Actually, they are the same, it's just that it was moved and renamed. The dependency-maven-plugin is hosted at Mojo while maven-dependency-plugin is hosted at Apache. The recommended plugin to use is the maven-dependency-plugin.
In order for this to work, you must configure the ArtifactItems as shown here. Note that when executing a plugin from the command line, you must put the configuration tag outside of the executions.
If you haven't done this correctly, the error will look like this:
 inside the definition for plugin: 'maven-dependency-plugin', specify the following:
The latest documents are published and may preceed the actual release. Check to make sure the goal/parameter is in the most recent version. -OR- Maven may be resolving the older codehaus version of the dependency plugin. See next question.
Due to a bug in Maven in versions prior to 2.0.7 (MNG-2926), the search order was reversed and caused Mojo plugins to supercede ones with the same prefix at Apache. The metadata at Mojo was cleaned up when the maven-dependency-plugin was released at Apache. If you are still experiencing this error, chances are you have old metadata in your local repository or in a proxy / internal repository. Removing /org/codehaus/mojo/maven-metadata.* from your repo/proxy will cause it to be refreshed. Alternatively, you can specify the groupId explicitely in your pom (if you are using a bound goal), or on the command line, use groupId:artifactId:version:mojo, ie mvn org.apache.maven.plugins:maven-dependency-plugin:2.5:unpack
The excludes will override the includes declaration. That means if you specify excludes=**/* ,includes=**/foo, you will exclude everything. If you only want foo, then just specify the includes. The plexus component used to unpack uses the following code to determine which files to unpack: return isIncluded( name ) AND !isExcluded( name );
By default, dependency analysis is done at bytecode level: anything that doesn't get into bytecode isn't detected. This is the case, for example, of constants, annotations with source retention policy, or javadoc links.
If the only use of a dependency consists of such undetected constructs, the dependency is analyzed as unused. Since 2.6, you can force use report with usedDependencies parameter.