemods

License: Moderne Source Available License

454 recipes

rewrite-codemods-ng

License: Moderne Proprietary License

8 recipes

rewrite-compiled-analysis

License: Moderne Proprietary License

2 recipes

rewrite-concourse

License: Moderne Proprietary License

6 recipes

rewrite-cucumber-jvm

License: Moderne Source Available License

10 recipes

rewrite-dotnet

License: Moderne Proprietary License

6 recipes

rewrite-feature-flags

License: Moderne Source Available License

27 recipes

rewrite-github-actions

License: Moderne Source Available License

53 recipes

rewrite-gitlab

License: Moderne Source Available License

22 recipes

rewrite-hibernate

License: Moderne Source Available License

24 recipes

rewrite-jackson

License: Apache License Version 2.0

39 recipes

rewrite-java-dependencies

License: Apache License Version 2.0

18 recipes

  • org.openrewrite.java.dependencies.AddDependency
    • Add Gradle or Maven dependency
    • For a Gradle project, add a gradle dependency to a build.gradle file in the correct configuration based on where it is used. Or For a maven project, Add a Maven dependency to a pom.xml file in the correct scope based on where it is used.
  • org.openrewrite.java.dependencies.ChangeDependency
    • Change Gradle or Maven dependency
    • Change the group ID, artifact ID, and/or the version of a specified Gradle or Maven dependency.
  • org.openrewrite.java.dependencies.DependencyInsight
    • Dependency insight for Gradle and Maven
    • Finds dependencies, including transitive dependencies, in both Gradle and Maven projects. Matches within all Gradle dependency configurations and Maven scopes.
  • org.openrewrite.java.dependencies.DependencyList
    • Dependency report
    • Emits a data table detailing all Gradle and Maven dependencies. This recipe makes no changes to any source file.
  • org.openrewrite.java.dependencies.DependencyResolutionDiagnostic
    • Dependency resolution diagnostic
    • Recipes which manipulate dependencies must be able to successfully access the artifact repositories and resolve dependencies from them. This recipe produces two data tables used to understand the state of dependency resolution. The Repository accessibility report lists all the artifact repositories known to the project and whether respond to network access. The network access is attempted while the recipe is run and so is representative of current conditions. The Gradle dependency configuration errors lists all the dependency configurations that failed to resolve one or more dependencies when the project was parsed. This is representative of conditions at the time the LST was parsed.
  • org.openrewrite.java.dependencies.FindDependency
    • Find Maven and Gradle dependencies
    • Finds direct dependencies declared in Maven and Gradle build files. This does not search transitive dependencies. To detect both direct and transitive dependencies use org.openrewrite.java.dependencies.DependencyInsight This recipe works for both Maven and Gradle projects.
  • org.openrewrite.java.dependencies.FindRepositoryOrder
    • Maven repository order
    • Determine the order in which dependencies will be resolved for each pom.xml or build.gradle based on its defined repositories and effective settings.
  • org.openrewrite.java.dependencies.RelocatedDependencyCheck
    • Find relocated dependencies
    • Find Maven and Gradle dependencies and Maven plugins that have relocated to a new groupId or artifactId. Relocation information comes from the oga-maven-plugin maintained by Jonathan Lermitage, Filipe Roque and others. This recipe makes no changes to any source file by default. Add changeDependencies=true to change dependencies, but note that you might need to run additional recipes to update imports and adopt other breaking changes.
  • org.openrewrite.java.dependencies.RemoveDependency
    • Remove a Gradle or Maven dependency
    • For Gradle project, removes a single dependency from the dependencies section of the build.gradle. For Maven project, removes a single dependency from the &lt;dependencies&gt; section of the pom.xml.
  • org.openrewrite.java.dependencies.RemoveRedundantDependencies
    • Remove redundant explicit dependencies
    • Remove explicit dependencies that are already provided transitively by a specified dependency. This recipe downloads and resolves the parent dependency's POM to determine its true transitive dependencies, allowing it to detect redundancies even when both dependencies are explicitly declared.
  • org.openrewrite.java.dependencies.UpgradeDependencyVersion
    • Upgrade Gradle or Maven dependency versions
    • For Gradle projects, upgrade the version of a dependency in a build.gradle file. Supports updating dependency declarations of various forms: * String notation: &quot;group:artifact:version&quot; * Map notation: group: 'group', name: 'artifact', version: 'version' It is possible to update version numbers which are defined earlier in the same file in variable declarations. For Maven projects, upgrade the version of a dependency by specifying a group ID and (optionally) an artifact ID using Node Semver advanced range selectors, allowing more precise control over version updates to patch or minor releases.
  • org.openrewrite.java.dependencies.UpgradeTransitiveDependencyVersion
    • Upgrade transitive Gradle or Maven dependencies
    • Upgrades the version of a transitive dependency in a Maven pom.xml or Gradle build.gradle. Leaves direct dependencies unmodified. Can be paired with the regular Upgrade Dependency Version recipe to upgrade a dependency everywhere, regardless of whether it is direct or transitive.
  • org.openrewrite.java.dependencies.search.DoesNotIncludeDependency
    • Does not include dependency for Gradle and Maven
    • A precondition which returns false if visiting a Gradle file / Maven pom which includes the specified dependency in the classpath of some Gradle configuration / Maven scope. For compatibility with multimodule projects, this should most often be applied as a precondition.
  • org.openrewrite.java.dependencies.search.FindDuplicateClasses
    • Find duplicate classes on the classpath
    • Detects classes that appear in multiple dependencies on the classpath. This is similar to what the Maven duplicate-finder-maven-plugin does. Duplicate classes can cause runtime issues when different versions of the same class are loaded.
  • org.openrewrite.java.dependencies.search.FindMinimumDependencyVersion
    • Find the oldest matching dependency version in use
    • The oldest dependency version in use is the lowest dependency version in use in any source set of any subproject of a repository. It is possible that, for example, the main source set of a project uses Jackson 2.11, but a test source set uses Jackson 2.16. In this case, the oldest Jackson version in use is Java 2.11.
  • org.openrewrite.java.dependencies.search.FindMinimumJUnitVersion
    • Find minimum JUnit version
    • A recipe to find the minimum version of JUnit dependencies. This recipe is designed to return the minimum version of JUnit in a project. It will search for JUnit 4 and JUnit 5 dependencies in the project. If both versions are found, it will return the minimum version of JUnit 4. If a minimumVersion is provided, the recipe will search to see if the minimum version of JUnit used by the project is no lower than the minimumVersion. For example: if the minimumVersion is 4, and the project has JUnit 4.12 and JUnit 5.7, the recipe will return JUnit 4.12. If the project has only JUnit 5.7, the recipe will return JUnit 5.7. Another example: if the minimumVersion is 5, and the project has JUnit 4.12 and JUnit 5.7, the recipe will not return any results.
  • org.openrewrite.java.dependencies.search.ModuleHasDependency
    • Module has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a module with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use spring-boot-starter, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.
  • org.openrewrite.java.dependencies.search.RepositoryHasDependency
    • Repository has dependency
    • Searches for both Gradle and Maven modules that have a dependency matching the specified groupId and artifactId. Places a SearchResult marker on all sources within a repository with a matching dependency. This recipe is intended to be used as a precondition for other recipes. For example this could be used to limit the application of a spring boot migration to only projects that use a springframework dependency, limiting unnecessary upgrading. If the search result you want is instead just the build.gradle(.kts) or pom.xml file applying the plugin, use the FindDependency recipe instead.

rewrite-java-security

License: Moderne Proprietary License

104 recipes

  • org.openrewrite.csharp.dependencies.DependencyInsight
    • Dependency insight for C#
    • Finds dependencies in *.csproj and packages.config.
  • org.openrewrite.csharp.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable Nuget dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this recipe will not make any changes. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable.
  • org.openrewrite.csharp.dependencies.UpgradeDependencyVersion
    • Upgrade C# dependency versions
    • Upgrades dependencies in *.csproj, Directory.Packages.props, and packages.config.
  • org.openrewrite.java.dependencies.AddExplicitTransitiveDependencies
    • Add explicit transitive dependencies
    • Detects when Java source code or configuration files reference types from transitive Maven dependencies and promotes those transitive dependencies to explicit direct dependencies in the pom.xml. This ensures the build is resilient against changes in transitive dependency trees of upstream libraries.
  • org.openrewrite.java.dependencies.DependencyLicenseCheck
    • Find licenses in use in third-party dependencies
    • Locates and reports on all licenses in use.
  • org.openrewrite.java.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Upgrades dependencies versioned according to Semantic Versioning. ## Customizing Vulnerability Data This recipe can be customized by extending DependencyVulnerabilityCheckBase and overriding the vulnerability data sources: - baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file using ResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. - supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods return List&lt;Vulnerability&gt; objects. Vulnerability data can be loaded from CSV files using ResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer) or constructed programmatically. To customize, extend DependencyVulnerabilityCheckBase and override one or both methods depending on your needs. For example, override supplementalVulnerabilities() to add custom CVEs while keeping the standard vulnerability database, or override baselineVulnerabilities() to use an entirely different vulnerability data source. Last updated: 2026-04-27T1132.
  • org.openrewrite.java.dependencies.RemoveUnusedDependencies
    • Remove unused dependencies
    • Scans through source code collecting references to types and methods, removing any dependencies that are not used from Maven or Gradle build files. This is best effort and not guaranteed to work well in all cases; false positives are still possible. This recipe takes reflective access into account: - When reflective access to a class is made unambiguously via a string literal, such as: Class.forName(&quot;java.util.List&quot;) that is counted correctly. - When reflective access to a class is made ambiguously via anything other than a string literal no dependencies will be removed. This recipe takes transitive dependencies into account: - When a direct dependency is not used but a transitive dependency it brings in is in use the direct dependency is not removed.
  • org.openrewrite.java.dependencies.SoftwareBillOfMaterials
    • Software bill of materials
    • Produces a software bill of materials (SBOM) for a project. An SBOM is a complete list of all dependencies used in a project, including transitive dependencies. The produced SBOM is in the CycloneDX XML format. Supports Gradle and Maven. Places a file named sbom.xml adjacent to the Gradle or Maven build file.
  • org.openrewrite.java.security.FindTextDirectionChanges
    • Find text-direction changes
    • Finds unicode control characters which can change the direction text is displayed in. These control characters can alter how source code is presented to a human reader without affecting its interpretation by tools like compilers. So a malicious patch could pass code review while introducing vulnerabilities. Note that text direction-changing unicode control characters aren't inherently malicious. These characters can appear for legitimate reasons in code written in or dealing with right-to-left languages. See: https://trojansource.codes/ for more information.
  • org.openrewrite.java.security.FixCwe338
    • Fix CWE-338 with SecureRandom
    • Use a cryptographically strong pseudo-random number generator (PRNG).
  • org.openrewrite.java.security.FixCwe918
    • Remediate server-side request forgery (SSRF)
    • Inserts a guard that validates URLs constructed from user-controlled input do not target internal network addresses, blocking server-side request forgery (SSRF) attacks.
  • org.openrewrite.java.security.ImproperPrivilegeManagement
    • Improper privilege management
    • Marking code as privileged enables a piece of trusted code to temporarily enable access to more resources than are available directly to the code that called it.
  • org.openrewrite.java.security.JavaSecurityBestPractices
    • Java security best practices
    • Applies security best practices to Java code.
  • org.openrewrite.java.security.Owasp2025A01
    • Remediate OWASP A01:2025 Broken access control
    • OWASP A01:2025 describes failures related to broken access control.
  • org.openrewrite.java.security.Owasp2025A02
    • Remediate OWASP A02:2025 Security misconfiguration
    • OWASP A02:2025 describes failures related to security misconfiguration. Previously A05:2021, this category moved up to #2 in 2025.
  • org.openrewrite.java.security.Owasp2025A03
    • Remediate OWASP A03:2025 Software supply chain failures
    • OWASP A03:2025 describes failures related to the software supply chain, including vulnerable and outdated components. Expanded from A06:2021 Vulnerable and Outdated Components.
  • org.openrewrite.java.security.Owasp2025A04
    • Remediate OWASP A04:2025 Cryptographic failures
    • OWASP A04:2025 describes failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data. Previously A02:2021.
  • org.openrewrite.java.security.Owasp2025A05
    • Remediate OWASP A05:2025 Injection
    • OWASP A05:2025 describes failures related to user-supplied data being used to influence program state to operate outside of its intended bounds. Previously A03:2021.
  • org.openrewrite.java.security.Owasp2025A07
    • Remediate OWASP A07:2025 Identification and authentication failures
    • OWASP A07:2025 describes failures related to identification and authentication, including weak credential management, missing brute force protections, session fixation, hardcoded credentials, insecure "remember me", and missing multi-factor authentication. Same position as A07:2021 (no prior aggregator existed).
  • org.openrewrite.java.security.OwaspA01
    • Remediate OWASP A01:2021 Broken access control
    • OWASP A01:2021 describes failures related to broken access control.
  • org.openrewrite.java.security.OwaspA02
    • Remediate OWASP A02:2021 Cryptographic failures
    • OWASP A02:2021 describes failures related to cryptography (or lack thereof), which often lead to exposure of sensitive data. This recipe seeks to remediate these vulnerabilities.
  • org.openrewrite.java.security.OwaspA03
    • Remediate OWASP A03:2021 Injection
    • OWASP A03:2021 describes failures related to user-supplied data being used to influence program state to operate outside of its intended bounds. This recipe seeks to remediate these vulnerabilities.
  • org.openrewrite.java.security.OwaspA05
    • Remediate OWASP A05:2021 Security misconfiguration
    • OWASP A05:2021 describes failures related to security misconfiguration.
  • org.openrewrite.java.security.OwaspA06
    • Remediate OWASP A06:2021 Vulnerable and outdated components
    • OWASP A06:2021 describes failures related to vulnerable and outdated components.
  • org.openrewrite.java.security.OwaspA08
    • Remediate OWASP A08:2021 Software and data integrity failures
    • OWASP A08:2021 software and data integrity failures.
  • org.openrewrite.java.security.OwaspTopTen
    • Remediate vulnerabilities from the OWASP Top Ten
    • OWASP publishes a list of the most impactful common security vulnerabilities. These recipes identify and remediate vulnerabilities from the OWASP Top Ten.
  • org.openrewrite.java.security.PartialPathTraversalVulnerability
    • Partial path traversal vulnerability
    • Replaces dir.getCanonicalPath().startsWith(parent.getCanonicalPath(), which is vulnerable to partial path traversal attacks, with the more secure dir.getCanonicalFile().toPath().startsWith(parent.getCanonicalFile().toPath()). To demonstrate this vulnerability, consider &quot;/usr/outnot&quot;.startsWith(&quot;/usr/out&quot;). The check is bypassed although /outnot is not under the /out directory. It's important to understand that the terminating slash may be removed when using various String representations of the File object. For example, on Linux, println(new File(&quot;/var&quot;)) will print /var, but println(new File(&quot;/var&quot;, &quot;/&quot;) will print /var/; however, println(new File(&quot;/var&quot;, &quot;/&quot;).getCanonicalPath()) will print /var.
  • org.openrewrite.java.security.RegularExpressionDenialOfService
    • Regular Expression Denial of Service (ReDOS)
    • ReDoS is a Denial of Service attack that exploits the fact that most Regular Expression implementations may reach extreme situations that cause them to work very slowly (exponentially related to input size). See the OWASP description of this attack here for more details.
  • org.openrewrite.java.security.SecureRandom
    • Secure random
    • Use cryptographically secure Pseudo Random Number Generation in the "main" source set. Replaces instantiation of java.util.Random with java.security.SecureRandom.
  • org.openrewrite.java.security.SecureRandomPrefersDefaultSeed
    • SecureRandom seeds are not constant or predictable
    • Remove SecureRandom#setSeed(*) method invocations having constant or predictable arguments.
  • org.openrewrite.java.security.SecureTempFileCreation
    • Use secure temporary file creation
    • java.io.File.createTempFile() has exploitable default file permissions. This recipe migrates to the more secure java.nio.file.Files.createTempFile().
  • org.openrewrite.java.security.UseFilesCreateTempDirectory
    • Use Files#createTempDirectory
    • Use Files#createTempDirectory when the sequence File#createTempFile(..)->File#delete()->File#mkdir() is used for creating a temp directory.
  • org.openrewrite.java.security.XmlParserXXEVulnerability
    • XML parser XXE vulnerability
    • Avoid exposing dangerous features of the XML parser by updating certain factory settings.
  • org.openrewrite.java.security.ZipSlip
    • Zip slip
    • Zip slip is an arbitrary file overwrite critical vulnerability, which typically results in remote command execution. A fuller description of this vulnerability is available in the Snyk documentation on it.
  • org.openrewrite.java.security.marshalling.InsecureJmsDeserialization
    • Insecure JMS deserialization
    • JMS Object messages depend on Java Serialization for marshalling/unmarshalling of the message payload when ObjectMessage#getObject is called. Deserialization of untrusted data can lead to security flaws.
  • org.openrewrite.java.security.marshalling.SecureJacksonDefaultTyping
    • Secure the use of Jackson default typing
    • See the blog post on this subject.
  • org.openrewrite.java.security.marshalling.SecureSnakeYamlConstructor
    • Secure the use of SnakeYAML's constructor
    • See the paper on this subject.
  • org.openrewrite.java.security.search.FindCommandInjection
    • Find OS command injection vectors
    • Finds calls to Runtime.exec(String) which passes the command through a shell interpreter, enabling command injection via metacharacters like ;, |, and &amp;&amp;. Use the String[] overload instead to avoid shell interpretation.
  • org.openrewrite.java.security.search.FindExpressionLanguageInjection
    • Find Expression Language injection vectors
    • Finds calls to Expression Language (EL) evaluation methods which, when the expression is built from user input, can allow arbitrary code execution. Use parameterized expressions or input validation instead.
  • org.openrewrite.java.security.search.FindHardcodedAuthenticationCredentials
    • Find hardcoded authentication credentials
    • Finds hardcoded passwords flowing into Spring Security user builders: InMemoryUserDetailsManagerConfigurer (inMemoryAuthentication().withUser(...).password(...)) and the User.UserBuilder.password(...) API. Uses taint analysis so credentials assigned to a variable, field, or constant before being passed to .password(...) are also detected.
  • org.openrewrite.java.security.search.FindHardcodedIv
    • Find hardcoded initialization vectors
    • Finds IvParameterSpec constructed with hardcoded byte arrays or string literals. A static IV makes CBC and other modes deterministic, enabling chosen-plaintext attacks. IVs should be generated randomly using SecureRandom for each encryption operation.
  • org.openrewrite.java.security.search.FindHttpResponseSplitting
    • Find HTTP response splitting vectors
    • Finds calls to HttpServletResponse.addHeader(), setHeader(), and addCookie() which, when header values are derived from user input without CRLF sanitization, can allow HTTP response splitting attacks. Full taint-based detection requires rewrite-program-analysis; this recipe identifies the sink call sites for manual review.
  • org.openrewrite.java.security.search.FindInadequateKeySize
    • Find inadequate cryptographic key sizes
    • Finds cryptographic key generation with inadequate key sizes. RSA keys should be at least 2048 bits, DSA keys at least 2048 bits, EC keys at least 256 bits, and symmetric keys (AES) at least 128 bits. NIST recommends RSA-2048+ and AES-128+ as minimum for all new applications.
  • org.openrewrite.java.security.search.FindInsecureRememberMeConfig
    • Find insecure Spring Security RememberMe configuration
    • Finds Spring Security RememberMe configurations with insecure settings: useSecureCookie(false) (allows cookie transmission over HTTP), alwaysRemember(true) (bypasses user opt-in), or tokenValiditySeconds(...) set longer than 30 days (extends the window in which a stolen remember-me cookie can be replayed).
  • org.openrewrite.java.security.search.FindInsecureSessionFixationConfig
    • Find Spring Security configurations that disable session fixation protection
    • Finds Spring Security configurations that disable session fixation protection by calling sessionFixation().none(). Without session fixation protection, an attacker who obtains a victim's session identifier before authentication can reuse it to hijack the authenticated session. Spring Security defaults to changeSessionId(); applications should keep that default or use migrateSession().
  • org.openrewrite.java.security.search.FindJacksonDefaultTypeMapping
    • Find Jackson default type mapping enablement
    • ObjectMapper#enableTypeMapping(..) can lead to vulnerable deserialization.
  • org.openrewrite.java.security.search.FindLongSessionTimeout
    • Find long or disabled HTTP session timeout
    • Finds calls to HttpSession.setMaxInactiveInterval(int) whose integer-literal argument exceeds 30 minutes or is zero/negative (which disables session expiration). Long-lived or non-expiring sessions increase the window for session hijacking and replay (CWE-613).
  • org.openrewrite.java.security.search.FindPermissiveCorsConfiguration
    • Find permissive CORS configuration
    • Finds overly permissive CORS configurations that allow all origins, which can expose the application to cross-domain attacks.
  • org.openrewrite.java.security.search.FindPredictableSalt
    • Find predictable cryptographic salts
    • Finds PBEParameterSpec and PBEKeySpec constructed with hardcoded salt byte arrays. A predictable salt undermines the purpose of salting, making rainbow table and precomputation attacks feasible. Salts should be generated randomly using SecureRandom.
  • org.openrewrite.java.security.search.FindProcessControl
    • Find process control vectors
    • Finds calls to System.loadLibrary(), System.load(), and Runtime.load() which, when the library path or name is derived from user input, can allow an attacker to load arbitrary native code. Ensure library names are not externally controlled.
  • org.openrewrite.java.security.search.FindResourceInjection
    • Find resource injection vectors
    • Detects resource injection vulnerabilities where user-controlled input flows to resource access operations — file paths, JNDI lookups, class loading, and native library loading. Uses taint analysis from rewrite-program-analysis for source-to-sink tracking with sanitizer support, plus structural detection as fallback.
  • org.openrewrite.java.security.search.FindRsaWithoutOaep
    • Find RSA encryption without OAEP padding
    • Finds uses of RSA encryption with PKCS#1 v1.5 padding or no padding specification. RSA without OAEP padding is vulnerable to padding oracle attacks. Use RSA/ECB/OAEPWithSHA-256AndMGF1Padding or equivalent OAEP mode instead.
  • org.openrewrite.java.security.search.FindScriptEngineInjection
    • Find script engine code injection vectors
    • Finds calls to ScriptEngine.eval() which can execute arbitrary code if the script string is influenced by user input. Consider sandboxing or removing dynamic script evaluation.
  • org.openrewrite.java.security.search.FindSensitiveApiEndpoints
    • Find sensitive API endpoints
    • Find data models exposed by REST APIs that contain sensitive information like PII and secrets.
  • org.openrewrite.java.security.search.FindSqlInjection
    • Find potential SQL injection
    • Finds SQL query methods where the query string is constructed via string concatenation, which may indicate SQL injection vulnerabilities. Use parameterized queries or prepared statements instead.
  • org.openrewrite.java.security.search.FindUnsafeReflection
    • Find unsafe reflection vectors
    • Finds calls to Class.forName() which, when the class name is derived from user input, can allow an attacker to instantiate arbitrary classes. Review these call sites to ensure the class name is not externally controlled.
  • org.openrewrite.java.security.search.FindUnsignedJwt
    • Find unsigned JWT usage
    • Finds construction or parsing of Nimbus PlainJWT — an unsecured JWT that has no signature or MAC. Unsecured JWTs allow an attacker to forge tokens because their payloads are not integrity-protected. Use a signed (SignedJWT) or encrypted (EncryptedJWT) JWT instead.
  • org.openrewrite.java.security.search.FindUserWithDefaultPasswordEncoder
    • Find User.withDefaultPasswordEncoder() usage
    • Flags any call to User.withDefaultPasswordEncoder() from Spring Security. The factory is documented as for non-production demos only: it stores credentials in memory with a fixed encoder and is unsafe for real workloads.
  • org.openrewrite.java.security.search.FindVulnerableJacksonJsonTypeInfo
    • Find vulnerable uses of Jackson @JsonTypeInfo
    • Identify where attackers can deserialize gadgets into a target field.
  • org.openrewrite.java.security.search.FindWeakCryptoAlgorithm
    • Find weak cryptographic algorithms
    • Finds uses of broken or risky cryptographic algorithms such as MD5, SHA-1, DES, DESede (3DES), RC2, RC4, and Blowfish in calls to Cipher.getInstance(), MessageDigest.getInstance(), Mac.getInstance(), KeyGenerator.getInstance(), and SecretKeyFactory.getInstance().
  • org.openrewrite.java.security.search.FindWeakDigestInPasswordEncoder
    • Find weak message digests used inside custom PasswordEncoder implementations
    • Finds calls to MessageDigest.getInstance(&quot;...&quot;) whose algorithm is unsuitable for password storage, scoped to classes implementing org.springframework.security.crypto.password.PasswordEncoder. Unsalted and non-iterated digests (MD2, MD4, MD5, SHA-1, SHA-224/256/384/512) are unsuitable for password hashing regardless of how they are wrapped. Delegate to BCryptPasswordEncoder, Argon2PasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder instead of implementing PasswordEncoder yourself.
  • org.openrewrite.java.security.search.FindWeakPasswordEncoderStrength
    • Find weak password encoder strength
    • Finds Spring Security BCryptPasswordEncoder instantiations with a strength (work factor) below 10. The default and OWASP-recommended minimum is 10; lower values make stolen password hashes substantially cheaper to brute-force.
  • org.openrewrite.java.security.search.FindWeakPasswordHashing
    • Find weak password hashing
    • Finds uses of MessageDigest.getInstance() with algorithms unsuitable for password hashing (MD5, SHA-1, SHA-256, SHA-384, SHA-512). Passwords should be hashed with a purpose-built password hashing function such as bcrypt, scrypt, Argon2, or PBKDF2 that includes a salt and a tunable work factor.
  • org.openrewrite.java.security.search.FindWeakSpringPasswordEncoder
    • Find weak Spring Security password encoders
    • Finds uses of Spring Security password encoders that are unsuitable for production password storage: NoOpPasswordEncoder (plaintext), StandardPasswordEncoder (deprecated SHA-256), MessageDigestPasswordEncoder (raw message digest), Md4PasswordEncoder (MD4, broken), and LdapShaPasswordEncoder (deprecated). Use an adaptive function such as BCryptPasswordEncoder, Argon2PasswordEncoder, Pbkdf2PasswordEncoder, or SCryptPasswordEncoder instead.
  • org.openrewrite.java.security.search.FindXPathInjection
    • Find XPath injection vectors
    • Finds calls to XPath.evaluate() and XPath.compile() which, when the expression is built from user input, can allow XPath injection attacks. Use parameterized XPath expressions or input validation instead.
  • org.openrewrite.java.security.secrets.FindArtifactorySecrets
    • Find Artifactory secrets
    • Locates Artifactory secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindAwsSecrets
    • Find AWS secrets
    • Locates AWS secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindAzureSecrets
    • Find Azure secrets
    • Locates Azure secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindDiscordSecrets
    • Find Discord secrets
    • Locates Discord secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindFacebookSecrets
    • Find Facebook secrets
    • Locates Facebook secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindGenericSecrets
    • Find generic secrets
    • Locates generic secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindGitHubSecrets
    • Find GitHub secrets
    • Locates GitHub secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindGoogleSecrets
    • Find Google secrets
    • Locates Google secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindHerokuSecrets
    • Find Heroku secrets
    • Locates Heroku secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindJwtSecrets
    • Find JWT secrets
    • Locates JWTs stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindMailChimpSecrets
    • Find MailChimp secrets
    • Locates MailChimp secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindMailgunSecrets
    • Find Mailgun secrets
    • Locates Mailgun secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindNpmSecrets
    • Find NPM secrets
    • Locates NPM secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindPasswordInUrlSecrets
    • Find passwords used in URLs
    • Locates URLs that contain passwords in plain text.
  • org.openrewrite.java.security.secrets.FindPayPalSecrets
    • Find PayPal secrets
    • Locates PayPal secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindPgpSecrets
    • Find PGP secrets
    • Locates PGP secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindPicaticSecrets
    • Find Picatic secrets
    • Locates Picatic secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindRsaSecrets
    • Find RSA private keys
    • Locates RSA private keys stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSecrets
    • Find secrets
    • Locates secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSecretsByPattern
    • Find secrets with regular expressions
    • A secret is a literal that matches any one of the provided patterns.
  • org.openrewrite.java.security.secrets.FindSendGridSecrets
    • Find SendGrid secrets
    • Locates SendGrid secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSlackSecrets
    • Find Slack secrets
    • Locates Slack secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSquareSecrets
    • Find Square secrets
    • Locates Square secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindSshSecrets
    • Find SSH secrets
    • Locates SSH secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindStripeSecrets
    • Find Stripe secrets
    • Locates Stripe secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindTelegramSecrets
    • Find Telegram secrets
    • Locates Telegram secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindTwilioSecrets
    • Find Twilio secrets
    • Locates Twilio secrets stored in plain text in code.
  • org.openrewrite.java.security.secrets.FindTwitterSecrets
    • Find Twitter secrets
    • Locates Twitter secrets stored in plain text in code.
  • org.openrewrite.java.security.servlet.CookieSetHttpOnly
    • Cookies missing HttpOnly flag
    • Check for use of cookies without the HttpOnly flag. Cookies should be marked as HttpOnly to prevent client-side scripts from accessing them, reducing the risk of cross-site scripting (XSS) attacks.
  • org.openrewrite.java.security.servlet.CookieSetSecure
    • Insecure cookies
    • Check for use of insecure cookies. Cookies should be marked as secure. This ensures that the cookie is sent only over HTTPS to prevent cross-site scripting attacks.
  • org.openrewrite.java.security.spring.CsrfProtection
    • Enable CSRF attack prevention
    • Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious web site, email, blog, instant message, or program causes a user's web browser to perform an unwanted action on a trusted site when the user is authenticated. See the full OWASP cheatsheet.
  • org.openrewrite.java.security.spring.InsecureSpringServiceExporter
    • Secure Spring service exporters
    • The default Java deserialization mechanism is available via ObjectInputStream class. This mechanism is known to be vulnerable. If an attacker can make an application deserialize malicious data, it may result in arbitrary code execution. Spring’s RemoteInvocationSerializingExporter uses the default Java deserialization mechanism to parse data. As a result, all classes that extend it are vulnerable to deserialization attacks. The Spring Framework contains at least HttpInvokerServiceExporter and SimpleHttpInvokerServiceExporter that extend RemoteInvocationSerializingExporter. These exporters parse data from the HTTP body using the unsafe Java deserialization mechanism. See the full blog post by Artem Smotrakov on CVE-2016-1000027 from which the above description is excerpted.
  • org.openrewrite.java.security.spring.PreventClickjacking
    • Prevent clickjacking
    • The frame-ancestors directive can be used in a Content-Security-Policy HTTP response header to indicate whether or not a browser should be allowed to render a page in a &lt;frame&gt; or &lt;iframe&gt;. Sites can use this to avoid Clickjacking attacks by ensuring that their content is not embedded into other sites.
  • org.openrewrite.java.security.spring.RemoveEnableWebSecurityDebug
    • Remove debug mode from Spring Security
    • Removes the debug attribute from @EnableWebSecurity annotations to prevent sensitive security information from being logged in production.
  • org.openrewrite.python.dependencies.DependencyVulnerabilityCheck
    • Find and fix vulnerable PyPI dependencies
    • This software composition analysis (SCA) tool detects and upgrades dependencies with publicly disclosed vulnerabilities. This recipe both generates a report of vulnerable dependencies and upgrades to newer versions with fixes. This recipe by default only upgrades to the latest patch version. If a minor or major upgrade is required to reach the fixed version, this can be controlled using the maximumUpgradeDelta option. Vulnerability information comes from the GitHub Security Advisory Database, which aggregates vulnerability data from several public databases, including the National Vulnerability Database maintained by the United States government. Dependencies following Semantic Versioning will see their patch version updated where applicable. ## Customizing Vulnerability Data This recipe can be customized by extending DependencyVulnerabilityCheckBase and overriding the vulnerability data sources: - baselineVulnerabilities(ExecutionContext ctx): Provides the default set of known vulnerabilities. The base implementation loads vulnerability data from the GitHub Security Advisory Database CSV file using ResourceUtils.parseResourceAsCsv(). Override this method to replace the entire vulnerability dataset with your own curated list. - supplementalVulnerabilities(ExecutionContext ctx): Allows adding custom vulnerability data beyond the baseline. The base implementation returns an empty list. Override this method to add organization-specific vulnerabilities, internal security advisories, or vulnerabilities from additional sources while retaining the baseline GitHub Advisory Database. Both methods return List&lt;Vulnerability&gt; objects. Vulnerability data can be loaded from CSV files using ResourceUtils.parseResourceAsCsv(path, Vulnerability.class, consumer) or constructed programmatically. To customize, extend DependencyVulnerabilityCheckBase and override one or both methods depending on your needs. For example, override supplementalVulnerabilities() to add custom CVEs while keeping the standard vulnerability database, or override baselineVulnerabilities() to use an entirely different vulnerability data source.
  • org.openrewrite.recipe.rewrite-java-security.InlineDeprecatedMethods
    • Inline deprecated delegating methods
    • Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
  • org.openrewrite.text.FindHardcodedLoopbackAddresses
    • Find hard-coded loopback IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from the loopback IP range. The loopback IP range includes 127.0.0.0 to 127.255.255.255. This detects the entire localhost/loopback subnet range, not just the commonly used 127.0.0.1.
  • org.openrewrite.text.FindHardcodedPrivateIPAddresses
    • Find hard-coded private IPv4 addresses
    • Locates mentions of hard-coded IPv4 addresses from private IP ranges. Private IP ranges include: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 It is not detecting the localhost subnet 127.0.0.0 to 127.255.255.255.
  • org.openrewrite.text.RemoveHardcodedIPAddressesFromComments
    • Remove hard-coded IP addresses from comments
    • Removes hard-coded IPv4 addresses from comments when they match private IP ranges or loopback addresses. This targets IP addresses that are commented out in various comment formats: Private IP ranges: * 192.168.0.0 to 192.168.255.255 * 10.0.0.0 to 10.255.255.255 * 172.16.0.0 to 172.31.255.255 Loopback IP range: * 127.0.0.0 to 127.255.255.255 Supported comment formats: * C-style line comments (//) * C-style block comments (/* */) * Shell/Python style comments (#) * XML comments (&lt;!-- --&gt;) * YAML comments (#) * Properties file comments (# or !) For line comments, the entire line is removed. For block comments, only the IP address is removed.

rewrite-jenkins

License: Moderne Source Available License

18 recipes

rewrite-joda

License: Moderne Source Available License

12 recipes

rewrite-kubernetes

License: Moderne Proprietary License

46 recipes

rewrite-liberty

License: Apache License Version 2.0

13 recipes

rewrite-logging-frameworks

License: Moderne Source Available License

120 recipes

rewrite-micrometer

License: Moderne Source Available License

7 recipes

rewrite-micronaut

License: Apache License Version 2.0

37 recipes

rewrite-migrate-java

License: Moderne Source Available License

458 recipes

rewrite-migrate-kotlin

License: Moderne Proprietary License

30 recipes

rewrite-migrate-python

License: Moderne Proprietary License

113 recipes

rewrite-netty

License: Apache License Version 2.0

10 recipes

rewrite-nodejs

License: Moderne Proprietary License

47 recipes

rewrite-okhttp

License: Moderne Source Available License

10 recipes

rewrite-openapi

License: Apache License Version 2.0

16 recipes

rewrite-prethink

License: Moderne Source Available License

5 recipes

  • org.openrewrite.prethink.ExportContext
    • Export context files
    • Export DataTables to CSV files in .moderne/context/ along with a markdown description file. The markdown file describes the context and includes schema information for each data table.
  • org.openrewrite.prethink.UpdateAgentConfig
    • Update agent configuration files
    • Update coding agent configuration files (CLAUDE.md, .cursorrules, etc.) to include references to Moderne Prethink context files in .moderne/context/.
  • org.openrewrite.prethink.UpdateGitignore
    • Update .gitignore for Prethink context
    • Updates .gitignore to allow committing the .moderne/context/ directory while ignoring other files in .moderne/. Only modifies .gitignore when context files exist in .moderne/context/. Transforms .moderne/ into .moderne/* with an exception for !.moderne/context/.
  • org.openrewrite.prethink.UpdatePrethinkContext
    • Update Prethink context
    • Generate FINOS CALM architecture diagram and update agent configuration files. This recipe expects CALM-related data tables (ServiceEndpoints, DatabaseConnections, ExternalServiceCalls, MessagingConnections, etc.) to be populated by other recipes in a composite.
  • org.openrewrite.prethink.calm.GenerateCalmArchitecture
    • Generate CALM architecture
    • Generate a FINOS CALM (Common Architecture Language Model) JSON file from discovered service endpoints, database connections, external service calls, and messaging connections.

rewrite-quarkus

License: Apache License Version 2.0

24 recipes

rewrite-reactive-streams

License: Moderne Proprietary License

25 recipes

rewrite-rewrite

License: Moderne Source Available License

41 recipes

rewrite-spring

License: Moderne Source Available License

316 recipes

rewrite-spring-to-quarkus

License: Moderne Source Available License

67 recipes

rewrite-sql

License: Moderne Proprietary License

11 recipes

rewrite-static-analysis

License: Moderne Source Available License

181 recipes

  • org.openrewrite.recipe.rewrite-static-analysis.InlineDeprecatedMethods
    • Inline deprecated delegating methods
    • Automatically generated recipes to inline deprecated method calls that delegate to other methods in the same class.
  • org.openrewrite.staticanalysis.AbstractClassPublicConstructor
    • Constructors of an abstract class should not be declared public
    • Constructors of abstract classes can only be called in constructors of their subclasses. Therefore the visibility of public constructors are reduced to protected. Declaring them public is misleading since it implies they could be invoked directly, which is never possible.
  • org.openrewrite.staticanalysis.AddSerialAnnotationToSerialVersionUID
    • Add @Serial annotation to serialVersionUID
    • Annotate any serialVersionUID fields with @Serial to indicate it's part of the serialization mechanism.
  • org.openrewrite.staticanalysis.AddSerialVersionUidToSerializable
    • Add serialVersionUID to a Serializable class when missing
    • A serialVersionUID field is strongly recommended in all Serializable classes. If this is not defined on a Serializable class, the compiler will generate this value. If a change is later made to the class, the generated value will change and attempts to deserialize the class will fail. Explicitly declaring this field gives you control over binary compatibility across versions.
  • org.openrewrite.staticanalysis.AnnotateNullableMethods
    • Annotate methods which may return null with @Nullable
    • Add @Nullable to non-private methods that may return null. By default org.jspecify.annotations.Nullable is used, but through the nullableAnnotationClass option a custom annotation can be provided. Both @Target(TYPE_USE) and declaration annotations (e.g. javax.annotation.CheckForNull) are supported. Methods that already carry a known nullable annotation (matched by simple name) are skipped to avoid duplication. This recipe scans for methods that do not already have a @Nullable annotation and checks their return statements for potential null values. It also identifies known methods from standard libraries that may return null, such as methods from Map, Queue, Deque, NavigableSet, and Spliterator. The return of streams, or lambdas are not taken into account.
  • org.openrewrite.staticanalysis.AnnotateNullableParameters
    • Annotate null-checked method parameters with @Nullable
    • Add @Nullable to parameters of public methods that are explicitly checked for null. By default org.jspecify.annotations.Nullable is used, but through the nullableAnnotationClass option a custom annotation can be provided. Both @Target(TYPE_USE) and declaration annotations (e.g. javax.annotation.CheckForNull) are supported. Parameters that already carry a known nullable annotation are skipped to avoid duplication. This recipe scans for methods that do not already have parameters annotated with a nullable annotation and checks their usages for potential null checks. Additional null-checking methods can be specified via the additionalNullCheckingMethods option.
  • org.openrewrite.staticanalysis.AnnotateRequiredParameters
    • Annotate required method parameters with @NonNull
    • Add @NonNull to parameters of public methods that are explicitly checked for null and throw an exception if null. By default org.jspecify.annotations.NonNull is used, but through the nonNullAnnotationClass option a custom annotation can be provided. When providing a custom nonNullAnnotationClass that annotation should be meta annotated with @Target(TYPE_USE). This recipe scans for methods that do not already have parameters annotated with @NonNull annotation and checks for null validation patterns that throw exceptions, such as if (param == null) throw new IllegalArgumentException().
  • org.openrewrite.staticanalysis.AtomicPrimitiveEqualsUsesGet
    • Atomic Boolean, Integer, and Long equality checks compare their values
    • AtomicBoolean#equals(Object), AtomicInteger#equals(Object) and AtomicLong#equals(Object) are only equal to their instance. This recipe converts a.equals(b) to a.get() == b.get(). These atomic classes do not override equals from Object, so calling it compares object identity rather than the wrapped value, which is almost never the intended behavior.
  • org.openrewrite.staticanalysis.AvoidBoxedBooleanExpressions
    • Avoid boxed boolean expressions
    • Under certain conditions the java.lang.Boolean type is used as an expression, and it may throw a NullPointerException if the value is null. Using Boolean.TRUE.equals(...) guards against unboxing a null reference in control flow positions like if conditions and ternary operators.
  • org.openrewrite.staticanalysis.BigDecimalDoubleConstructorRecipe
    • new BigDecimal(double) should not be used
    • Use of new BigDecimal(double) constructor can lead to loss of precision. Use BigDecimal.valueOf(double) instead. For example writing new BigDecimal(0.1) does not create a BigDecimal which is exactly equal to 0.1, but it is equal to 0.1000000000000000055511151231257827021181583404541015625. This is because 0.1 cannot be represented exactly as a double (or, for that matter, as a binary fraction of any finite length). BigDecimal.valueOf avoids this by converting through a string representation, preserving the value you actually intended.
  • org.openrewrite.staticanalysis.BigDecimalRoundingConstantsToEnums
    • BigDecimal rounding constants to RoundingMode enums
    • Convert BigDecimal rounding constants to the equivalent RoundingMode enum. The integer-based rounding constants on BigDecimal are deprecated and lack type safety; the RoundingMode enum makes the rounding behavior self-documenting and prevents invalid values.
  • org.openrewrite.staticanalysis.BooleanChecksNotInverted
    • Boolean checks should not be inverted
    • Ensures that boolean checks are not unnecessarily inverted. Also fixes double negative boolean expressions. Negating a comparison and then inverting it adds cognitive overhead; using the direct operator (e.g., &gt;= instead of !(... &lt; ...)) is clearer and easier to reason about.
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes
    • Modernize BufferedWriter creation & prevent file descriptor leaks
    • The code new BufferedWriter(new FileWriter(f)) creates a BufferedWriter that does not close the underlying FileWriter when it is closed. This can lead to file descriptor leaks as per CWE-755. Use Files.newBufferedWriter to create a BufferedWriter that closes the underlying file descriptor when it is closed.
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithFileAndBooleanArgumentsRecipe
    • Convert new BufferedWriter(new FileWriter(File, boolean)) to Files.newBufferedWriter(Path, StandardOpenOption)
    • Convert new BufferedWriter(new FileWriter(f, b)) to Files.newBufferedWriter(f.toPath(), b ? StandardOpenOption.APPEND : StandardOpenOption.CREATE).
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithFileArgumentRecipe
    • Convert new BufferedWriter(new FileWriter(File)) to Files.newBufferedWriter(Path)
    • Convert new BufferedWriter(new FileWriter(f)) to Files.newBufferedWriter(f.toPath()).
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithStringAndBooleanArgumentsRecipe
    • Convert new BufferedWriter(new FileWriter(String, boolean)) to Files.newBufferedWriter(Path, StandardOpenOption)
    • Convert new BufferedWriter(new FileWriter(s, b)) to Files.newBufferedWriter(new java.io.File(s).toPath(), b ? StandardOpenOption.APPEND : StandardOpenOption.CREATE).
  • org.openrewrite.staticanalysis.BufferedWriterCreationRecipes$BufferedWriterFromNewFileWriterWithStringArgumentRecipe
    • Convert new BufferedWriter(new FileWriter(String)) to Files.newBufferedWriter(Path)
    • Convert new BufferedWriter(new FileWriter(s)) to Files.newBufferedWriter(new java.io.File(s).toPath()).
  • org.openrewrite.staticanalysis.CaseInsensitiveComparisonsDoNotChangeCase
    • CaseInsensitive comparisons do not alter case
    • Remove String#toLowerCase() or String#toUpperCase() from String#equalsIgnoreCase(..) comparisons. Changing case before a case-insensitive comparison is redundant and allocates unnecessary intermediate String objects.
  • org.openrewrite.staticanalysis.CatchClauseOnlyRethrows
    • Catch clause should do more than just rethrow
    • A catch clause that only rethrows the caught exception is unnecessary. Letting the exception bubble up as normal achieves the same result with less code. Such catch blocks add visual noise and indentation without changing program behavior.
  • org.openrewrite.staticanalysis.ChainStringBuilderAppendCalls
    • Chain StringBuilder.append() calls
    • String concatenation within calls to StringBuilder.append() causes unnecessary memory allocation. Except for concatenations of String literals, which are joined together at compile time. Replaces inefficient concatenations with chained calls to StringBuilder.append(). Using + inside append() defeats the purpose of the StringBuilder, since the concatenation creates a temporary String before appending.
  • org.openrewrite.staticanalysis.CodeCleanup
    • Code cleanup
    • Automatically cleanup code, e.g. remove unnecessary parentheses, simplify expressions.
  • org.openrewrite.staticanalysis.CollectionToArrayShouldHaveProperType
    • 'Collection.toArray()' should be passed an array of the proper type
    • Using Collection.toArray() without parameters returns an Object[], which requires casting. It is more efficient and clearer to use Collection.toArray(new T[0]) instead. The parameterless form can cause a ClassCastException at runtime when the returned Object[] is cast to a more specific array type.
  • org.openrewrite.staticanalysis.CombineSemanticallyEqualCatchBlocks
    • Combine semantically equal catch blocks
    • Combine catches in a try that contain semantically equivalent blocks. No change will be made when a caught exception exists if combining catches may change application behavior or type attribution is missing. Merging duplicate catch bodies into multi-catch blocks reduces repetition and makes the exception handling strategy easier to follow.
  • org.openrewrite.staticanalysis.CommonDeclarationSiteTypeVariances
    • Properly use declaration-site type variance for well-known types
    • When using a method parameter like Function&lt;IN, OUT&gt;, it should rather be Function&lt;? super IN, ? extends OUT&gt;. This recipe checks for method parameters of well-known types.
  • org.openrewrite.staticanalysis.CommonStaticAnalysis
    • Common static analysis issues
    • Resolve common static analysis issues (also known as SAST issues).
  • org.openrewrite.staticanalysis.CompareEnumsWithEqualityOperator
    • Enum values should be compared with "=="
    • Replaces Enum equals(java.lang.Object) with Enum == java.lang.Object. An !Enum equals(java.lang.Object) will change to !=. Using == for enum comparison is null-safe, catches type mismatches at compile time, and is idiomatic since each enum constant is guaranteed to be a singleton.
  • org.openrewrite.staticanalysis.ControlFlowIndentation
    • Control flow statement indentation
    • Program flow control statements like if, while, and for can omit curly braces when they apply to only a single statement. This recipe ensures that any statements which follow that statement are correctly indented to show they are not part of the flow control statement. Misleading indentation can give the false impression that a line executes conditionally when it actually runs unconditionally, which is a common source of logic errors.
  • org.openrewrite.staticanalysis.CovariantEquals
    • Covariant equals
    • Checks that classes and records which define a covariant equals() method also override method equals(Object). Covariant equals() means a method that is similar to equals(Object), but with a covariant parameter type (any subtype of Object). Without a proper equals(Object) override, collections and other framework code that rely on the standard signature will silently use Object.equals, leading to incorrect behavior.
  • org.openrewrite.staticanalysis.DeclarationSiteTypeVariance
    • Properly use declaration-site type variance
    • Currently, Java requires use-site type variance, so if someone has Function&lt;IN, OUT&gt; method parameter, it should rather be Function&lt;? super IN, ? extends OUT&gt;. Unfortunately, it is not easy to notice that ? super and ? extends is missing, so this recipe adds it where that would improve the situation.
  • org.openrewrite.staticanalysis.DefaultComesLast
    • Default comes last
    • Ensure the default case comes last after all the cases in a switch statement. Placing default at the end follows a widely expected convention, making it easy to find the fallback behavior at a glance.
  • org.openrewrite.staticanalysis.EmptyBlock
    • Remove empty blocks
    • Remove empty blocks that effectively do nothing. Empty blocks are ambiguous -- they may indicate incomplete implementation or accidentally deleted code -- and removing them makes the intent of the surrounding code explicit.
  • org.openrewrite.staticanalysis.EqualsAvoidsNull
    • Equals avoids null
    • Checks that any combination of String literals is on the left side of an equals() comparison. Also checks for String literals assigned to some field (such as someString.equals(anotherString = &quot;text&quot;)). And removes redundant null checks in conjunction with equals comparisons. Placing the literal on the left side prevents NullPointerExceptions, since a literal can never be null and its equals method handles null arguments safely.
  • org.openrewrite.staticanalysis.EqualsToContentEquals
    • Use String.contentEquals(CharSequence) instead of String.equals(CharSequence.toString())
    • Use String.contentEquals(CharSequence) instead of String.equals(CharSequence.toString()).
  • org.openrewrite.staticanalysis.ExplicitCharsetOnStringGetBytes
    • Set charset encoding explicitly when calling String#getBytes
    • This makes the behavior of the code platform neutral. It will not override any existing explicit encodings, even if they don't match the default encoding option. Relying on the platform default charset can produce different results across environments, leading to subtle data corruption bugs.
  • org.openrewrite.staticanalysis.ExplicitInitialization
    • Explicit initialization
    • Checks if any class or object member is explicitly initialized to default for its type value: - null for object references - zero for numeric types and char - and false for boolean Removes explicit initializations where they aren't necessary. Since the JVM already guarantees these defaults, restating them adds visual noise and can obscure fields that are intentionally initialized to non-default values.
  • org.openrewrite.staticanalysis.ExplicitLambdaArgumentTypes
    • Use explicit types on lambda arguments
    • Adds explicit types on lambda arguments, which are otherwise optional. This can make the code clearer and easier to read. This does not add explicit types on arguments when the lambda has one or two parameters and does not have a block body, as things are considered more readable in those cases. For example, stream.map((a, b) -&gt; a.length); will not have explicit types added.
  • org.openrewrite.staticanalysis.ExplicitThis
    • Use explicit this.field and this.method()
    • Add explicit 'this.' prefix to field and method access.
  • org.openrewrite.staticanalysis.ExternalizableHasNoArgsConstructor
    • Externalizable classes have no-arguments constructor
    • Externalizable classes handle both serialization and deserialization and must have a no-args constructor for the deserialization process. Without a public no-argument constructor, the JVM cannot instantiate the object during deserialization and will throw an InvalidClassException at runtime.
  • org.openrewrite.staticanalysis.FallThrough
    • Fall through
    • Checks for fall-through in switch statements, adding break statements in locations where a case contains Java code but does not have a break, return, throw, or continue statement. Unintentional fall-through is a common source of bugs, as execution silently continues into the next case branch.
  • org.openrewrite.staticanalysis.FinalClass
    • Finalize classes with private constructors
    • Adds the final modifier to classes that expose no public or package-private constructors. If a class cannot be instantiated from the outside, marking it final communicates that it was not designed for inheritance and prevents accidental subclassing.
  • org.openrewrite.staticanalysis.FinalizeLocalVariables
    • Finalize local variables
    • Adds the final modifier keyword to local variables which are not reassigned.
  • org.openrewrite.staticanalysis.FinalizeMethodArguments
    • Finalize method arguments
    • Adds the final modifier keyword to method parameters.
  • org.openrewrite.staticanalysis.FinalizePrivateFields
    • Finalize private fields
    • Adds the final modifier keyword to private instance variables which are not reassigned.
  • org.openrewrite.staticanalysis.FixStringFormatExpressions
    • Fix String#format and String#formatted expressions
    • Fix String#format and String#formatted expressions by replacing \n newline characters with %n and removing any unused arguments. Note this recipe is scoped to only transform format expressions which do not specify the argument index. Using %n ensures the correct platform-specific line separator, and removing unused arguments eliminates dead code that may mask a mismatch between the format string and its parameters.
  • org.openrewrite.staticanalysis.ForLoopControlVariablePostfixOperators
    • for loop counters should use postfix operators
    • Replace for loop control variables using pre-increment (++i) or pre-decrement (--i) operators with their post-increment (i++) or post-decrement (i++) notation equivalents.
  • org.openrewrite.staticanalysis.ForLoopIncrementInUpdate
    • for loop counters incremented in update
    • The increment should be moved to the loop's increment clause if possible. Placing the counter update in the loop body rather than the update clause obscures the loop's control flow and makes it harder to reason about termination.
  • org.openrewrite.staticanalysis.HiddenField
    • Hidden field
    • Refactor local variables or parameters which shadow a field defined in the same class. Shadowing a field with a local variable of the same name makes it easy to accidentally reference the wrong one, leading to confusing bugs.
  • org.openrewrite.staticanalysis.HideUtilityClassConstructor
    • Hide utility class constructor
    • Ensures utility classes (classes containing only static methods or fields in their API) do not have a public constructor. Instantiating a utility class is almost certainly a mistake, and a private constructor makes that intent clear while preventing misuse.
  • org.openrewrite.staticanalysis.IndexOfChecksShouldUseAStartPosition
    • Use indexOf(String, int)
    • Replaces indexOf(String) in binary operations if the compared value is an int and not less than 1. Using the two-argument indexOf(String, int) form with a start position avoids redundantly scanning the beginning of the string when you already know the match must occur after a certain index.
  • org.openrewrite.staticanalysis.IndexOfReplaceableByContains
    • indexOf() replaceable by contains()
    • Checking if a value is included in a String or List using indexOf(value)&gt;-1 or indexOf(value)&gt;=0 can be replaced with contains(value). Using contains() expresses the intent more directly and avoids the mental overhead of interpreting index comparisons.
  • org.openrewrite.staticanalysis.IndexOfShouldNotCompareGreaterThanZero
    • indexOf should not compare greater than zero
    • Replaces String#indexOf(String) &gt; 0 and List#indexOf(Object) &gt; 0 with &gt;=1. Checking indexOf against &gt;0 ignores the first element, whereas &gt;-1 is inclusive of the first element. For clarity, &gt;=1 is used, because &gt;0 and &gt;=1 are semantically equal. Using &gt;0 may appear to be a mistake with the intent of including all elements. If the intent is to check whether a value in included in a String or List, the String#contains(String) or List#contains(Object) methods may be better options altogether.
  • org.openrewrite.staticanalysis.InlineVariable
    • Inline variable
    • Inline variables when they are immediately used to return or throw. Supports both variable declarations and assignments to local variables. A variable that is declared only to be returned or thrown on the very next line adds an unnecessary level of indirection without improving readability.
  • org.openrewrite.staticanalysis.InstanceOfPatternMatch
    • Changes code to use Java 17's instanceof pattern matching
    • Adds pattern variables to instanceof expressions wherever the same (side effect free) expression is referenced in a corresponding type cast expression within the flow scope of the instanceof. Currently, this recipe supports if statements and ternary operator expressions. Pattern matching for instanceof collapses the type check, cast, and variable declaration into a single expression, reducing boilerplate and eliminating the risk of an incorrect cast.
  • org.openrewrite.staticanalysis.InterruptedExceptionHandling
    • Restore interrupted state in catch blocks
    • When InterruptedException is caught, Thread.currentThread().interrupt() should be called to restore the thread's interrupted state. Failing to do so can suppress the interruption signal and prevent proper thread cancellation.
  • org.openrewrite.staticanalysis.IsEmptyCallOnCollections
    • Use Collection#isEmpty() instead of comparing size()
    • Also check for not isEmpty() when testing for not equal to zero size. Using isEmpty() communicates intent more clearly than comparing size() to zero, and for some collection implementations isEmpty() can be more efficient since size() may require traversal.
  • org.openrewrite.staticanalysis.JavaApiBestPractices
    • Java API best practices
    • Use the Java standard library in a way that is most idiomatic.
  • org.openrewrite.staticanalysis.LambdaBlockToExpression
    • Simplify lambda blocks to expressions
    • Single-line statement lambdas returning a value can be replaced with expression lambdas. Expression-form lambdas are more concise and consistent with a functional programming style, making the code easier to scan.
  • org.openrewrite.staticanalysis.LowercasePackage
    • Rename packages to lowercase
    • By convention all Java package names should contain only lowercase letters, numbers, and dashes. This recipe converts any uppercase letters in package names to be lowercase. Consistent package naming prevents confusion and potential issues on case-insensitive file systems.
  • org.openrewrite.staticanalysis.MaskCreditCardNumbers
    • Mask credit card numbers
    • When encountering string literals which appear to be credit card numbers, mask the last eight digits with the letter 'X'.
  • org.openrewrite.staticanalysis.MemberNameCaseInsensitiveDuplicates
    • Members should not have names differing only by capitalization
    • Looking at the set of methods and fields in a class and all of its parents, no two members should have names that differ only in capitalization. This rule will not report if a method overrides a parent method. Members with near-identical names are easily confused, leading to bugs where the wrong field or method is referenced.
  • org.openrewrite.staticanalysis.MethodNameCasing
    • Standardize method name casing
    • Fixes method names that do not follow standard naming conventions. For example, String getFoo_bar() would be adjusted to String getFooBar() and int DoSomething() would be adjusted to int doSomething(). Following a consistent casing convention for method names improves code readability and helps developers quickly distinguish methods from classes or constants.
  • org.openrewrite.staticanalysis.MinimumSwitchCases
    • switch statements should have at least 3 case clauses
    • switch statements are useful when many code paths branch depending on the value of a single expression. For just one or two code paths, the code will be more readable with if statements. Using switch for trivial branching adds unnecessary syntactic overhead and obscures the simplicity of the logic.
  • org.openrewrite.staticanalysis.MissingOverrideAnnotation
    • Add missing @Override to overriding and implementing methods
    • Adds @Override to methods overriding superclass methods or implementing interface methods. Annotating methods improves readability by showing the author's intent to override. Additionally, when annotated, the compiler will emit an error when a signature of the overridden method does not match the superclass method.
  • org.openrewrite.staticanalysis.ModifierOrder
    • Modifier order
    • Modifiers should be declared in the correct order as recommended by the JLS. Ordering modifiers consistently reduces cognitive load for developers who are accustomed to the standard sequence.
  • org.openrewrite.staticanalysis.MoveConditionsToWhile
    • Convert while (true) with initial if break to loop condition
    • Simplifies while (true) loops where the first statement is an if statement that only contains a break. The condition is inverted and moved to the loop condition for better readability.
  • org.openrewrite.staticanalysis.MultipleVariableDeclarations
    • No multiple variable declarations
    • Places each variable declaration in its own statement and on its own line. Using one variable declaration per line encourages commenting and can increase readability. Multi-variable declarations also make it harder to track individual types and initializers, increasing the risk of subtle errors.
  • org.openrewrite.staticanalysis.NeedBraces
    • Fix missing braces
    • Adds missing braces around code such as single-line if, for, while, and do-while block bodies. Omitting braces can lead to dangling-statement bugs when additional lines are later added to a block without realizing they fall outside the control structure.
  • org.openrewrite.staticanalysis.NestedEnumsAreNotStatic
    • Nested enums are not static
    • Remove static modifier from nested enum types since they are implicitly static. The redundant modifier adds visual noise and may mislead readers into thinking there is a non-static alternative.
  • org.openrewrite.staticanalysis.NewStringBuilderBufferWithCharArgument
    • Change StringBuilder and StringBuffer character constructor argument to String
    • Instantiating a StringBuilder or a StringBuffer with a Character results in the int representation of the character being used for the initial size. This is almost never the developer's intent and silently produces a buffer with an arbitrary capacity instead of the expected initial content.
  • org.openrewrite.staticanalysis.NoDoubleBraceInitialization
    • No double brace initialization
    • Replace List, Map, and Set double brace initialization with an initialization block. Double brace initialization creates an anonymous inner class that holds a hidden reference to the enclosing instance, which can cause memory leaks and serialization issues.
  • org.openrewrite.staticanalysis.NoEmptyCollectionWithRawType
    • Use Collections#emptyList(), emptyMap(), and emptySet()
    • Replaces Collections#EMPTY_... with methods that return generic types. The raw-typed constant fields bypass generics checks, which can hide type mismatches that only surface as ClassCastException at runtime.
  • org.openrewrite.staticanalysis.NoEqualityInForCondition
    • Use comparison rather than equality checks in for conditions
    • Testing for loop termination using an equality operator (== and !=) is dangerous, because it could set up an infinite loop. Using a relational operator instead makes it harder to accidentally write an infinite loop.
  • org.openrewrite.staticanalysis.NoFinalizedLocalVariables
    • Don't use final on local variables
    • Remove the final modifier keyword from local variables regardless of whether they are used within a local class or an anonymous class.
  • org.openrewrite.staticanalysis.NoFinalizer
    • Remove finalize() method
    • Finalizers are deprecated. Use of finalize() can lead to performance issues, deadlocks, hangs, and other undesirable behavior.
  • org.openrewrite.staticanalysis.NoPrimitiveWrappersForToStringOrCompareTo
    • No primitive wrappers for #toString() or #compareTo(..)
    • Primitive wrappers should not be instantiated only for #toString() or #compareTo(..) invocations. Allocating a wrapper object just to call a method that has a static equivalent is wasteful; the static versions avoid the unnecessary object creation.
  • org.openrewrite.staticanalysis.NoRedundantJumpStatements
    • Jump statements should not be redundant
    • Jump statements such as return and continue let you change the default flow of program execution, but jump statements that direct the control flow to the original direction are just a waste of keystrokes.
  • org.openrewrite.staticanalysis.NoToStringOnStringType
    • Unnecessary String#toString
    • Remove unnecessary String#toString invocations on objects which are already a string. Calling toString() on something that is already a String is redundant and clutters the code.
  • org.openrewrite.staticanalysis.NoValueOfOnStringType
    • Unnecessary String#valueOf(..)
    • Replace unnecessary String#valueOf(..) method invocations with the argument directly. This occurs when the argument to String#valueOf(arg) is a string literal, such as String.valueOf(&quot;example&quot;). Or, when the String#valueOf(..) invocation is used in a concatenation, such as &quot;example&quot; + String.valueOf(&quot;example&quot;). The wrapping call is redundant since Java already performs the conversion implicitly in these contexts.
  • org.openrewrite.staticanalysis.NullableOnMethodReturnType
    • Move @Nullable method annotations to the return type
    • This is the way the cool kids do it.
  • org.openrewrite.staticanalysis.ObjectFinalizeCallsSuper
    • finalize() calls super
    • Overrides of Object#finalize() should call super. Skipping the super call can prevent parent classes from releasing critical system resources during garbage collection.
  • org.openrewrite.staticanalysis.OnlyCatchDeclaredExceptions
    • Replace catch(Exception) with specific declared exceptions thrown in the try block
    • Replaces catch(Exception e) blocks with a multi-catch block (catch (SpecificException1 | SpecificException2 e)) containing only the exceptions declared thrown by method or constructor invocations within the try block that are not already caught by more specific catch clauses. Catching a broad Exception type can unintentionally swallow runtime exceptions that indicate programming errors, making bugs harder to detect and diagnose.
  • org.openrewrite.staticanalysis.OperatorWrap
    • Operator wrapping
    • Fixes line wrapping policies on operators.
  • org.openrewrite.staticanalysis.PreferEqualityComparisonOverDifferenceCheck
    • Prefer direct comparison of numbers
    • Replace a - b == 0 with a == b, a - b != 0 with a != b, a - b &lt; 0 with a &lt; b, and similar transformations for all comparison operators to improve readability and avoid overflow issues.
  • org.openrewrite.staticanalysis.PreferIncrementOperator
    • Prefer increment/decrement and compound assignment operators
    • Prefer the use of increment and decrement operators (++, --, +=, -=) over their more verbose equivalents.
  • org.openrewrite.staticanalysis.PreferSystemGetPropertyOverGetenv
    • Prefer System.getProperty(&quot;user.home&quot;) over System.getenv(&quot;HOME&quot;)
    • Replaces System.getenv(&quot;HOME&quot;) with System.getProperty(&quot;user.home&quot;) for better portability.
  • org.openrewrite.staticanalysis.PrimitiveWrapperClassConstructorToValueOf
    • Use primitive wrapper valueOf method
    • The constructor of all primitive types has been deprecated in favor of using the static factory method valueOf available for each of the primitive type wrappers. Using valueOf enables object caching for frequently used values, reducing unnecessary heap allocations.
  • org.openrewrite.staticanalysis.RedundantFileCreation
    • Redundant file creation
    • Remove unnecessary intermediate creations of files.
  • org.openrewrite.staticanalysis.ReferentialEqualityToObjectEquals
    • Replace referential equality operators with Object equals method invocations when the operands both override Object.equals(Object obj)
    • Using == or != compares object references, not the equality of two objects. This modifies code where both sides of a binary operation (== or !=) override Object.equals(Object obj) except when the comparison is within an overridden Object.equals(Object obj) method declaration itself. The resulting transformation must be carefully reviewed since any modifications change the program's semantics. When a class defines its own notion of equality through equals, using reference comparison is almost always a bug that causes logically identical objects to be treated as different.
  • org.openrewrite.staticanalysis.RemoveCallsToObjectFinalize
    • Remove Object.finalize() invocations
    • Remove calls to Object.finalize(). This method is called during garbage collection and calling it manually is misleading. Explicit finalize invocations can trigger resource cleanup prematurely while the object is still in use, leading to unpredictable behavior.
  • org.openrewrite.staticanalysis.RemoveCallsToSystemGc
    • Remove garbage collection invocations
    • Removes calls to System.gc() and Runtime.gc(). When to invoke garbage collection is best left to the JVM. Manual GC calls produce unpredictable results across different JVM implementations and can cause unnecessary application pauses.
  • org.openrewrite.staticanalysis.RemoveEmptyJavaDocParameters
    • Remove JavaDoc @param, @return, and @throws with no description
    • Removes @param, @return, and @throws with no description from JavaDocs.
  • org.openrewrite.staticanalysis.RemoveExtraSemicolons
    • Remove extra semicolons
    • Removes not needed semicolons. Semicolons are considered not needed: * Optional semicolons at the end of try-with-resources, * after the last enum value if no field or method is defined, * no statement between two semicolon. Stray semicolons are typically typos or remnants of refactoring and can mislead readers into thinking a statement is present.
  • org.openrewrite.staticanalysis.RemoveHashCodeCallsFromArrayInstances
    • hashCode() should not be called on array instances
    • Replace hashCode() calls on arrays with Arrays.hashCode() because the results from hashCode() are not helpful. Arrays inherit hashCode() from Object, which returns an identity-based value unrelated to the array contents, so two arrays with identical elements will produce different hash codes.
  • org.openrewrite.staticanalysis.RemoveInstanceOfPatternMatch
    • Removes from code Java 14's instanceof pattern matching
    • Adds an explicit variable declaration at the beginning of if statement instead of instanceof pattern matching.
  • org.openrewrite.staticanalysis.RemoveJavaDocAuthorTag
    • Remove author tags from JavaDocs
    • Removes author tags from JavaDocs to reduce code maintenance.
  • org.openrewrite.staticanalysis.RemoveMethodsOnlyCallSuper
    • Remove methods that only call super
    • Methods that override a parent method but only call super with the same arguments are redundant and should be removed.
  • org.openrewrite.staticanalysis.RemoveRedundantNullCheckBeforeInstanceof
    • Remove redundant null checks before instanceof
    • Removes redundant null checks before instanceof operations since instanceof returns false for null. Removing the extra check simplifies the conditional and makes the null-safety guarantee of instanceof more visible to readers.
  • org.openrewrite.staticanalysis.RemoveRedundantNullCheckBeforeLiteralEquals
    • Remove redundant null checks before literal equals
    • Removes redundant null checks before equals() comparisons when the receiver is a literal string, since literals can never be null and equals() returns false for null arguments.
  • org.openrewrite.staticanalysis.RemoveRedundantTypeCast
    • Remove redundant casts
    • Removes unnecessary type casts. Does not currently check casts in lambdas and class constructors. Redundant casts add visual noise and can obscure the actual type relationships in the code, making it harder to follow the data flow.
  • org.openrewrite.staticanalysis.RemoveSystemOutPrintln
    • Remove System.out#println statements
    • Print statements are often left accidentally after debugging an issue. This recipe removes all System.out#println and System.err#println statements from the code. Production code should use a proper logging framework which provides consistent formatting, configurable log levels, and centralized output control.
  • org.openrewrite.staticanalysis.RemoveToStringCallsFromArrayInstances
    • Remove toString() calls on arrays
    • The result from toString() calls on arrays is largely useless. The output does not actually reflect the contents of the array. Arrays.toString(array) should be used instead as it gives the contents of the array. Since arrays do not override toString() from Object, calling it produces only the type name and memory address, which is rarely what was intended.
  • org.openrewrite.staticanalysis.RemoveUnneededAssertion
    • Remove unneeded assertions
    • Remove unneeded assertions like assert true, assertTrue(true), or assertFalse(false).
  • org.openrewrite.staticanalysis.RemoveUnneededBlock
    • Remove unneeded block
    • Flatten blocks into inline statements when possible. Unnecessary nested blocks add indentation and scope boundaries that obscure the control flow, often indicating code that should be extracted into its own method.
  • org.openrewrite.staticanalysis.RemoveUnusedLabels
    • Remove unused labels
    • Remove labels that are not referenced by any break or continue statement.
  • org.openrewrite.staticanalysis.RemoveUnusedLocalVariables
    • Remove unused local variables
    • If a local variable is declared but not used, it is dead code and should be removed. Unused variables increase cognitive load for readers who must determine whether the variable matters, and they may signal incomplete implementations or missed refactoring.
  • org.openrewrite.staticanalysis.RemoveUnusedPrivateFields
    • Remove unused private fields
    • If a private field is declared but not used in the program, it can be considered dead code and should therefore be removed. Dead fields clutter the class, increase its memory footprint, and can mislead developers into thinking they are part of the class's behavior.
  • org.openrewrite.staticanalysis.RemoveUnusedPrivateMethods
    • Remove unused private methods
    • private methods that are never executed are dead code and should be removed. Keeping unreachable methods around adds maintenance burden and can give a false impression of the class's capabilities.
  • org.openrewrite.staticanalysis.RenameExceptionInEmptyCatch
    • Rename caught exceptions in empty catch blocks to ignored
    • Renames caught exceptions in empty catch blocks to ignored. ignored will be incremented by 1 if a namespace conflict exists.
  • org.openrewrite.staticanalysis.RenameLocalVariablesToCamelCase
    • Reformat local variable names to camelCase
    • Reformat local variable and method parameter names to camelCase to comply with Java naming convention. The recipe will not rename variables declared in for loop controls or catches with a single character. The first character is set to lower case and existing capital letters are preserved. Special characters that are allowed in java field names $ and _ are removed (unless the name starts with one). If a special character is removed the next valid alphanumeric will be capitalized. Currently, does not support renaming members of classes. The recipe will not rename a variable if the result already exists in the class, conflicts with a java reserved keyword, or the result is blank. Consistent naming conventions improve readability and reduce friction when navigating unfamiliar code.
  • org.openrewrite.staticanalysis.RenameMethodsNamedHashcodeEqualOrToString
    • Rename methods named hashcode, equal, or tostring
    • Methods should not be named hashcode, equal, or tostring. Any of these are confusing as they appear to be intended as overridden methods from the Object base class, despite being case-insensitive. These near-miss names are almost certainly spelling mistakes that silently introduce a new method instead of overriding the intended one.
  • org.openrewrite.staticanalysis.RenamePrivateFieldsToCamelCase
    • Reformat private field names to camelCase
    • Reformat private field names to camelCase to comply with Java naming convention. The recipe will not rename fields with default, protected or public access modifiers. The recipe will not rename private constants. The first character is set to lower case and existing capital letters are preserved. Special characters that are allowed in java field names $ and _ are removed. If a special character is removed the next valid alphanumeric will be capitalized. The recipe will not rename a field if the result already exists in the class, conflicts with a java reserved keyword, or the result is blank. Consistent naming conventions improve code readability and help developers quickly understand the purpose and scope of fields.
  • org.openrewrite.staticanalysis.ReorderAnnotationAttributes
    • Reorder annotation attributes alphabetically
    • Reorder annotation attributes to be alphabetical. Positional arguments (those without explicit attribute names) are left in their original position.
  • org.openrewrite.staticanalysis.ReorderAnnotations
    • Reorder annotations alphabetically
    • Consistently order annotations by comparing their simple name.
  • org.openrewrite.staticanalysis.ReplaceApacheCommonsLang3ValidateNotNullWithObjectsRequireNonNull
    • Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
    • Replace org.apache.commons.lang3.Validate.notNull(..) with Objects.requireNonNull(..).
  • org.openrewrite.staticanalysis.ReplaceClassIsInstanceWithInstanceof
    • Replace A.class.isInstance(a) with a instanceof A
    • There should be no A.class.isInstance(a), it should be replaced by a instanceof A. Using instanceof enables the compiler to catch type incompatibilities at compile time rather than silently passing at runtime, which helps detect dead code early.
  • org.openrewrite.staticanalysis.ReplaceCollectionToArrayArgWithEmptyArray
    • Use Empty Array for Collection.toArray()
    • Changes new array creation with Collection#toArray(T[]) to use an empty array argument, which is better for performance. According to the Collection#toArray(T[]) documentation: > If the collection fits in the specified array, it is returned therein. However, although it's not intuitive, allocating a right-sized array ahead of time to pass to the API appears to be generally worse for performance according to benchmarking and JVM developers due to a number of implementation details in both Java and the virtual machine. H2 achieved significant performance gains by switching to empty arrays instead pre-sized ones.
  • org.openrewrite.staticanalysis.ReplaceDeprecatedRuntimeExecMethods
    • Replace deprecated Runtime#exec() methods
    • Replace Runtime#exec(String) methods to use exec(String[]) instead because the former is deprecated after Java 18 and is no longer recommended for use by the Java documentation.
  • org.openrewrite.staticanalysis.ReplaceDuplicateStringLiterals
    • Replace duplicate String literals
    • Replaces String literals with a length of 5 or greater repeated a minimum of 3 times. Qualified String literals include final Strings, method invocations, and new class invocations. Adds a new private static final String or uses an existing equivalent class field. A new variable name will be generated based on the literal value if an existing field does not exist. The generated name will append a numeric value to the variable name if a name already exists in the compilation unit. Centralizing repeated string values into constants makes refactoring safer and reduces the risk of inconsistent updates.
  • org.openrewrite.staticanalysis.ReplaceLambdaWithMethodReference
    • Use method references in lambda
    • Replaces the single statement lambdas o -&gt; o instanceOf X, o -&gt; (A) o, o -&gt; System.out.println(o), o -&gt; o != null, o -&gt; o == null with the equivalent method reference. Method references are often more concise and readable than their lambda equivalents, making the code's intent clearer at a glance.
  • org.openrewrite.staticanalysis.ReplaceOptionalIsPresentWithIfPresent
    • Replace Optional#isPresent() with Optional#ifPresent()
    • Replace Optional#isPresent() with Optional#ifPresent(). Please note that this recipe is only suitable for if-blocks that lack an Else-block and have a single condition applied.
  • org.openrewrite.staticanalysis.ReplaceRedundantFormatWithPrintf
    • Replace redundant String format invocations that are wrapped with PrintStream operations
    • Replaces PrintStream.print(String.format(format, ...args)) with PrintStream.printf(format, ...args) (and for println, appends a newline to the format string).
  • org.openrewrite.staticanalysis.ReplaceStackWithDeque
    • Replace java.util.Stack with java.util.Deque
    • From the Javadoc of Stack: > A more complete and consistent set of LIFO stack operations is provided by the Deque interface and its implementations, which should be used in preference to this class. Stack inherits from Vector, which carries unnecessary synchronization overhead in single-threaded contexts and exposes non-stack operations like random index access.
  • org.openrewrite.staticanalysis.ReplaceStringBuilderWithString
    • Replace StringBuilder#append with String
    • Replace StringBuilder.append() with String if you are only concatenating a small number of strings and the code is simple and easy to read, as the compiler can optimize simple string concatenation expressions into a single String object, which can be more efficient than using StringBuilder.
  • org.openrewrite.staticanalysis.ReplaceStringConcatenationWithStringValueOf
    • Replace String concatenation with String.valueOf()
    • Replace inefficient string concatenation patterns like &quot;&quot; + ... with String.valueOf(...). This improves code readability and may have minor performance benefits. The empty string prefix &quot;&quot; + is an indirect way to convert a value to a String, while String.valueOf() clearly communicates the conversion intent.
  • org.openrewrite.staticanalysis.ReplaceTextBlockWithString
    • Replace text block with regular string
    • Replace text block with a regular multi-line string. Text blocks that fit on a single line without concatenation or escaped newlines gain no readability benefit from the triple-quote syntax and are clearer as plain string literals.
  • org.openrewrite.staticanalysis.ReplaceThreadRunWithThreadStart
    • Replace calls to Thread.run() with Thread.start()
    • Thread.run() should not be called directly.
  • org.openrewrite.staticanalysis.ReplaceValidateNotNullHavingSingleArgWithObjectsRequireNonNull
    • Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
    • Replace org.apache.commons.lang3.Validate.notNull(Object) with Objects.requireNonNull(Object).
  • org.openrewrite.staticanalysis.ReplaceValidateNotNullHavingVarargsWithObjectsRequireNonNull
    • Replace org.apache.commons.lang3.Validate#notNull with Objects#requireNonNull
    • Replace org.apache.commons.lang3.Validate.notNull(Object, String, Object[]) with Objects.requireNonNull(Object, String).
  • org.openrewrite.staticanalysis.ReplaceWeekYearWithYear
    • Week Year (YYYY) should not be used for date formatting
    • For most dates Week Year (YYYY) and Year (yyyy) yield the same results. However, on the last week of December and the first week of January, Week Year could produce unexpected results. This is a common source of off-by-one-year bugs that typically only manifest around New Year's Eve, making them difficult to catch during development and testing.
  • org.openrewrite.staticanalysis.SillyEqualsCheck
    • Silly equality checks should not be made
    • Detects .equals() calls that compare incompatible types and will always return false. Replaces .equals(null) with == null and array .equals() with Arrays.equals(). Flags comparisons between unrelated types or between arrays and non-arrays.
  • org.openrewrite.staticanalysis.SimplifyArraysAsList
    • Simplify Arrays.asList(..) with varargs
    • Simplifies Arrays.asList() method calls that use explicit array creation to use varargs instead. For example, Arrays.asList(new String[]\{&quot;a&quot;, &quot;b&quot;, &quot;c&quot;\}) becomes Arrays.asList(&quot;a&quot;, &quot;b&quot;, &quot;c&quot;). Explicitly constructing an array to pass to a varargs parameter adds visual clutter without changing behavior, since the compiler generates the array automatically.
  • org.openrewrite.staticanalysis.SimplifyBooleanExpression
    • Simplify boolean expression
    • Checks for overly complicated boolean expressions, such as if (b == true), b || true, !false, etc. Needlessly complex boolean logic makes code harder to reason about and increases the chance of introducing errors during future modifications.
  • org.openrewrite.staticanalysis.SimplifyBooleanExpressionWithDeMorgan
    • Simplify boolean expressions using De Morgan's laws
    • Applies De Morgan's laws to simplify boolean expressions with negation. Transforms !(a &amp;&amp; b) to !a || !b and !(a || b) to !a &amp;&amp; !b. Distributing negations inward eliminates the outer ! and makes each individual condition's polarity immediately visible, which aids comprehension.
  • org.openrewrite.staticanalysis.SimplifyBooleanReturn
    • Simplify boolean return
    • Simplifies Boolean expressions by removing redundancies. For example, a &amp;&amp; true simplifies to a. Wrapping a boolean expression in an if-then-else just to return true or false adds unnecessary control flow that obscures the straightforward intent of the expression.
  • org.openrewrite.staticanalysis.SimplifyCompoundStatement
    • Simplify compound statement
    • Fixes or removes useless compound statements. For example, removing b &amp;= true, and replacing b &amp;= false with b = false.
  • org.openrewrite.staticanalysis.SimplifyConsecutiveAssignments
    • Simplify consecutive assignments
    • Combine consecutive assignments into a single statement where possible.
  • org.openrewrite.staticanalysis.SimplifyConstantIfBranchExecution
    • Simplify constant if branch execution
    • Checks for if expressions that are always true or false and simplifies them. Branches that can never execute are dead code that misleads readers and may mask logic errors introduced during refactoring.
  • org.openrewrite.staticanalysis.SimplifyDurationCreationUnits
    • Simplify java.time.Duration units
    • Simplifies java.time.Duration units to be more human-readable.
  • org.openrewrite.staticanalysis.SimplifyElseBranch
    • Simplify else branch if it only has a single if
    • Simplify else branch if it only has a single if.
  • org.openrewrite.staticanalysis.SimplifyForLoopBoundaryComparison
    • Simplify for loop boundary comparisons
    • Replace &lt;= with &lt; in for loop conditions by adjusting the comparison operands. For example, i &lt;= n - 1 simplifies to i &lt; n, and i &lt;= n becomes i &lt; n + 1.
  • org.openrewrite.staticanalysis.SimplifyTernaryRecipes
    • Simplify ternary expressions
    • Simplifies various types of ternary expressions to improve code readability. Ternaries that simply select between true and false are redundant wrappers around the condition itself and add unnecessary complexity.
  • org.openrewrite.staticanalysis.SimplifyTernaryRecipes$SimplifyTernaryFalseTrueRecipe
    • Replace booleanExpression ? false : true with !booleanExpression
    • Replace ternary expressions like booleanExpression ? false : true with !booleanExpression.
  • org.openrewrite.staticanalysis.SimplifyTernaryRecipes$SimplifyTernaryTrueFalseRecipe
    • Replace booleanExpression ? true : false with booleanExpression
    • Replace ternary expressions like booleanExpression ? true : false with booleanExpression.
  • org.openrewrite.staticanalysis.SingleLineCommentSpacing
    • Add space after // in single-line comments
    • Ensures there is exactly one space after // in single-line comments when missing.
  • org.openrewrite.staticanalysis.SortedSetStreamToLinkedHashSet
    • Sorted set stream should be collected to LinkedHashSet
    • Converts set.stream().sorted().collect(Collectors.toSet()) to set.stream().sorted().collect(LinkedHashSet::new).
  • org.openrewrite.staticanalysis.StaticAccessViaInstance
    • Static members should be accessed via the class name
    • Accessing static fields or calling static methods on an instance reference is misleading. Static members should be accessed using the declaring class name instead.
  • org.openrewrite.staticanalysis.StaticMethodNotFinal
    • Static methods need not be final
    • Static methods do not need to be declared final because they cannot be overridden. Redundant modifiers add noise to the code and can suggest a misunderstanding of the language's dispatch model.
  • org.openrewrite.staticanalysis.StringLiteralEquality
    • Use String.equals() on String literals
    • String.equals() should be used when checking value equality on String literals. Using == or != compares object references, not the actual value of the Strings. This only modifies code where at least one side of the binary operation (== or !=) is a String literal, such as &quot;someString&quot; == someVariable;. This is to prevent inadvertently changing code where referential equality is the user's intent. Reference equality on strings is fragile because it depends on JVM string interning behavior, which can vary across runtimes and is not guaranteed for dynamically constructed strings.
  • org.openrewrite.staticanalysis.TernaryOperatorsShouldNotBeNested
    • Ternary operators should not be nested
    • Nested ternary operators can be hard to read quickly. Prefer simpler constructs for improved readability. If supported, this recipe will try to replace nested ternaries with switch expressions. Deeply nested conditional expressions obscure the branching logic and make it easy to misread which value corresponds to which condition.
  • org.openrewrite.staticanalysis.TypecastParenPad
    • Typecast parenthesis padding
    • Fixes whitespace padding between a typecast type identifier and the enclosing left and right parentheses. For example, when configured to remove spacing, ( int ) 0L; becomes (int) 0L;.
  • org.openrewrite.staticanalysis.URLEqualsHashCodeRecipes
    • URL Equals and Hash Code
    • Uses of equals() and hashCode() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • org.openrewrite.staticanalysis.URLEqualsHashCodeRecipes$URLEqualsRecipe
    • URL Equals
    • Uses of equals() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • org.openrewrite.staticanalysis.URLEqualsHashCodeRecipes$URLHashCodeRecipe
    • URL Hash Code
    • Uses of hashCode() cause java.net.URL to make blocking internet connections. Instead, use java.net.URI.
  • org.openrewrite.staticanalysis.UnnecessaryCatch
    • Remove catch for a checked exception if the try block does not throw that exception
    • A refactoring operation may result in a checked exception that is no longer thrown from a try block. This recipe will find and remove unnecessary catch blocks.
  • org.openrewrite.staticanalysis.UnnecessaryCloseInTryWithResources
    • Unnecessary close in try-with-resources
    • Remove unnecessary AutoCloseable#close() statements in try-with-resources. Try-with-resources already guarantees that each declared resource is closed when the block exits, so an explicit close() call is redundant and can be confusing.
  • org.openrewrite.staticanalysis.UnnecessaryExplicitTypeArguments
    • Unnecessary explicit type arguments
    • When explicit type arguments are inferable by the compiler, they may be removed.
  • org.openrewrite.staticanalysis.UnnecessaryParentheses
    • Remove unnecessary parentheses
    • Removes unnecessary parentheses from code where extra parentheses pairs are redundant. Redundant parentheses add visual noise and can obscure the actual structure of an expression, making code harder to read at a glance.
  • org.openrewrite.staticanalysis.UnnecessaryPrimitiveAnnotations
    • Remove @Nullable and @CheckForNull annotations from primitives
    • Primitives can't be null anyway, so these annotations are not useful in this context. Leaving them in place gives the false impression that a null value is possible, which can confuse readers and static analysis tools alike.
  • org.openrewrite.staticanalysis.UnnecessaryReturnAsLastStatement
    • Unnecessary return as last statement in void method
    • Removes return from a void method if it's the last statement. A trailing return in a void method has no effect on control flow and is just noise that distracts from the meaningful logic.
  • org.openrewrite.staticanalysis.UnnecessaryThrows
    • Unnecessary throws
    • Remove unnecessary throws declarations. This recipe will only remove unused, checked exceptions if: - The declaring class or the method declaration is final. - The method declaration is static or private. - The method overrides a method declaration in a super class and the super class does not throw the exception. - The method is public or protected and the exception is not documented via a JavaDoc as a @throws tag. Declaring exceptions that are never thrown misleads callers into writing unnecessary error-handling code and obscures the method's true behavior.
  • org.openrewrite.staticanalysis.UnwrapElseAfterReturn
    • Unwrap else block after return or throw statement
    • Unwraps the else block when the if block ends with a return or throw statement, reducing nesting and improving code readability.
  • org.openrewrite.staticanalysis.UnwrapRepeatableAnnotations
    • Unwrap @Repeatable annotations
    • Java 8 introduced the concept of @Repeatable annotations, making the wrapper annotation unnecessary. Using the repeatable form directly reduces nesting and makes the individual annotations easier to scan.
  • org.openrewrite.staticanalysis.UpperCaseLiteralSuffixes
    • Upper case literal suffixes
    • Using upper case literal suffixes for declaring literals is less ambiguous, e.g., 1l versus 1L. A lowercase l is easily mistaken for the digit 1 in many fonts, which can lead to incorrect assumptions about the value.
  • org.openrewrite.staticanalysis.UseAsBuilder
    • Chain calls to builder methods
    • Chain calls to builder methods that are on separate lines into one chain of builder calls.
  • org.openrewrite.staticanalysis.UseCollectionInterfaces
    • Use Collection interfaces
    • Use Deque, List, Map, ConcurrentMap, Queue, and Set instead of implemented collections. Replaces the return type of public method declarations and the variable type public variable declarations. Programming to an interface rather than a concrete collection type decouples callers from a specific implementation, making it easier to swap data structures later without breaking dependent code.
  • org.openrewrite.staticanalysis.UseDiamondOperator
    • Use the diamond operator
    • The diamond operator (&lt;&gt;) should be used. Java 7 introduced the diamond operator to reduce the verbosity of generics code. For instance, instead of having to declare a List's type in both its declaration and its constructor, you can now simplify the constructor declaration with &lt;&gt;, and the compiler will infer the type. Repeating type arguments that the compiler can already deduce is unnecessary boilerplate that clutters the code.
  • org.openrewrite.staticanalysis.UseForEachRemoveInsteadOfSetRemoveAll
    • Replace java.util.Set#removeAll(java.util.Collection) with java.util.Collection#forEach(Set::remove)
    • Using java.util.Collection#forEach(Set::remove) rather than java.util.Set#removeAll(java.util.Collection) may improve performance due to a possible O(n^2) complexity.
  • org.openrewrite.staticanalysis.UseJavaStyleArrayDeclarations
    • No C-style array declarations
    • Change C-Style array declarations int i[]; to int[] i;. Keeping the brackets with the type groups all type information in one place, so readers do not have to inspect both the type and the variable name to determine whether something is an array.
  • org.openrewrite.staticanalysis.UseLambdaForFunctionalInterface
    • Use lambda expressions instead of anonymous classes
    • Instead of anonymous class declarations, use a lambda where possible. Using lambdas to replace anonymous classes can lead to more expressive and maintainable code, improve code readability, reduce code duplication, and achieve better performance in some cases.
  • org.openrewrite.staticanalysis.UseListSort
    • Replace invocations of Collections#sort(List, Comparator) with List#sort(Comparator)
    • The java.util.Collections#sort(..) implementation defers to the java.util.List#sort(Comparator), replaced it with the java.util.List#sort(Comparator) implementation for better readability.
  • org.openrewrite.staticanalysis.UseMapContainsKey
    • Use Map#containsKey
    • map.keySet().contains(a) can be simplified to map.containsKey(a).
  • org.openrewrite.staticanalysis.UseObjectNotifyAll
    • Replaces Object.notify() with Object.notifyAll()
    • Object.notifyAll() and Object.notify() both wake up sleeping threads, but Object.notify() only rouses one while Object.notifyAll() rouses all of them. Since Object.notify() might not wake up the right thread, Object.notifyAll() should be used instead. See this for more information. Using notify() in a multi-waiter scenario risks leaving threads permanently stalled when the wrong one is awakened.
  • org.openrewrite.staticanalysis.UsePortableNewlines
    • Use %n instead of \n in format strings
    • Format strings should use %n rather than \n to produce platform-specific line separators. Hard-coded \n characters produce incorrect line endings on Windows, whereas %n adapts to the runtime platform automatically.
  • org.openrewrite.staticanalysis.UseStandardCharset
    • Use StandardCharset constants
    • Replaces Charset.forName(java.lang.String) with the equivalent StandardCharset constant. Using the predefined constants is both compile-time safe and avoids the need to handle UnsupportedEncodingException for charsets that are guaranteed to exist on every JVM.
  • org.openrewrite.staticanalysis.UseStringReplace
    • Use String::replace() when first parameter is not a real regular expression
    • When String::replaceAll is used, the first argument should be a real regular expression. If it’s not the case, String::replace does exactly the same thing as String::replaceAll without the performance drawback of the regex.
  • org.openrewrite.staticanalysis.UseSystemLineSeparator
    • Use System.lineSeparator()
    • Replace calls to System.getProperty(&quot;line.separator&quot;) with System.lineSeparator().
  • org.openrewrite.staticanalysis.UseTryWithResources
    • Use try-with-resources
    • Refactor try/finally blocks to use try-with-resources when the finally block only closes an AutoCloseable resource. Try-with-resources guarantees that resources are closed even when exceptions occur, eliminating an entire class of resource-leak bugs that manual finally blocks are prone to.
  • org.openrewrite.staticanalysis.WhileInsteadOfFor
    • Prefer while over for loops
    • When only the condition expression is defined in a for loop, and the initialization and increment expressions are missing, a while loop should be used instead to increase readability. A for loop with empty init and update sections signals iteration mechanics that do not exist, whereas while clearly communicates a simple conditional loop.
  • org.openrewrite.staticanalysis.WriteOctalValuesAsDecimal
    • Write octal values as decimal
    • Developers may not recognize octal values as such, mistaking them instead for decimal values. Because a leading zero silently switches the literal to base-8, what looks like 010 actually represents 8, which is a common source of subtle numeric bugs.
  • org.openrewrite.staticanalysis.java.MoveFieldAnnotationToType
    • Move annotation to type instead of field
    • Annotations that could be applied to either a field or a type are better applied to the type, because similar annotations may be more restrictive, leading to compile errors like 'scoping construct cannot be annotated with type-use annotation' when migrating later.
  • org.openrewrite.staticanalysis.maven.MavenJavadocNonAsciiRecipe
    • Remove non-ASCII characters from Javadoc
    • Maven's javadoc-plugin configuration does not support non-ASCII characters. What makes it tricky is the error is very ambiguous and doesn't help in any way. This recipe removes those non-ASCII characters.

rewrite-static-analysis-python

License: Moderne Proprietary License

87 recipes

rewrite-struts

License: Moderne Proprietary License

22 recipes

rewrite-terraform

License: Moderne Proprietary License

133 recipes

rewrite-testing-frameworks

License: Moderne Source Available License

249 recipes

rewrite-third-party

License: Apache License Version 2.0

1553 recipes