├── .editorconfig ├── .github ├── dependabot.yml ├── lock.yml └── workflows │ ├── nodejs.yml │ └── release.yml ├── .gitignore ├── .npmignore ├── CODEOWNERS ├── CONTRIBUTING.md ├── HISTORY.md ├── LICENSE ├── NOTICE ├── README.md └── package.json /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*] 4 | end_of_line = lf 5 | insert_final_newline = true 6 | 7 | [*.{js,json,yml}] 8 | charset = utf-8 9 | indent_style = space 10 | indent_size = 2 11 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates 2 | 3 | version: 2 4 | updates: 5 | - package-ecosystem: "github-actions" 6 | directory: "/" 7 | schedule: 8 | interval: 'weekly' 9 | day: 'saturday' 10 | # this is a meta-package for npm - we dont update our dependencies 11 | -------------------------------------------------------------------------------- /.github/lock.yml: -------------------------------------------------------------------------------- 1 | # Configuration for lock-threads - https://github.com/dessant/lock-threads 2 | daysUntilLock: 90 3 | exemptLabels: [] 4 | lockLabel: false 5 | lockComment: > 6 | This thread has been automatically locked since there has not been 7 | any recent activity after it was closed. Please open a new issue for 8 | related bugs. 9 | setLockReason: true 10 | -------------------------------------------------------------------------------- /.github/workflows/nodejs.yml: -------------------------------------------------------------------------------- 1 | # For details of what checks are run for PRs please refer below 2 | # docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions 3 | 4 | name: Node CI 5 | 6 | on: 7 | push: 8 | branches: [ "main", "master", "next" ] 9 | tags: [ "v*" ] 10 | pull_request: 11 | workflow_dispatch: 12 | schedule: 13 | - # dependencies are intended to be not pinned 14 | # test every night, if the setup still works 15 | cron: '42 23 * * *' 16 | 17 | concurrency: 18 | group: ${{ github.workflow }}-${{ github.ref }} 19 | cancel-in-progress: true 20 | 21 | permissions: {} 22 | 23 | env: 24 | # https://nodejs.dev/en/about/releases/ 25 | NODE_ACTIVE_LTS: "22" 26 | 27 | ## As this project is a meta-package, there are no functionalities nor tests. 28 | ## So the only responsibility that must be assured is: this project can be installed under all circumstances. 29 | jobs: 30 | test-npm-install: 31 | name: NPM install (node${{ matrix.node-version }}, ${{ matrix.os }}) 32 | timeout-minutes: 5 33 | runs-on: ${{ matrix.os }} 34 | strategy: 35 | fail-fast: false 36 | matrix: 37 | os: 38 | - ubuntu-latest 39 | - windows-latest 40 | - macos-13 # macos-latest has issues with node14 41 | node-version: 42 | # action based on https://github.com/actions/node-versions/releases 43 | # see also: https://nodejs.org/en/about/releases/ 44 | - "23" # Current 45 | - "22" # Active LTS 46 | - "20" # Maintenance 47 | - "18" 48 | - "16" 49 | - "14" 50 | steps: 51 | - name: Checkout 52 | # see https://github.com/actions/checkout 53 | uses: actions/checkout@v4 54 | - name: Setup Node.js ${{ matrix.node-version }} 55 | # see https://github.com/actions/setup-node 56 | uses: actions/setup-node@v4 57 | with: 58 | node-version: ${{ matrix.node-version }} 59 | - name: install project 60 | run: > 61 | npm install 62 | --no-audit 63 | --no-package-lock 64 | --verbose 65 | # proven: the package can be installed. that's enough for a meta-package 66 | test-yarn-install: 67 | name: YARN install (node${{ matrix.node-version }}, ${{ matrix.os }}) 68 | timeout-minutes: 5 69 | runs-on: ${{ matrix.os }} 70 | strategy: 71 | fail-fast: false 72 | matrix: 73 | os: 74 | - ubuntu-latest 75 | - windows-latest 76 | - macos-13 # macos-latest has issues with node14 77 | node-version: 78 | # action based on https://github.com/actions/node-versions/releases 79 | # see also: https://nodejs.org/en/about/releases/ 80 | - "23" # Current 81 | - "22" # Active LTS 82 | - "20" # Maintenance 83 | - "18" 84 | - "16" 85 | - "14" 86 | steps: 87 | - name: Checkout 88 | ## see https://github.com/actions/checkout 89 | uses: actions/checkout@v4 90 | - name: Setup Node.js ${{ matrix.node-version }} 91 | # see https://github.com/actions/setup-node 92 | uses: actions/setup-node@v4 93 | with: 94 | node-version: ${{ matrix.node-version }} 95 | - name: install project 96 | run: > 97 | yarn install 98 | --inline-builds 99 | # proven: the package can be installed. that's enough for a meta-package 100 | test-pnpm-install: 101 | name: PNPM install (node${{ matrix.node-version }}, ${{ matrix.os }}) 102 | timeout-minutes: 5 103 | runs-on: ${{ matrix.os }} 104 | strategy: 105 | fail-fast: false 106 | matrix: 107 | os: 108 | - ubuntu-latest 109 | - windows-latest 110 | - macos-latest 111 | node-version: 112 | # action based on https://github.com/actions/node-versions/releases 113 | # see also: https://nodejs.org/en/about/releases/ 114 | - "23" # Current 115 | - "22" # Active LTS 116 | - "20" # Maintenance 117 | - "18" 118 | pnpm-version: [ "latest" ] 119 | include: 120 | - os: "ubuntu-latest" 121 | node-version: "16" 122 | pnpm-version: "latest-8" # see https://www.npmjs.com/package/pnpm/?activeTab=versions 123 | - os: "ubuntu-latest" 124 | node-version: "14" 125 | pnpm-version: "latest-7" # see https://www.npmjs.com/package/pnpm/?activeTab=versions 126 | steps: 127 | - name: Checkout 128 | # see https://github.com/actions/checkout 129 | uses: actions/checkout@v4 130 | - name: Setup Node.js ${{ matrix.node-version }} 131 | # see https://github.com/actions/setup-node 132 | uses: actions/setup-node@v4 133 | with: 134 | node-version: ${{ matrix.node-version }} 135 | - name: setup pnpm 136 | ## see https://github.com/pnpm/action-setup 137 | uses: pnpm/action-setup@v4.1.0 138 | with: 139 | version: ${{ matrix.pnpm-version }} 140 | - name: install project 141 | run: > 142 | pnpm install 143 | --no-lockfile 144 | --verbose 145 | # proven: the package can be installed. that's enough for a meta-package 146 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | # docs: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions 2 | 3 | name: Release 4 | 5 | on: 6 | workflow_dispatch: 7 | inputs: 8 | newversion: 9 | # is param from `npm version`. therefore the description should reference all the options from there 10 | description: 'one of: [ | major | minor | patch | premajor | preminor | prepatch | prerelease | from-git]' 11 | required: true 12 | commitMessage: 13 | description: 'Release/commit message (%s will be replaced with the resulting version number)' 14 | default: '%s' 15 | required: true 16 | preid: 17 | description: 'The "prerelease identifier" to use as a prefix for the "prerelease" part of a semver. Like the rc in `1.2.0-rc.8`.' 18 | type: choice 19 | options: 20 | - rc 21 | - beta 22 | - alpha 23 | default: rc 24 | required: false 25 | prerelease: 26 | description: "This a pre-release" 27 | type: boolean 28 | default: false 29 | required: false 30 | 31 | permissions: {} 32 | 33 | env: 34 | # https://nodejs.dev/en/about/releases/ 35 | NODE_ACTIVE_LTS: "22" 36 | 37 | jobs: 38 | bump: 39 | name: bump and tag release 40 | concurrency: release-bump 41 | outputs: 42 | version: ${{ steps.bump.outputs.version }} 43 | version_plain: ${{ steps.bump.outputs.version_plain }} 44 | runs-on: ubuntu-latest 45 | timeout-minutes: 30 46 | permissions: 47 | contents: write # needed for git push 48 | steps: 49 | - name: Checkout code 50 | # see https://github.com/actions/checkout 51 | uses: actions/checkout@v4 52 | - name: Configure Git 53 | # needed for push back of changes 54 | run: | 55 | set -eux 56 | git config --local user.email "${GITHUB_ACTOR}@users.noreply.github.com" 57 | git config --local user.name "${GITHUB_ACTOR}" 58 | - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }} 59 | # see https://github.com/actions/setup-node 60 | uses: actions/setup-node@v4 61 | with: 62 | node-version: ${{ env.NODE_ACTIVE_LTS }} 63 | - name: bump VERSION 64 | id: bump 65 | run: | 66 | set -eux 67 | COMMIT_SIG="Signed-off-by: $(git config user.name) <$(git config user.email)>" 68 | VERSION="$(npm version "$NPMV_NEWVERSION" --message "$NPMV_MESSAGE"$'\n\n'"$COMMIT_SIG" --preid "$NPMV_PREID")" 69 | echo "::debug::new version = $VERSION" 70 | VERSION_PLAIN="${VERSION:1}" # remove 'v' prefix 71 | echo "::debug::plain version = $VERSION_PLAIN" 72 | echo "version=$VERSION" >> $GITHUB_OUTPUT 73 | echo "version_plain=$VERSION_PLAIN" >> $GITHUB_OUTPUT 74 | env: 75 | NPMV_NEWVERSION: ${{ github.event.inputs.newversion }} 76 | NPMV_MESSAGE: ${{ github.event.inputs.commitMessage }} 77 | NPMV_PREID: ${{ github.event.inputs.preid }} 78 | - name: git push back 79 | run: git push --follow-tags 80 | 81 | publish-NPMJS: 82 | needs: 83 | - "bump" 84 | name: publish NPMJS 85 | permissions: 86 | id-token: write 87 | runs-on: ubuntu-latest 88 | timeout-minutes: 30 89 | steps: 90 | - name: Checkout code 91 | # see https://github.com/actions/checkout 92 | uses: actions/checkout@v4 93 | with: 94 | ref: ${{ needs.bump.outputs.version }} 95 | - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }} 96 | # see https://github.com/actions/setup-node 97 | uses: actions/setup-node@v4 98 | with: 99 | node-version: ${{ env.NODE_ACTIVE_LTS }} 100 | - name: login to NPMJS 101 | run: npm config set "//registry.npmjs.org/:_authToken=$NPMJS_AUTH_TOKEN" 102 | env: 103 | NPMJS_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} 104 | - name: publish to NPMJS as "latest" 105 | if: ${{ github.event.inputs.prerelease != 'true' }} 106 | run: npm publish --provenance --access public --tag 'latest' 107 | - name: publish to NPMJS as "unstable-prerelease" 108 | if: ${{ github.event.inputs.prerelease == 'true' }} 109 | run: npm publish --provenance --access public --tag 'unstable-prerelease' 110 | 111 | release-GH: 112 | needs: 113 | - "bump" 114 | - "publish-NPMJS" 115 | name: publish GitHub 116 | runs-on: ubuntu-latest 117 | timeout-minutes: 30 118 | permissions: 119 | contents: write # create a release 120 | steps: 121 | - name: Create Release 122 | id: release 123 | # see https://github.com/softprops/action-gh-release 124 | uses: softprops/action-gh-release@v2 125 | env: 126 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 127 | with: 128 | tag_name: ${{ needs.bump.outputs.version }} 129 | name: ${{ needs.bump.outputs.version_plain }} 130 | prerelease: ${{ github.event.inputs.prerelease }} 131 | target_commitish: ${{ github.head_ref || github.ref_name }} 132 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## this is a meta-package - we dont lock 2 | /package-lock.json 3 | /yarn.lock 4 | /pnpm-lock.yaml 5 | 6 | ## pm rc 7 | .npmrc 8 | .yarnrc 9 | .yarnrc.yml 10 | pnpm-workspace.yaml 11 | .pnpmfile.cjs 12 | 13 | 14 | ## target of JSDoc 15 | /out/ 16 | /docs/jsdoc/ 17 | 18 | ## target or reportings, tests, etc 19 | /reports/ 20 | /CI_reports/ 21 | /bom.xml 22 | /bom.json 23 | 24 | ## caches 25 | /.*.cache 26 | 27 | /dist/ 28 | /dist.*/ 29 | 30 | ### https://github.com/github/gitignore/blob/main/Node.gitignore 31 | 32 | # Logs 33 | logs 34 | *.log 35 | npm-debug.log* 36 | yarn-debug.log* 37 | yarn-error.log* 38 | lerna-debug.log* 39 | .pnpm-debug.log* 40 | 41 | # Diagnostic reports (https://nodejs.org/api/report.html) 42 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 43 | 44 | # Runtime data 45 | pids 46 | *.pid 47 | *.seed 48 | *.pid.lock 49 | 50 | # Directory for instrumented libs generated by jscoverage/JSCover 51 | lib-cov 52 | 53 | # Coverage directory used by tools like istanbul 54 | coverage 55 | *.lcov 56 | 57 | # nyc test coverage 58 | .nyc_output 59 | 60 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 61 | .grunt 62 | 63 | # Bower dependency directory (https://bower.io/) 64 | bower_components 65 | 66 | # node-waf configuration 67 | .lock-wscript 68 | 69 | # Compiled binary addons (https://nodejs.org/api/addons.html) 70 | build/Release 71 | 72 | # Dependency directories 73 | node_modules/ 74 | jspm_packages/ 75 | 76 | # Snowpack dependency directory (https://snowpack.dev/) 77 | web_modules/ 78 | 79 | # TypeScript cache 80 | *.tsbuildinfo 81 | 82 | # Optional npm cache directory 83 | .npm 84 | 85 | # Optional eslint cache 86 | .eslintcache 87 | 88 | # Optional stylelint cache 89 | .stylelintcache 90 | 91 | # Microbundle cache 92 | .rpt2_cache/ 93 | .rts2_cache_cjs/ 94 | .rts2_cache_es/ 95 | .rts2_cache_umd/ 96 | 97 | # Optional REPL history 98 | .node_repl_history 99 | 100 | # Output of 'npm pack' 101 | *.tgz 102 | 103 | # Yarn Integrity file 104 | .yarn-integrity 105 | 106 | # dotenv environment variable files 107 | .env 108 | .env.development.local 109 | .env.test.local 110 | .env.production.local 111 | .env.local 112 | 113 | # parcel-bundler cache (https://parceljs.org/) 114 | .cache 115 | .parcel-cache 116 | 117 | # Next.js build output 118 | .next 119 | out 120 | 121 | # Nuxt.js build / generate output 122 | .nuxt 123 | dist 124 | 125 | # Gatsby files 126 | .cache/ 127 | # Comment in the public line in if your project uses Gatsby and not Next.js 128 | # https://nextjs.org/blog/next-9-1#public-directory-support 129 | # public 130 | 131 | # vuepress build output 132 | .vuepress/dist 133 | 134 | # vuepress v2.x temp and cache directory 135 | .temp 136 | .cache 137 | 138 | # Docusaurus cache and generated files 139 | .docusaurus 140 | 141 | # Serverless directories 142 | .serverless/ 143 | 144 | # FuseBox cache 145 | .fusebox/ 146 | 147 | # DynamoDB Local files 148 | .dynamodb/ 149 | 150 | # TernJS port file 151 | .tern-port 152 | 153 | # Stores VSCode versions used for testing VSCode extensions 154 | .vscode-test 155 | 156 | # yarn v2 157 | .yarn 158 | .yarn/cache 159 | .yarn/unplugged 160 | .yarn/build-state.yml 161 | .yarn/install-state.gz 162 | .pnp.* 163 | -------------------------------------------------------------------------------- /.npmignore: -------------------------------------------------------------------------------- 1 | 2 | ## ship nothing ... 3 | * 4 | 5 | ## ... nothing, but ... 6 | !package.json 7 | !LICENSE 8 | !NOTICE 9 | !README.md 10 | !docs/ 11 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # see https://docs.github.com/en/github/creating-cloning-and-archiving-repositories/about-code-owners 2 | 3 | 4 | # all maintainers are default-reviewers of new pull requests. 5 | # see https://github.com/orgs/CycloneDX/teams/javascript-maintainers 6 | * @CycloneDX/javascript-maintainers 7 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Pull requests are welcome. 4 | But please read the 5 | [CycloneDX contributing guidelines](https://github.com/CycloneDX/.github/blob/master/CONTRIBUTING.md) 6 | first. 7 | 8 | ## Sign off your commits 9 | 10 | Please sign off your commits, to show that you agree to publish your changes under the current terms and licenses of the project 11 | , and to indicate agreement with [Developer Certificate of Origin (DCO)](https://developercertificate.org/). 12 | 13 | ```shell 14 | git commit --signed-off ... 15 | ``` 16 | -------------------------------------------------------------------------------- /HISTORY.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | ## unreleased 6 | 7 | 8 | 9 | ## 4.1.0 - 2024-06-26 10 | 11 | * Added 12 | * New optional dependency `@cyclonedx/yarn-plugin-cyclonedx` (via [#365]) 13 | This is a package for generating SBOM from _yarn_ projects. 14 | 15 | [#365]: https://github.com/CycloneDX/cyclonedx-node-module/pull/365 16 | 17 | ## 4.0.5 - 2024-05-06 18 | 19 | * Docs 20 | * Acknowledge tools for _Rollup_, _Vite_ (via [#363]) 21 | 22 | [#363]: https://github.com/CycloneDX/cyclonedx-node-module/pull/363 23 | 24 | ## 4.0.4 - 2024-03-28 25 | 26 | * Docs 27 | * Acknowledge tools for _yarn_, _esbuild_, _Rspack_/_Rsbuid_, _Svelte_ (via [#359]) 28 | 29 | [#359]: https://github.com/CycloneDX/cyclonedx-node-module/pull/359 30 | 31 | ## 4.0.3 - 2022-12-16 32 | 33 | * Docs 34 | * Fix CI/CT shield ([badges/shields#8671] via [#346]) 35 | 36 | [badges/shields#8671]: https://github.com/badges/shields/issues/8671 37 | [#346]: https://github.com/CycloneDX/cyclonedx-node-module/pull/346 38 | 39 | ## 4.0.2 - 2022-10-21 40 | 41 | * Docs: 42 | * Fixed some typos 43 | 44 | ## 4.0.1 - 2022-10-21 45 | 46 | * Docs: 47 | * Describe the "Out of Scope" section (via [#342]) 48 | * Fixed some typos 49 | 50 | [#342]: https://github.com/CycloneDX/cyclonedx-node-module/pull/342 51 | 52 | ## 4.0.0 - 2022-10-21 53 | 54 | This became a so-called **meta-package**, it does not ship any own functionality, but it is a collection of dependencies. (via [#321]) 55 | 56 | This package's dependencies are tools with one purpose in common: 57 | generate _CycloneDX_ Software Bill-of-Materials (SBOM) from _node_-based projects. 58 | 59 | * for _npm_-based projects: [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-npm) 60 | * for _yarn_-based projects: to be announced 61 | * for _pnpm_-based projects: to be announced 62 | 63 | If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, 64 | then you might want to try [@cyclonedx/cyclonedx-library](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-library). 65 | 66 | [#321]: https://github.com/CycloneDX/cyclonedx-node-module/pull/321 67 | 68 | ## 3.10.6 - 2022-09-05 69 | 70 | * Misc 71 | * Own in-code license text comments should no longer get stripped by downstream tooling. ([#305] via [#326]) 72 | 73 | [#305]: https://github.com/CycloneDX/cyclonedx-node-module/issues/305 74 | [#326]: https://github.com/CycloneDX/cyclonedx-node-module/pull/326 75 | 76 | ## 3.10.4 - 2022-07-08 77 | 78 | * Misc 79 | * CI: fixed SBOM gathering for the bundled application in the docker image. 80 | 81 | ## 3.10.2 - 2022-07-08 82 | 83 | * Misc 84 | * Simplified the docker image. (via [#316]) 85 | 86 | [#316]: https://github.com/CycloneDX/cyclonedx-node-module/pull/316 87 | 88 | ## 3.10.1 - 2022-06-22 89 | 90 | * Fixed 91 | * `Component.compare()` no longer raises an exception when only one of both has a `purl`. ([#308] via [#313]) 92 | 93 | [#308]: https://github.com/CycloneDX/cyclonedx-node-module/issues/308 94 | [#313]: https://github.com/CycloneDX/cyclonedx-node-module/pull/313 95 | 96 | ## 3.10.0 - 2022-06-15 97 | 98 | * Added 99 | * Consider optional element "comment" when serializing `ExternalReference`. (via [#312]) 100 | 101 | [#312]: https://github.com/CycloneDX/cyclonedx-node-module/pull/312 102 | 103 | ## 3.9.0 - 2022-05-06 104 | 105 | * Added 106 | * Dependency graph is built and emitted. ([#61] via [#296]) 107 | 108 | [#61]: https://github.com/CycloneDX/cyclonedx-node-module/issues/61 109 | [#296]: https://github.com/CycloneDX/cyclonedx-node-module/pull/296 110 | 111 | ## 3.8.1 - 2022-05-05 112 | 113 | * Fixed 114 | * Added missing handling of `Dependency` when environment variable `BOM_REPRODUCIBLE` is present. (via [#297]) 115 | * Misc 116 | * Worked packaging from whitelist to blacklist to add files, like `NOTICE`. (via [#289]) 117 | 118 | [#289]: https://github.com/CycloneDX/cyclonedx-node-module/pull/289 119 | [#297]: https://github.com/CycloneDX/cyclonedx-node-module/pull/297 120 | 121 | ## 3.8.0 - 2022-04-24 122 | 123 | * Added 124 | * Environment variable `BOM_REPRODUCIBLE` causes bom result to be more consistent 125 | over multiple runs by omitting time/rand-based values, and sorting lists. (via [#288]) 126 | * Method `Component.compare()` compares self by `purl` or `group`/`name`/`version`. (via [#288]) 127 | * Method `ExternalReference.compare()` compares self by `type`/`url`. (via [#288]) 128 | * Method `Hash.compare()` compares self by `algorithm`/`value`. (via [#288]) 129 | * JSDoc for `ExternalReference`, `ExternalReferenceList`, `Hash`, `HashList`. (via [#288]) 130 | * Fixed 131 | * `ExternalReference.url` is now correctly treated as mandatory. (via [#288]) 132 | * `Hash.value` is now correctly treated as mandatory. (via [#288]) 133 | * `ExternalReferenceList.isEligibleHomepage` now returns the correct result, was inverted. (via [#288]) 134 | * Changed 135 | * Private properties of `ExternalReference`, `ExternalReferenceList`, `Hash`, `HashList` 136 | became inaccessible. ([#233] via [#288]) 137 | * Misc: Dependencies 138 | * Bump `jest-junit` from 13.1.0 to 13.2.0 (via [#287]) 139 | 140 | [#288]: https://github.com/CycloneDX/cyclonedx-node-module/pull/288 141 | [#287]: https://github.com/CycloneDX/cyclonedx-node-module/pull/287 142 | 143 | ## 3.7.0 - 2022-04-13 144 | 145 | * Added 146 | * Added support for `yarn.lock` file. ([#238] via [#282]) 147 | * Misc: Dependencies 148 | * Bump `@xmldom/xmldom` from 0.7.5 to 0.8.2 (via [#279]) 149 | * Bump `packageurl-js` from 0.0.5 to 0.0.6 (via [#276]) 150 | 151 | [#238]: https://github.com/CycloneDX/cyclonedx-node-module/issues/238 152 | [#282]: https://github.com/CycloneDX/cyclonedx-node-module/pull/282 153 | [#279]: https://github.com/CycloneDX/cyclonedx-node-module/pull/279 154 | [#276]: https://github.com/CycloneDX/cyclonedx-node-module/pull/276 155 | 156 | ## 3.6.0 - 2022-03-09 157 | 158 | * Changed 159 | * Updated available set of SPDX license. (via [c837ada][commit:c837ada74553d2e73f111e11dcd9be46efed6a00]) 160 | * Tests 161 | * Reduced code duplication and made integration tests more consistent. (via [#271]) 162 | 163 | [#271]: https://github.com/CycloneDX/cyclonedx-node-module/pull/271 164 | [commit:c837ada74553d2e73f111e11dcd9be46efed6a00]: https://github.com/CycloneDX/cyclonedx-node-module/commit/c837ada74553d2e73f111e11dcd9be46efed6a00 165 | 166 | ## 3.5.0 - 2022-03-03 167 | 168 | * Changed 169 | * If `homepage` property of a package is solely a period(`.`), then omit `website` entry from the `ExternalReferences`. ([#263] via [#264]) 170 | * Documentation 171 | * Examples use the preferred call via `cyclonedx-node`, instead of the fallback `cyclonedx-bom`. (via [#258]) 172 | This is a follow-up of [#193]. 173 | * Tests 174 | * Moved integration tests to a dedicated space and updated documentation for it. (via [#260]) 175 | 176 | [#263]: https://github.com/CycloneDX/cyclonedx-node-module/issues/263 177 | [#264]: https://github.com/CycloneDX/cyclonedx-node-module/pull/264 178 | [#258]: https://github.com/CycloneDX/cyclonedx-node-module/pull/258 179 | [#260]: https://github.com/CycloneDX/cyclonedx-node-module/pull/260 180 | 181 | ## 3.4.1 - 2022-02-11 182 | 183 | * Fixed 184 | * root-packages without a name no longer cause unexpected crashes ([#252] via [#253]) 185 | 186 | [#252]: https://github.com/CycloneDX/cyclonedx-node-module/issues/252 187 | [#253]: https://github.com/CycloneDX/cyclonedx-node-module/pull/253 188 | 189 | ## 3.4.0 - 2022-02-02 190 | 191 | * Changed 192 | * Private/protected properties of Component models are no longer directly accessible. ([#233] via [#247]) 193 | Access via public getter/setter. 194 | * Fixed 195 | * Normalization guarantees `component.version`. ([#248] via [#247]) 196 | * Component's constructor may detect & set `author` based on package info. ([#246] via [#247]) 197 | * Added 198 | * JSDoc for Component model. ([#220] via [#247]) 199 | 200 | [#220]: https://github.com/CycloneDX/cyclonedx-node-module/issues/220 201 | [#233]: https://github.com/CycloneDX/cyclonedx-node-module/issues/233 202 | [#246]: https://github.com/CycloneDX/cyclonedx-node-module/issues/246 203 | [#247]: https://github.com/CycloneDX/cyclonedx-node-module/pull/247 204 | [#248]: https://github.com/CycloneDX/cyclonedx-node-module/issues/248 205 | 206 | ## 3.3.1 - 2021-12-11 207 | 208 | * Fixed 209 | * Brought deprecated file `bin/cyclonedx-bom` back. (via [#224]) 210 | File is now a compatibility-layer that spits a warning. 211 | 212 | [#224]: https://github.com/CycloneDX/cyclonedx-node-module/pull/224 213 | 214 | ## 3.3.0 - 2021-12-10 215 | 216 | * Changed 217 | * Renamed `bin/cyclonedx-bom` to `bin/make-bom.js` (via [#216]) 218 | This is considered a none-breaking change, 219 | as the CLI use of `npx cyclonedx-node`/`npx cyclonedx-bom` 220 | is untouched. 221 | * Errors are no longer thrown as `String`, but inherited `Error`. (via [#217]) 222 | This is considered a none-breaking change, 223 | as `Error.toString()` returns the original error message. 224 | * Fixed 225 | * `ExternalReference.type` setter sets value correctly now. (via [#217]) 226 | Setter caused an Error or set to `undefined` in the past. 227 | * `AttachmentText` sets `encoding` correctly via setter and constructor now. (via [#217]) 228 | Set to `undefined` in the past. 229 | 230 | [#216]: https://github.com/CycloneDX/cyclonedx-node-module/pull/216 231 | [#217]: https://github.com/CycloneDX/cyclonedx-node-module/pull/217 232 | 233 | ## 3.2.0 - 2021-12-07 234 | 235 | * Added 236 | * CLI endpoint `cyclonedx-node` is now available. ([#193] via [#197]) 237 | Already existing `cyclonedx-bom` stayed as is. 238 | * Fixed 239 | * CLI no fails longer silently in case of errors. ([#168] via [#210]) 240 | Instead the exit code is non-zero and a proper error message is displayed. 241 | 242 | [#193]: https://github.com/CycloneDX/cyclonedx-node-module/issues/193 243 | [#197]: https://github.com/CycloneDX/cyclonedx-node-module/pull/197 244 | [#168]: https://github.com/CycloneDX/cyclonedx-node-module/issues/168 245 | [#210]: https://github.com/CycloneDX/cyclonedx-node-module/pull/210 246 | 247 | ## 3.1.3 - 2021-12-05 248 | 249 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.1.2...v3.1.3 250 | 251 | ## 3.1.2 - 2021-12-05 252 | 253 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.1.1...v3.1.2 254 | 255 | ## 3.1.1 - 2021-09-10 256 | 257 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.1.0...v3.1.1 258 | 259 | ## 3.1.0 - 2021-09-07 260 | 261 | * Added 262 | * Added object model support for dependencies. 263 | 264 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.7...v3.1.0 265 | 266 | ## 3.0.7 - 2021-09-02 267 | 268 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.6...v3.0.7 269 | 270 | ## 3.0.6 - 2021-09-02 271 | 272 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.5...v3.0.6 273 | 274 | ## 3.0.5 - 2021-09-02 275 | 276 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.4...v3.0.5 277 | 278 | ## 3.0.4 - 2021-08-27 279 | 280 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.3...v3.0.4 281 | 282 | ## 3.0.3 - 2021-07-11 283 | 284 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.2...v3.0.3 285 | 286 | ## 3.0.2 - 2021-07-02 287 | 288 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.1...v3.0.2 289 | 290 | ## 3.0.1 - 2021-07-01 291 | 292 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v3.0.0...v3.0.1 293 | 294 | ## 3.0.0 - 2021-06-30 295 | 296 | * Breaking changes: 297 | * Requires Node >= 12.0, was Node >= 8.0 before. 298 | * CLI 299 | * Dropped option `-a`/`--append`. 300 | There is no replacement for it. 301 | * Dropped option `-s`/`--schema`. 302 | There is no replacement for it. 303 | * Changes 304 | * CLI output in CycloneDX v1.3 spec now, 305 | was switchable defaulting CycloneDX v1.2 before. 306 | * Dropped support for CycloneDX v1.2 spec. 307 | * Dropped support for CycloneDX v1.1 spec. 308 | * Dropped support for Node version 8. 309 | * Dropped support for Node version 10. 310 | * Added 311 | * Supports CycloneDX v1.3 spec. 312 | 313 | **Full Changelog**: https://github.com/CycloneDX/cyclonedx-node-module/compare/v2.0.2...v3.0.0 314 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /NOTICE: -------------------------------------------------------------------------------- 1 | CycloneDX Node Module 2 | Copyright (c) OWASP Foundation 3 | 4 | This product includes software developed by the 5 | CycloneDX community (https://cyclonedx.org/). 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # CycloneDX BOM 2 | 3 | [![shield_npm-version]][link_npm] 4 | [![shield_gh-workflow-test]][link_gh-workflow-test] 5 | [![shield_license]][license_file] 6 | [![shield_website]][link_website] 7 | [![shield_slack]][link_slack] 8 | [![shield_groups]][link_discussion] 9 | [![shield_twitter-follow]][link_twitter] 10 | 11 | ---- 12 | 13 | This is a so-called **meta-package**, it does not ship any own functionality, but it is a collection of optional dependencies. 14 | This package's dependencies are tools* with one purpose in common: 15 | generate _[CycloneDX][link_website]_ Software-Bill-of-Materials (SBOM) from _node_-based projects. 16 | 17 | | ecosystem | actual tool | 18 | |:---------:|:------------| 19 | | _npm_ | [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-npm) | 20 | | _pnpm_ | To be announced, suggestions welcome.
Candidate: [cyclonedx-node-pnpm](https://github.com/CycloneDX/cyclonedx-node-pnpm) | 21 | | _yarn_ | [@cyclonedx/yarn-plugin-cyclonedx](https://www.npmjs.com/package/%40cyclonedx/yarn-plugin-cyclonedx) | 22 | 23 | *) You should not depend on this very meta-package, instead depend on the actual tool that fits your specific (eco)system. 24 | 25 | ## Out of Scope 26 | 27 | There are systems, that are not node-targeting, but use node as a runtime/compiler environment, or use node package registry as a distribution system. 28 | These systems are out of scope. Therefore, the following tools are not part of this very meta-package. 29 | 30 | | system | actual tool(s) | 31 | |:------:|:---------------| 32 | | _Angular_ | [@cyclonedx/webpack-plugin with _Angular_](https://www.npmjs.com/package/%40cyclonedx/webpack-plugin?activeTab=readme#user-content-use-with-angular) | 33 | | _Bower_ | None. (_Bower_ is [deprecated](https://bower.io/blog/2017/how-to-migrate-away-from-bower/)!) | 34 | | _esbuild_ | To be announced, suggestions welcome.
Candidate: [cyclonedx-esbuild-plugin](https://github.com/CycloneDX/cyclonedx-esbuild-plugin) | 35 | | _Parcel_ | To be announced, suggestions welcome | 36 | | _React_ | [@cyclonedx/webpack-plugin with _React_](https://www.npmjs.com/package/%40cyclonedx/webpack-plugin?activeTab=readme#user-content-use-with-react) | 37 | | _Rollup_ | [rollup-plugin-sbom](https://www.npmjs.com/package/rollup-plugin-sbom?activeTab=readme) | 38 | | _Rspack_/_Rsbuild_ | To be announced, suggestions welcome | 39 | | _Svelte_ | To be announced, suggestions welcome | 40 | | _Vite_ | [rollup-plugin-sbom with _Vite_](https://www.npmjs.com/package/rollup-plugin-sbom?activeTab=readme#usage-with-vite) | 41 | | _webpack_ | [@cyclonedx/webpack-plugin](https://www.npmjs.com/package/%40cyclonedx/webpack-plugin) | 42 | 43 | ## Library 44 | 45 | If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, 46 | then you might want to try [@cyclonedx/cyclonedx-library](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-library). 47 | 48 | ## Contributing 49 | 50 | You want to have a certain node-based tool added? 51 | Feel free to open issues, bugreports or pull requests. 52 | See the [CONTRIBUTING][contributing_file] file for details. 53 | 54 | ## Copyright & License 55 | 56 | CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved. 57 | 58 | Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. 59 | See the [LICENSE][license_file] file for the full license. 60 | 61 | ---- 62 | 63 | ## Previous versions 64 | 65 | This project used to be a tool-set and a library to work and generate [CycloneDX][link_website] Software Bill-of-Materials (SBOM) from _npm_ and _yarn_ based projects. 66 | Since version 4.0, this was all split to individual projects, and this project changed to a bare meta-package. 67 | 68 | Previous versions of this very package are still available 69 | via [npmjs versions](https://www.npmjs.com/package/@cyclonedx/bom?activeTab=versions) 70 | and [github releases](https://github.com/CycloneDX/cyclonedx-node-module/releases) 71 | 72 | [license_file]: https://github.com/CycloneDX/cyclonedx-node-module/blob/master/LICENSE 73 | [contributing_file]: https://github.com/CycloneDX/cyclonedx-node-module/blob/master/CONTRIBUTING.md 74 | 75 | [shield_gh-workflow-test]: https://img.shields.io/github/actions/workflow/status/CycloneDX/cyclonedx-node-module/nodejs.yml?branch=master&logo=GitHub&logoColor=white "build" 76 | [shield_npm-version]: https://img.shields.io/npm/v/%40cyclonedx%2fbom/latest?label=npm&logo=npm&logoColor=white "npm" 77 | [shield_docker-version]: https://img.shields.io/docker/v/cyclonedx/cyclonedx-node?logo=docker&logoColor=white&label=docker "docker" 78 | [shield_license]: https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg?logo=open%20source%20initiative&logoColor=white "license" 79 | [shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage" 80 | [shield_slack]: https://img.shields.io/badge/slack-join-blue?logo=Slack&logoColor=white "slack join" 81 | [shield_groups]: https://img.shields.io/badge/discussion-groups.io-blue.svg "groups discussion" 82 | [shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter&logoColor=white "twitter follow" 83 | [link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-node-module/actions/workflows/nodejs.yml?query=branch%3Amaster 84 | [link_npm]: https://www.npmjs.com/package/%40cyclonedx/bom 85 | [link_docker]: https://hub.docker.com/r/cyclonedx/cyclonedx-node 86 | [link_website]: https://cyclonedx.org/ 87 | [link_slack]: https://cyclonedx.org/slack/invite 88 | [link_discussion]: https://groups.io/g/CycloneDX 89 | [link_twitter]: https://twitter.com/CycloneDX_Spec 90 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "@cyclonedx/bom", 3 | "version": "4.1.2-alpha.0", 4 | "description": "Meta-package for known CycloneDX Software Bill of Materials (SBOM) generators", 5 | "license": "Apache-2.0", 6 | "homepage": "https://github.com/CycloneDX/cyclonedx-node-module#readme", 7 | "repository": { 8 | "type": "git", 9 | "url": "git+https://github.com/CycloneDX/cyclonedx-node-module.git" 10 | }, 11 | "bugs": { 12 | "url": "https://github.com/CycloneDX/cyclonedx-node-module/issues" 13 | }, 14 | "copyright": "Copyright OWASP Foundation", 15 | "optionalDependencies": { 16 | "@cyclonedx/cyclonedx-npm": "*", 17 | "@cyclonedx/yarn-plugin-cyclonedx": "*" 18 | } 19 | } 20 | --------------------------------------------------------------------------------