This message was deleted.

Perhaps check out the Nebula resolution rules plugin, specifically creating custom rules (JSON files) to reject, deny, substitute as appropriate. That’s a layer over the underlying Gradle APIs that can do the same thing.

hmmm… are dependency substitution rules idempotent/recursion safe? Seems like the friendly way to do this is to declare that the “banned thing” should be substituted for by the internal “blessed thing”?

yea. depends on the specifics - replace with a “good” version, substitute with a replacement, or outright fail.

regarding how to implement, my first instinct would be to reach for:

configurations.all {
  incoming.beforeResolve { deps ->
    //some logic that interrogates deps
  }
}

I appreciate the ideas, guys 🙂

i have done

project.configurations.findByName(
                    "implementation"
                )?.dependencies?.any { it.name == "library-name" } ?: false

Technically speaking, even if you look at first level dependencies, you will not know if they were declared in a build script or somewhere else (e.g in a plugin).

Good point