Hi, I have a little doubt. This documentation below says that implementation does not expose the class to consumer. https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_separation But when my user try to use the library from maven, it fully exposes the code regardless of api or implementation. Am I missing something?

You misunderstood the documentation. It says implementation dependency will not be exposed via transitively. Hope you are aware of transitive dependencies. Dependencies appearing in the

api

configurations will be transitively exposed to consumers of the library, and as such will appear on the compile classpath of consumers. Dependencies found in the

implementation

configuration will, on the other hand, not be exposed to consumers, and therefore not leak into the consumers' compile classpath. This comes with several benefits: • dependencies do not leak into the compile classpath of consumers anymore, so you will never accidentally depend on a transitive dependency

@Abhilash V the concept of visibilities like api and implementation only exists in Gradle. Maven does not support this kind separation because there is only the compile and runtime scope.

@Benedikt Ritter And yet:

the produced POM file only puts

api

dependencies into the compile scope and the remaining

implementation

dependencies into the runtime scope

But given that I do know it indeed works that way, what the OP describes doesn't really make sense unless I'm misunderstanding what they're trying to do and/or experiencing. TL;DR: @Abhilash V Can you give more details?

I am trying to create my library "*Login*". This login uses another module "*base*". I do not want my users who use "*Login*" SDK to see/access classes in "*base*" module. I assumed gradle has api/implementation for this use case. I would like clarification on this.

base

would have to be downloadable and available at runtime at a minimum. api/implementation would at most hide it from the compile classpath, but consumers could still add a direct dependency to it if they wanted, and/or access the classes through reflection.

consumers could still add a direct dependency to it if they wanted, and/or access the classes through reflection.

Consumers adding directly or accessing the class via reflection is not a problem. What I want is any of consumers that uses "*Login*" SDK alone should not be able to view/access classes in "*base*". Is it possible to achieve that?

If you mean "accidentally" (if it weren't accidental, then they could just add a direct dependency on base; or use reflection), then having Login DSK depend on

base

as an

implementation

dependency is supposed to work that way. And the

maven-publish

plugin should generate a

<scope>runtime</scope>

dependency for it so it should work that way when depending on the Login SDK in a Maven project.

I am using a android library. The scope that you mentioned was not produced automatically. I will implement it manually and check it