├── .eslintignore ├── .eslintrc.json ├── .gitattributes ├── .github ├── dependabot.yml └── workflows │ ├── check-dist.yml │ ├── codeql-analysis.yml │ └── test.yml ├── .gitignore ├── .prettierignore ├── .prettierrc.json ├── CODEOWNERS ├── LICENSE ├── README.md ├── __tests__ ├── data │ ├── README.md │ ├── base_ubuntu_syft_packages.json │ ├── dropwizard-1.3.15-sbom.json │ ├── keycloak-10.0.2-sbom.json │ └── valid-bom-1.4.json └── main.test.ts ├── action.yml ├── dist ├── index.js ├── index.js.map ├── licenses.txt └── sourcemap-register.js ├── jest.config.js ├── lib └── main.js ├── package-lock.json ├── package.json ├── src └── main.ts └── tsconfig.json /.eslintignore: -------------------------------------------------------------------------------- 1 | dist/ 2 | lib/ 3 | node_modules/ 4 | jest.config.js 5 | -------------------------------------------------------------------------------- /.eslintrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "plugins": ["jest", "@typescript-eslint"], 3 | "extends": ["plugin:github/recommended"], 4 | "parser": "@typescript-eslint/parser", 5 | "parserOptions": { 6 | "ecmaVersion": 9, 7 | "sourceType": "module", 8 | "project": "./tsconfig.json" 9 | }, 10 | "rules": { 11 | "i18n-text/no-en": "off", 12 | "eslint-comments/no-use": "off", 13 | "import/no-namespace": "off", 14 | "no-unused-vars": "off", 15 | "@typescript-eslint/no-unused-vars": "error", 16 | "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}], 17 | "@typescript-eslint/no-require-imports": "error", 18 | "@typescript-eslint/array-type": "error", 19 | "@typescript-eslint/await-thenable": "error", 20 | "@typescript-eslint/ban-ts-comment": "error", 21 | "camelcase": "off", 22 | "@typescript-eslint/consistent-type-assertions": "error", 23 | "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}], 24 | "@typescript-eslint/func-call-spacing": ["error", "never"], 25 | "@typescript-eslint/no-array-constructor": "error", 26 | "@typescript-eslint/no-empty-interface": "error", 27 | "@typescript-eslint/no-explicit-any": "error", 28 | "@typescript-eslint/no-extraneous-class": "error", 29 | "@typescript-eslint/no-for-in-array": "error", 30 | "@typescript-eslint/no-inferrable-types": "error", 31 | "@typescript-eslint/no-misused-new": "error", 32 | "@typescript-eslint/no-namespace": "error", 33 | "@typescript-eslint/no-non-null-assertion": "warn", 34 | "@typescript-eslint/no-unnecessary-qualifier": "error", 35 | "@typescript-eslint/no-unnecessary-type-assertion": "error", 36 | "@typescript-eslint/no-useless-constructor": "error", 37 | "@typescript-eslint/no-var-requires": "error", 38 | "@typescript-eslint/prefer-for-of": "warn", 39 | "@typescript-eslint/prefer-function-type": "warn", 40 | "@typescript-eslint/prefer-includes": "error", 41 | "@typescript-eslint/prefer-string-starts-ends-with": "error", 42 | "@typescript-eslint/promise-function-async": "error", 43 | "@typescript-eslint/require-array-sort-compare": "error", 44 | "@typescript-eslint/restrict-plus-operands": "error", 45 | "semi": "off", 46 | "@typescript-eslint/semi": ["error", "never"], 47 | "@typescript-eslint/type-annotation-spacing": "error", 48 | "@typescript-eslint/unbound-method": "error" 49 | }, 50 | "env": { 51 | "node": true, 52 | "es6": true, 53 | "jest/globals": true 54 | } 55 | } -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | dist/** -diff linguist-generated=true -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: github-actions 4 | directory: / 5 | schedule: 6 | interval: daily 7 | 8 | - package-ecosystem: npm 9 | directory: / 10 | schedule: 11 | interval: daily 12 | -------------------------------------------------------------------------------- /.github/workflows/check-dist.yml: -------------------------------------------------------------------------------- 1 | # `dist/index.js` is a special file in Actions. 2 | # When you reference an action with `uses:` in a workflow, 3 | # `index.js` is the code that will run. 4 | # For our project, we generate this file through a build process from other source files. 5 | # We need to make sure the checked-in `index.js` actually matches what we expect it to be. 6 | name: Check dist/ 7 | 8 | on: 9 | push: 10 | branches: 11 | - main 12 | paths-ignore: 13 | - '**.md' 14 | pull_request: 15 | paths-ignore: 16 | - '**.md' 17 | workflow_dispatch: 18 | 19 | jobs: 20 | check-dist: 21 | runs-on: ubuntu-latest 22 | 23 | steps: 24 | - uses: actions/checkout@v3 25 | 26 | - name: Set Node.js 16.x 27 | uses: actions/setup-node@v3.6.0 28 | with: 29 | node-version: 16.x 30 | 31 | - name: Install dependencies 32 | run: npm ci 33 | 34 | - name: Rebuild the dist/ directory 35 | run: | 36 | npm run build 37 | npm run package 38 | 39 | - name: Compare the expected and actual dist/ directories 40 | run: | 41 | if [ "$(git diff --ignore-space-at-eol dist/ | wc -l)" -gt "0" ]; then 42 | echo "Detected uncommitted changes after build. See status below:" 43 | git diff 44 | exit 1 45 | fi 46 | id: diff 47 | 48 | # If index.js was different than expected, upload the expected version as an artifact 49 | - uses: actions/upload-artifact@v3 50 | if: ${{ failure() && steps.diff.conclusion == 'failure' }} 51 | with: 52 | name: dist 53 | path: dist/ 54 | -------------------------------------------------------------------------------- /.github/workflows/codeql-analysis.yml: -------------------------------------------------------------------------------- 1 | # For most projects, this workflow file will not need changing; you simply need 2 | # to commit it to your repository. 3 | # 4 | # You may wish to alter this file to override the set of languages analyzed, 5 | # or to provide custom queries or build logic. 6 | # 7 | # ******** NOTE ******** 8 | # We have attempted to detect the languages in your repository. Please check 9 | # the `language` matrix defined below to confirm you have the correct set of 10 | # supported CodeQL languages. 11 | # 12 | name: "CodeQL" 13 | 14 | on: 15 | push: 16 | branches: [ main ] 17 | pull_request: 18 | # The branches below must be a subset of the branches above 19 | branches: [ main ] 20 | schedule: 21 | - cron: '31 7 * * 3' 22 | 23 | jobs: 24 | analyze: 25 | name: Analyze 26 | runs-on: ubuntu-latest 27 | permissions: 28 | actions: read 29 | contents: read 30 | security-events: write 31 | 32 | strategy: 33 | fail-fast: false 34 | matrix: 35 | language: [ 'TypeScript' ] 36 | # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] 37 | # Learn more about CodeQL language support at https://git.io/codeql-language-support 38 | 39 | steps: 40 | - name: Checkout repository 41 | uses: actions/checkout@v3 42 | 43 | # Initializes the CodeQL tools for scanning. 44 | - name: Initialize CodeQL 45 | uses: github/codeql-action/init@v2 46 | with: 47 | languages: ${{ matrix.language }} 48 | source-root: src 49 | # If you wish to specify custom queries, you can do so here or in a config file. 50 | # By default, queries listed here will override any specified in a config file. 51 | # Prefix the list here with "+" to use these queries and those in the config file. 52 | # queries: ./path/to/local/query, your-org/your-repo/queries@main 53 | 54 | # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). 55 | # If this step fails, then you should remove it and run the build manually (see below) 56 | - name: Autobuild 57 | uses: github/codeql-action/autobuild@v2 58 | 59 | # ℹ️ Command-line programs to run using the OS shell. 60 | # 📚 https://git.io/JvXDl 61 | 62 | # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines 63 | # and modify them (or add more) to build your code if your project 64 | # uses a compiled language 65 | 66 | #- run: | 67 | # make bootstrap 68 | # make release 69 | 70 | - name: Perform CodeQL Analysis 71 | uses: github/codeql-action/analyze@v2 72 | -------------------------------------------------------------------------------- /.github/workflows/test.yml: -------------------------------------------------------------------------------- 1 | name: "build-test" 2 | on: # rebuild any PRs and main branch changes 3 | pull_request: 4 | push: 5 | branches: 6 | - main 7 | - "releases/*" 8 | env: 9 | NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 10 | jobs: 11 | build: # make sure build/ci work properly 12 | runs-on: ubuntu-latest 13 | steps: 14 | - uses: actions/checkout@v3 15 | - run: | 16 | npm install 17 | - run: | 18 | npm run all 19 | test: # make sure the action works on a clean machine without building 20 | permissions: 21 | contents: write 22 | strategy: 23 | matrix: 24 | test-file: 25 | [ 26 | "__tests__/data/base_ubuntu_syft_packages.json", 27 | ] 28 | runs-on: ubuntu-latest 29 | steps: 30 | - uses: actions/checkout@v3 31 | - uses: ./ 32 | with: 33 | sbom-files: ${{ matrix.test-file}} 34 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | lerna-debug.log* 8 | 9 | # Diagnostic reports (https://nodejs.org/api/report.html) 10 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 11 | 12 | # Runtime data 13 | pids 14 | *.pid 15 | *.seed 16 | *.pid.lock 17 | 18 | # Directory for instrumented libs generated by jscoverage/JSCover 19 | lib-cov 20 | 21 | # Coverage directory used by tools like istanbul 22 | coverage 23 | *.lcov 24 | 25 | # nyc test coverage 26 | .nyc_output 27 | 28 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 29 | .grunt 30 | 31 | # Bower dependency directory (https://bower.io/) 32 | bower_components 33 | 34 | # node-waf configuration 35 | .lock-wscript 36 | 37 | # Compiled binary addons (https://nodejs.org/api/addons.html) 38 | build/Release 39 | 40 | # Dependency directories 41 | node_modules/ 42 | jspm_packages/ 43 | 44 | # TypeScript v1 declaration files 45 | typings/ 46 | 47 | # TypeScript cache 48 | *.tsbuildinfo 49 | 50 | # Optional npm cache directory 51 | .npm 52 | 53 | # Optional eslint cache 54 | .eslintcache 55 | 56 | # Microbundle cache 57 | .rpt2_cache/ 58 | .rts2_cache_cjs/ 59 | .rts2_cache_es/ 60 | .rts2_cache_umd/ 61 | 62 | # Optional REPL history 63 | .node_repl_history 64 | 65 | # Output of 'npm pack' 66 | *.tgz 67 | 68 | # Yarn Integrity file 69 | .yarn-integrity 70 | 71 | # dotenv environment variables file 72 | .env 73 | .env.test 74 | 75 | # parcel-bundler cache (https://parceljs.org/) 76 | .cache 77 | 78 | # Next.js build output 79 | .next 80 | 81 | # Nuxt.js build / generate output 82 | .nuxt 83 | 84 | # Gatsby files 85 | .cache/ 86 | # Comment in the public line in if your project uses Gatsby and *not* Next.js 87 | # https://nextjs.org/blog/next-9-1#public-directory-support 88 | # public 89 | 90 | # vuepress build output 91 | .vuepress/dist 92 | 93 | # Serverless directories 94 | .serverless/ 95 | 96 | # FuseBox cache 97 | .fusebox/ 98 | 99 | # DynamoDB Local files 100 | .dynamodb/ 101 | 102 | # TernJS port file 103 | .tern-port 104 | 105 | .idea 106 | -------------------------------------------------------------------------------- /.prettierignore: -------------------------------------------------------------------------------- 1 | dist/ 2 | lib/ 3 | node_modules/ -------------------------------------------------------------------------------- /.prettierrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "printWidth": 80, 3 | "tabWidth": 2, 4 | "useTabs": false, 5 | "semi": false, 6 | "singleQuote": true, 7 | "trailingComma": "none", 8 | "bracketSpacing": false, 9 | "arrowParens": "avoid" 10 | } -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @evryfs/cloud-native 2 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # sbom-dependency-submission-action 2 | Submit [SBOMs](https://cyclonedx.org/) to [GitHub's dependency submission API](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/using-the-dependency-submission-api) using their [SDK](https://github.com/github/dependency-submission-toolkit). 3 | 4 | See [example](https://github.com/evryfs/sbom-dependency-submission-action/blob/main/.github/workflows/test.yml) for how to use it in a workflow 5 | -------------------------------------------------------------------------------- /__tests__/data/README.md: -------------------------------------------------------------------------------- 1 | Testresources copied from https://github.com/CycloneDX/cyclonedx-core-java/blob/master/src/test/resources/ and https://github.com/CycloneDX/bom-examples/tree/master/SBOM 2 | -------------------------------------------------------------------------------- /__tests__/data/valid-bom-1.4.json: -------------------------------------------------------------------------------- 1 | { 2 | "bomFormat": "CycloneDX", 3 | "specVersion": "1.4", 4 | "serialNumber": "urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79", 5 | "version": 1, 6 | "metadata": { 7 | "timestamp": "2020-04-13T20:20:39+00:00", 8 | "tools": [ 9 | { 10 | "vendor": "Awesome Vendor", 11 | "name": "Awesome Tool", 12 | "version": "9.1.2", 13 | "externalReferences" : [ 14 | { "url" : "https://awesome.com", "type" : "example" } 15 | ], 16 | "hashes": [ 17 | { 18 | "alg": "SHA-1", 19 | "content": "25ed8e31b995bb927966616df2a42b979a2717f0" 20 | }, 21 | { 22 | "alg": "SHA-256", 23 | "content": "a74f733635a19aefb1f73e5947cef59cd7440c6952ef0f03d09d974274cbd6df" 24 | } 25 | ] 26 | } 27 | ], 28 | "authors": [ 29 | { 30 | "name": "Samantha Wright", 31 | "email": "samantha.wright@example.com", 32 | "phone": "800-555-1212" 33 | } 34 | ], 35 | "component": { 36 | "type": "application", 37 | "author": "Acme Super Heros", 38 | "name": "Acme Application", 39 | "version": "9.1.1", 40 | "swid": { 41 | "tagId": "swidgen-242eb18a-503e-ca37-393b-cf156ef09691_9.1.1", 42 | "name": "Acme Application", 43 | "version": "9.1.1", 44 | "text": { 45 | "contentType": "text/xml", 46 | "encoding": "base64", 47 | "content": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiID8+CjxTb2Z0d2FyZUlkZW50aXR5IHhtbDpsYW5nPSJFTiIgbmFtZT0iQWNtZSBBcHBsaWNhdGlvbiIgdmVyc2lvbj0iOS4xLjEiIAogdmVyc2lvblNjaGVtZT0ibXVsdGlwYXJ0bnVtZXJpYyIgCiB0YWdJZD0ic3dpZGdlbi1iNTk1MWFjOS00MmMwLWYzODItM2YxZS1iYzdhMmE0NDk3Y2JfOS4xLjEiIAogeG1sbnM9Imh0dHA6Ly9zdGFuZGFyZHMuaXNvLm9yZy9pc28vMTk3NzAvLTIvMjAxNS9zY2hlbWEueHNkIj4gCiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiAKIHhzaTpzY2hlbWFMb2NhdGlvbj0iaHR0cDovL3N0YW5kYXJkcy5pc28ub3JnL2lzby8xOTc3MC8tMi8yMDE1LWN1cnJlbnQvc2NoZW1hLnhzZCBzY2hlbWEueHNkIiA+CiAgPE1ldGEgZ2VuZXJhdG9yPSJTV0lEIFRhZyBPbmxpbmUgR2VuZXJhdG9yIHYwLjEiIC8+IAogIDxFbnRpdHkgbmFtZT0iQWNtZSwgSW5jLiIgcmVnaWQ9ImV4YW1wbGUuY29tIiByb2xlPSJ0YWdDcmVhdG9yIiAvPiAKPC9Tb2Z0d2FyZUlkZW50aXR5Pg==" 48 | } 49 | } 50 | }, 51 | "manufacture": { 52 | "name": "Acme, Inc.", 53 | "url": [ 54 | "https://example.com" 55 | ], 56 | "contact": [ 57 | { 58 | "name": "Acme Professional Services", 59 | "email": "professional.services@example.com" 60 | } 61 | ] 62 | }, 63 | "supplier": { 64 | "name": "Acme, Inc.", 65 | "url": [ 66 | "https://example.com" 67 | ], 68 | "contact": [ 69 | { 70 | "name": "Acme Distribution", 71 | "email": "distribution@example.com" 72 | } 73 | ] 74 | } 75 | }, 76 | "components": [ 77 | { 78 | "bom-ref": "pkg:npm/acme/component@1.0.0", 79 | "type": "library", 80 | "publisher": "Acme Inc", 81 | "group": "com.acme", 82 | "name": "tomcat-catalina", 83 | "version": "9.0.14", 84 | "hashes": [ 85 | { 86 | "alg": "MD5", 87 | "content": "3942447fac867ae5cdb3229b658f4d48" 88 | }, 89 | { 90 | "alg": "SHA-1", 91 | "content": "e6b1000b94e835ffd37f4c6dcbdad43f4b48a02a" 92 | }, 93 | { 94 | "alg": "SHA-256", 95 | "content": "f498a8ff2dd007e29c2074f5e4b01a9a01775c3ff3aeaf6906ea503bc5791b7b" 96 | }, 97 | { 98 | "alg": "SHA-512", 99 | "content": "e8f33e424f3f4ed6db76a482fde1a5298970e442c531729119e37991884bdffab4f9426b7ee11fccd074eeda0634d71697d6f88a460dce0ac8d627a29f7d1282" 100 | } 101 | ], 102 | "licenses": [ 103 | { 104 | "license": { 105 | "id": "Apache-2.0", 106 | "text": { 107 | "contentType": "text/plain", 108 | "encoding": "base64", 109 | "content": "License text here" 110 | }, 111 | "url": "https://www.apache.org/licenses/LICENSE-2.0.txt" 112 | } 113 | } 114 | ], 115 | "purl": "pkg:npm/acme/component@1.0.0", 116 | "pedigree": { 117 | "ancestors": [ 118 | { 119 | "type": "library", 120 | "publisher": "Acme Inc", 121 | "group": "com.acme", 122 | "name": "tomcat-catalina", 123 | "version": "9.0.14" 124 | }, 125 | { 126 | "type": "library", 127 | "publisher": "Acme Inc", 128 | "group": "com.acme", 129 | "name": "tomcat-catalina", 130 | "version": "9.0.14" 131 | } 132 | ], 133 | "commits": [ 134 | { 135 | "uid": "123", 136 | "url": "", 137 | "author": { 138 | "timestamp": "2018-11-13T20:20:39+00:00", 139 | "name": "", 140 | "email": "" 141 | } 142 | } 143 | ] 144 | } 145 | }, 146 | { 147 | "bom-ref": "pkg:npm/acme/mylibrary@1.0.0", 148 | "type": "library", 149 | "supplier": { 150 | "name": "Example, Inc.", 151 | "url": [ 152 | "https://example.com", 153 | "https://example.net" 154 | ], 155 | "contact": [ 156 | { 157 | "name": "Example Support AMER Distribution", 158 | "email": "support@example.com", 159 | "phone": "800-555-1212" 160 | }, 161 | { 162 | "name": "Example Support APAC", 163 | "email": "support@apac.example.com" 164 | } 165 | ] 166 | }, 167 | "author": "Example Super Heros", 168 | "group": "org.example", 169 | "name": "mylibrary", 170 | "version": "1.0.0" 171 | } 172 | ], 173 | "dependencies": [ 174 | { 175 | "ref": "pkg:npm/acme/component@1.0.0", 176 | "dependsOn": [ 177 | "pkg:npm/acme/mylibrary@1.0.0" 178 | ] 179 | } 180 | ] 181 | } 182 | -------------------------------------------------------------------------------- /__tests__/main.test.ts: -------------------------------------------------------------------------------- 1 | import {RunOptions, RunTarget} from 'github-action-ts-run-api' 2 | import {Component} from '@cyclonedx/cyclonedx-library/src/models' 3 | import {expect, test, afterEach, jest} from '@jest/globals' 4 | import {map, parseSbomFile, run, SBom} from '../src/main' 5 | import {Manifest, Snapshot} from '@github/dependency-submission-toolkit' 6 | 7 | describe('Parse', () => { 8 | afterEach(() => { 9 | jest.resetModules() 10 | }) 11 | 12 | test('testParsing', () => { 13 | let bom: SBom = parseSbomFile('__tests__/data/valid-bom-1.4.json') 14 | expect(bom).not.toBeNull() 15 | expect(bom.metadata?.authors).not.toBeNull() 16 | 17 | bom = parseSbomFile('__tests__/data/dropwizard-1.3.15-sbom.json') 18 | expect(bom).not.toBeNull() 19 | expect(bom.metadata?.authors).not.toBeNull() 20 | const typedComponents: Component[] = 21 | bom.components as unknown as Component[] 22 | expect(typedComponents.length).toBe(167) 23 | }) 24 | }) 25 | 26 | describe('Map to GH dep submission', () => { 27 | afterEach(() => { 28 | jest.resetModules() 29 | }) 30 | 31 | test('should map external references to detector', () => { 32 | const bomFile = '__tests__/data/valid-bom-1.4.json' 33 | const bom: SBom = parseSbomFile(bomFile) 34 | const snapshot: Snapshot = map(bom, bomFile) 35 | 36 | expect(snapshot.detector.name).toBe('Awesome Tool') 37 | expect(snapshot.detector.version).toBe('9.1.2') 38 | expect(snapshot.detector.url).toBe('https://awesome.com') 39 | }) 40 | 41 | test('testCycloneDXMavenDropwizardExample', () => { 42 | const bomfile: string = '__tests__/data/dropwizard-1.3.15-sbom.json' 43 | const bom: SBom = parseSbomFile(bomfile) 44 | const snapshot: Snapshot = map(bom, bomfile) 45 | expect(snapshot).not.toBeNull() 46 | 47 | expect(Object.keys(snapshot.manifests).length).toBe(1) 48 | 49 | const manifest: Manifest = 50 | snapshot.manifests[Object.keys(snapshot.manifests)[0]] 51 | expect(manifest.directDependencies().length).toBe(167) 52 | expect(manifest.indirectDependencies().length).toBe(0) // dropwizard example has all deps listed as direct 53 | }) 54 | 55 | test('testCycloneDXMavenKeycloakExample', () => { 56 | const bomfile: string = '__tests__/data/keycloak-10.0.2-sbom.json' 57 | const bom: SBom = parseSbomFile(bomfile) 58 | const snapshot: Snapshot = map(bom, bomfile) 59 | expect(snapshot).not.toBeNull() 60 | 61 | expect(Object.keys(snapshot.manifests).length).toBe(1) 62 | 63 | const manifest: Manifest = 64 | snapshot.manifests[Object.keys(snapshot.manifests)[0]] 65 | expect(manifest.directDependencies().length).toBe(903) 66 | expect(manifest.indirectDependencies().length).toBe(0) // dropwizard example has all deps listed as direct 67 | }) 68 | 69 | test('testBaseUbuntuSyftExample', () => { 70 | const bomfile: string = '__tests__/data/base_ubuntu_syft_packages.json' 71 | const bom: SBom = parseSbomFile(bomfile) 72 | const snapshot: Snapshot = map(bom, bomfile) 73 | expect(snapshot).not.toBeNull() 74 | 75 | expect(Object.keys(snapshot.manifests).length).toBe(1) 76 | 77 | const manifest: Manifest = 78 | snapshot.manifests[Object.keys(snapshot.manifests)[0]] 79 | expect(manifest.directDependencies().length).toBe(118) 80 | expect(manifest.indirectDependencies().length).toBe(0) 81 | }) 82 | }) 83 | 84 | describe('GitHub action', () => { 85 | test('no inputs', async () => { 86 | const target = RunTarget.asyncFn(run) 87 | const options = RunOptions.create() 88 | .setInputs({ 89 | token: 'noToken' 90 | }) 91 | .setShouldFakeMinimalGithubRunnerEnv(true) 92 | .setGithubContext({ 93 | payload: {pull_request: {number: 123}}, 94 | repository: 'org/repo', 95 | job: 'performance-test', 96 | sha: 'someSha', 97 | ref: 'main' 98 | }) 99 | const result = await target.run(options) 100 | expect(result.isSuccess).toBe(true) // no inputs should succeed (writes a warning) 101 | }) 102 | 103 | test('invalid credentials', async () => { 104 | const target = RunTarget.asyncFn(run) 105 | const options = RunOptions.create() 106 | .setInputs({ 107 | 'sbom-files': '__tests__/data/dropwizard-1.3.15-sbom.json', 108 | token: 'noToken' 109 | }) 110 | .setShouldFakeMinimalGithubRunnerEnv(true) 111 | .setGithubContext({ 112 | payload: {pull_request: {number: 123}}, 113 | repository: 'org/repo', 114 | job: 'performance-test', 115 | sha: 'someSha', 116 | ref: 'main' 117 | }) 118 | 119 | const result = await target.run(options) 120 | expect(result.isSuccess).toBe(false) // should fail with bad credentials 121 | }) 122 | }) 123 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: 'SBOM submission action' 2 | description: 'Import SBOMs into GitHub dependency submission API' 3 | author: 'evryfs' 4 | branding: 5 | icon: alert-circle 6 | color: orange 7 | inputs: 8 | sbom-files: 9 | required: true 10 | description: 'Path to SBOM files, separated by whitespace' 11 | token: 12 | required: false 13 | description: 'The github token used to interact with github dependency submission API' 14 | default: ${{ github.token }} 15 | runs: 16 | using: 'node16' 17 | main: 'dist/index.js' 18 | -------------------------------------------------------------------------------- /dist/licenses.txt: -------------------------------------------------------------------------------- 1 | @actions/core 2 | MIT 3 | The MIT License (MIT) 4 | 5 | Copyright 2019 GitHub 6 | 7 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 8 | 9 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 10 | 11 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 12 | 13 | @actions/github 14 | MIT 15 | The MIT License (MIT) 16 | 17 | Copyright 2019 GitHub 18 | 19 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 20 | 21 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 22 | 23 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 24 | 25 | @actions/http-client 26 | MIT 27 | Actions Http Client for Node.js 28 | 29 | Copyright (c) GitHub, Inc. 30 | 31 | All rights reserved. 32 | 33 | MIT License 34 | 35 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and 36 | associated documentation files (the "Software"), to deal in the Software without restriction, 37 | including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, 38 | and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, 39 | subject to the following conditions: 40 | 41 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 42 | 43 | THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT 44 | LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN 45 | NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, 46 | WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 47 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 48 | 49 | 50 | @cyclonedx/cyclonedx-library 51 | Apache-2.0 52 | Apache License 53 | Version 2.0, January 2004 54 | http://www.apache.org/licenses/ 55 | 56 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 57 | 58 | 1. Definitions. 59 | 60 | "License" shall mean the terms and conditions for use, reproduction, 61 | and distribution as defined by Sections 1 through 9 of this document. 62 | 63 | "Licensor" shall mean the copyright owner or entity authorized by 64 | the copyright owner that is granting the License. 65 | 66 | "Legal Entity" shall mean the union of the acting entity and all 67 | other entities that control, are controlled by, or are under common 68 | control with that entity. For the purposes of this definition, 69 | "control" means (i) the power, direct or indirect, to cause the 70 | direction or management of such entity, whether by contract or 71 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 72 | outstanding shares, or (iii) beneficial ownership of such entity. 73 | 74 | "You" (or "Your") shall mean an individual or Legal Entity 75 | exercising permissions granted by this License. 76 | 77 | "Source" form shall mean the preferred form for making modifications, 78 | including but not limited to software source code, documentation 79 | source, and configuration files. 80 | 81 | "Object" form shall mean any form resulting from mechanical 82 | transformation or translation of a Source form, including but 83 | not limited to compiled object code, generated documentation, 84 | and conversions to other media types. 85 | 86 | "Work" shall mean the work of authorship, whether in Source or 87 | Object form, made available under the License, as indicated by a 88 | copyright notice that is included in or attached to the work 89 | (an example is provided in the Appendix below). 90 | 91 | "Derivative Works" shall mean any work, whether in Source or Object 92 | form, that is based on (or derived from) the Work and for which the 93 | editorial revisions, annotations, elaborations, or other modifications 94 | represent, as a whole, an original work of authorship. For the purposes 95 | of this License, Derivative Works shall not include works that remain 96 | separable from, or merely link (or bind by name) to the interfaces of, 97 | the Work and Derivative Works thereof. 98 | 99 | "Contribution" shall mean any work of authorship, including 100 | the original version of the Work and any modifications or additions 101 | to that Work or Derivative Works thereof, that is intentionally 102 | submitted to Licensor for inclusion in the Work by the copyright owner 103 | or by an individual or Legal Entity authorized to submit on behalf of 104 | the copyright owner. For the purposes of this definition, "submitted" 105 | means any form of electronic, verbal, or written communication sent 106 | to the Licensor or its representatives, including but not limited to 107 | communication on electronic mailing lists, source code control systems, 108 | and issue tracking systems that are managed by, or on behalf of, the 109 | Licensor for the purpose of discussing and improving the Work, but 110 | excluding communication that is conspicuously marked or otherwise 111 | designated in writing by the copyright owner as "Not a Contribution." 112 | 113 | "Contributor" shall mean Licensor and any individual or Legal Entity 114 | on behalf of whom a Contribution has been received by Licensor and 115 | subsequently incorporated within the Work. 116 | 117 | 2. Grant of Copyright License. Subject to the terms and conditions of 118 | this License, each Contributor hereby grants to You a perpetual, 119 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 120 | copyright license to reproduce, prepare Derivative Works of, 121 | publicly display, publicly perform, sublicense, and distribute the 122 | Work and such Derivative Works in Source or Object form. 123 | 124 | 3. Grant of Patent License. Subject to the terms and conditions of 125 | this License, each Contributor hereby grants to You a perpetual, 126 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 127 | (except as stated in this section) patent license to make, have made, 128 | use, offer to sell, sell, import, and otherwise transfer the Work, 129 | where such license applies only to those patent claims licensable 130 | by such Contributor that are necessarily infringed by their 131 | Contribution(s) alone or by combination of their Contribution(s) 132 | with the Work to which such Contribution(s) was submitted. If You 133 | institute patent litigation against any entity (including a 134 | cross-claim or counterclaim in a lawsuit) alleging that the Work 135 | or a Contribution incorporated within the Work constitutes direct 136 | or contributory patent infringement, then any patent licenses 137 | granted to You under this License for that Work shall terminate 138 | as of the date such litigation is filed. 139 | 140 | 4. Redistribution. You may reproduce and distribute copies of the 141 | Work or Derivative Works thereof in any medium, with or without 142 | modifications, and in Source or Object form, provided that You 143 | meet the following conditions: 144 | 145 | (a) You must give any other recipients of the Work or 146 | Derivative Works a copy of this License; and 147 | 148 | (b) You must cause any modified files to carry prominent notices 149 | stating that You changed the files; and 150 | 151 | (c) You must retain, in the Source form of any Derivative Works 152 | that You distribute, all copyright, patent, trademark, and 153 | attribution notices from the Source form of the Work, 154 | excluding those notices that do not pertain to any part of 155 | the Derivative Works; and 156 | 157 | (d) If the Work includes a "NOTICE" text file as part of its 158 | distribution, then any Derivative Works that You distribute must 159 | include a readable copy of the attribution notices contained 160 | within such NOTICE file, excluding those notices that do not 161 | pertain to any part of the Derivative Works, in at least one 162 | of the following places: within a NOTICE text file distributed 163 | as part of the Derivative Works; within the Source form or 164 | documentation, if provided along with the Derivative Works; or, 165 | within a display generated by the Derivative Works, if and 166 | wherever such third-party notices normally appear. The contents 167 | of the NOTICE file are for informational purposes only and 168 | do not modify the License. You may add Your own attribution 169 | notices within Derivative Works that You distribute, alongside 170 | or as an addendum to the NOTICE text from the Work, provided 171 | that such additional attribution notices cannot be construed 172 | as modifying the License. 173 | 174 | You may add Your own copyright statement to Your modifications and 175 | may provide additional or different license terms and conditions 176 | for use, reproduction, or distribution of Your modifications, or 177 | for any such Derivative Works as a whole, provided Your use, 178 | reproduction, and distribution of the Work otherwise complies with 179 | the conditions stated in this License. 180 | 181 | 5. Submission of Contributions. Unless You explicitly state otherwise, 182 | any Contribution intentionally submitted for inclusion in the Work 183 | by You to the Licensor shall be under the terms and conditions of 184 | this License, without any additional terms or conditions. 185 | Notwithstanding the above, nothing herein shall supersede or modify 186 | the terms of any separate license agreement you may have executed 187 | with Licensor regarding such Contributions. 188 | 189 | 6. Trademarks. This License does not grant permission to use the trade 190 | names, trademarks, service marks, or product names of the Licensor, 191 | except as required for reasonable and customary use in describing the 192 | origin of the Work and reproducing the content of the NOTICE file. 193 | 194 | 7. Disclaimer of Warranty. Unless required by applicable law or 195 | agreed to in writing, Licensor provides the Work (and each 196 | Contributor provides its Contributions) on an "AS IS" BASIS, 197 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 198 | implied, including, without limitation, any warranties or conditions 199 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 200 | PARTICULAR PURPOSE. You are solely responsible for determining the 201 | appropriateness of using or redistributing the Work and assume any 202 | risks associated with Your exercise of permissions under this License. 203 | 204 | 8. Limitation of Liability. In no event and under no legal theory, 205 | whether in tort (including negligence), contract, or otherwise, 206 | unless required by applicable law (such as deliberate and grossly 207 | negligent acts) or agreed to in writing, shall any Contributor be 208 | liable to You for damages, including any direct, indirect, special, 209 | incidental, or consequential damages of any character arising as a 210 | result of this License or out of the use or inability to use the 211 | Work (including but not limited to damages for loss of goodwill, 212 | work stoppage, computer failure or malfunction, or any and all 213 | other commercial damages or losses), even if such Contributor 214 | has been advised of the possibility of such damages. 215 | 216 | 9. Accepting Warranty or Additional Liability. While redistributing 217 | the Work or Derivative Works thereof, You may choose to offer, 218 | and charge a fee for, acceptance of support, warranty, indemnity, 219 | or other liability obligations and/or rights consistent with this 220 | License. However, in accepting such obligations, You may act only 221 | on Your own behalf and on Your sole responsibility, not on behalf 222 | of any other Contributor, and only if You agree to indemnify, 223 | defend, and hold each Contributor harmless for any liability 224 | incurred by, or claims asserted against, such Contributor by reason 225 | of your accepting any such warranty or additional liability. 226 | 227 | END OF TERMS AND CONDITIONS 228 | 229 | APPENDIX: How to apply the Apache License to your work. 230 | 231 | To apply the Apache License to your work, attach the following 232 | boilerplate notice, with the fields enclosed by brackets "[]" 233 | replaced with your own identifying information. (Don't include 234 | the brackets!) The text should be enclosed in the appropriate 235 | comment syntax for the file format. We also recommend that a 236 | file or class name and description of purpose be included on the 237 | same "printed page" as the copyright notice for easier 238 | identification within third-party archives. 239 | 240 | Copyright [yyyy] [name of copyright owner] 241 | 242 | Licensed under the Apache License, Version 2.0 (the "License"); 243 | you may not use this file except in compliance with the License. 244 | You may obtain a copy of the License at 245 | 246 | http://www.apache.org/licenses/LICENSE-2.0 247 | 248 | Unless required by applicable law or agreed to in writing, software 249 | distributed under the License is distributed on an "AS IS" BASIS, 250 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 251 | See the License for the specific language governing permissions and 252 | limitations under the License. 253 | 254 | 255 | @github/dependency-submission-toolkit 256 | MIT 257 | MIT License 258 | 259 | Copyright (c) 2022 GitHub 260 | 261 | Permission is hereby granted, free of charge, to any person obtaining a copy 262 | of this software and associated documentation files (the "Software"), to deal 263 | in the Software without restriction, including without limitation the rights 264 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 265 | copies of the Software, and to permit persons to whom the Software is 266 | furnished to do so, subject to the following conditions: 267 | 268 | The above copyright notice and this permission notice shall be included in all 269 | copies or substantial portions of the Software. 270 | 271 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 272 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 273 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 274 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 275 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 276 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 277 | SOFTWARE. 278 | 279 | 280 | @octokit/auth-token 281 | MIT 282 | The MIT License 283 | 284 | Copyright (c) 2019 Octokit contributors 285 | 286 | Permission is hereby granted, free of charge, to any person obtaining a copy 287 | of this software and associated documentation files (the "Software"), to deal 288 | in the Software without restriction, including without limitation the rights 289 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 290 | copies of the Software, and to permit persons to whom the Software is 291 | furnished to do so, subject to the following conditions: 292 | 293 | The above copyright notice and this permission notice shall be included in 294 | all copies or substantial portions of the Software. 295 | 296 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 297 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 298 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 299 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 300 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 301 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 302 | THE SOFTWARE. 303 | 304 | 305 | @octokit/core 306 | MIT 307 | The MIT License 308 | 309 | Copyright (c) 2019 Octokit contributors 310 | 311 | Permission is hereby granted, free of charge, to any person obtaining a copy 312 | of this software and associated documentation files (the "Software"), to deal 313 | in the Software without restriction, including without limitation the rights 314 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 315 | copies of the Software, and to permit persons to whom the Software is 316 | furnished to do so, subject to the following conditions: 317 | 318 | The above copyright notice and this permission notice shall be included in 319 | all copies or substantial portions of the Software. 320 | 321 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 322 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 323 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 324 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 325 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 326 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 327 | THE SOFTWARE. 328 | 329 | 330 | @octokit/endpoint 331 | MIT 332 | The MIT License 333 | 334 | Copyright (c) 2018 Octokit contributors 335 | 336 | Permission is hereby granted, free of charge, to any person obtaining a copy 337 | of this software and associated documentation files (the "Software"), to deal 338 | in the Software without restriction, including without limitation the rights 339 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 340 | copies of the Software, and to permit persons to whom the Software is 341 | furnished to do so, subject to the following conditions: 342 | 343 | The above copyright notice and this permission notice shall be included in 344 | all copies or substantial portions of the Software. 345 | 346 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 347 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 348 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 349 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 350 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 351 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 352 | THE SOFTWARE. 353 | 354 | 355 | @octokit/graphql 356 | MIT 357 | The MIT License 358 | 359 | Copyright (c) 2018 Octokit contributors 360 | 361 | Permission is hereby granted, free of charge, to any person obtaining a copy 362 | of this software and associated documentation files (the "Software"), to deal 363 | in the Software without restriction, including without limitation the rights 364 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 365 | copies of the Software, and to permit persons to whom the Software is 366 | furnished to do so, subject to the following conditions: 367 | 368 | The above copyright notice and this permission notice shall be included in 369 | all copies or substantial portions of the Software. 370 | 371 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 372 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 373 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 374 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 375 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 376 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 377 | THE SOFTWARE. 378 | 379 | 380 | @octokit/plugin-paginate-rest 381 | MIT 382 | MIT License Copyright (c) 2019 Octokit contributors 383 | 384 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 385 | 386 | The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software. 387 | 388 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 389 | 390 | 391 | @octokit/plugin-rest-endpoint-methods 392 | MIT 393 | MIT License Copyright (c) 2019 Octokit contributors 394 | 395 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 396 | 397 | The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software. 398 | 399 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 400 | 401 | 402 | @octokit/request 403 | MIT 404 | The MIT License 405 | 406 | Copyright (c) 2018 Octokit contributors 407 | 408 | Permission is hereby granted, free of charge, to any person obtaining a copy 409 | of this software and associated documentation files (the "Software"), to deal 410 | in the Software without restriction, including without limitation the rights 411 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 412 | copies of the Software, and to permit persons to whom the Software is 413 | furnished to do so, subject to the following conditions: 414 | 415 | The above copyright notice and this permission notice shall be included in 416 | all copies or substantial portions of the Software. 417 | 418 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 419 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 420 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 421 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 422 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 423 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 424 | THE SOFTWARE. 425 | 426 | 427 | @octokit/request-error 428 | MIT 429 | The MIT License 430 | 431 | Copyright (c) 2019 Octokit contributors 432 | 433 | Permission is hereby granted, free of charge, to any person obtaining a copy 434 | of this software and associated documentation files (the "Software"), to deal 435 | in the Software without restriction, including without limitation the rights 436 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 437 | copies of the Software, and to permit persons to whom the Software is 438 | furnished to do so, subject to the following conditions: 439 | 440 | The above copyright notice and this permission notice shall be included in 441 | all copies or substantial portions of the Software. 442 | 443 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 444 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 445 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 446 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 447 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 448 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 449 | THE SOFTWARE. 450 | 451 | 452 | @oozcitak/dom 453 | MIT 454 | MIT License 455 | 456 | Copyright (c) 2019 Ozgur Ozcitak 457 | 458 | Permission is hereby granted, free of charge, to any person obtaining a copy 459 | of this software and associated documentation files (the "Software"), to deal 460 | in the Software without restriction, including without limitation the rights 461 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 462 | copies of the Software, and to permit persons to whom the Software is 463 | furnished to do so, subject to the following conditions: 464 | 465 | The above copyright notice and this permission notice shall be included in all 466 | copies or substantial portions of the Software. 467 | 468 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 469 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 470 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 471 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 472 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 473 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 474 | SOFTWARE. 475 | 476 | 477 | @oozcitak/infra 478 | MIT 479 | MIT License 480 | 481 | Copyright (c) 2019 Ozgur Ozcitak 482 | 483 | Permission is hereby granted, free of charge, to any person obtaining a copy 484 | of this software and associated documentation files (the "Software"), to deal 485 | in the Software without restriction, including without limitation the rights 486 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 487 | copies of the Software, and to permit persons to whom the Software is 488 | furnished to do so, subject to the following conditions: 489 | 490 | The above copyright notice and this permission notice shall be included in all 491 | copies or substantial portions of the Software. 492 | 493 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 494 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 495 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 496 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 497 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 498 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 499 | SOFTWARE. 500 | 501 | 502 | @oozcitak/url 503 | MIT 504 | MIT License 505 | 506 | Copyright (c) 2019 Ozgur Ozcitak 507 | 508 | Permission is hereby granted, free of charge, to any person obtaining a copy 509 | of this software and associated documentation files (the "Software"), to deal 510 | in the Software without restriction, including without limitation the rights 511 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 512 | copies of the Software, and to permit persons to whom the Software is 513 | furnished to do so, subject to the following conditions: 514 | 515 | The above copyright notice and this permission notice shall be included in all 516 | copies or substantial portions of the Software. 517 | 518 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 519 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 520 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 521 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 522 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 523 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 524 | SOFTWARE. 525 | 526 | 527 | @oozcitak/util 528 | MIT 529 | MIT License 530 | 531 | Copyright (c) 2019 Ozgur Ozcitak 532 | 533 | Permission is hereby granted, free of charge, to any person obtaining a copy 534 | of this software and associated documentation files (the "Software"), to deal 535 | in the Software without restriction, including without limitation the rights 536 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 537 | copies of the Software, and to permit persons to whom the Software is 538 | furnished to do so, subject to the following conditions: 539 | 540 | The above copyright notice and this permission notice shall be included in all 541 | copies or substantial portions of the Software. 542 | 543 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 544 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 545 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 546 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 547 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 548 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 549 | SOFTWARE. 550 | 551 | 552 | @vercel/ncc 553 | MIT 554 | Copyright 2018 ZEIT, Inc. 555 | 556 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 557 | 558 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 559 | 560 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 561 | 562 | before-after-hook 563 | Apache-2.0 564 | Apache License 565 | Version 2.0, January 2004 566 | http://www.apache.org/licenses/ 567 | 568 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 569 | 570 | 1. Definitions. 571 | 572 | "License" shall mean the terms and conditions for use, reproduction, 573 | and distribution as defined by Sections 1 through 9 of this document. 574 | 575 | "Licensor" shall mean the copyright owner or entity authorized by 576 | the copyright owner that is granting the License. 577 | 578 | "Legal Entity" shall mean the union of the acting entity and all 579 | other entities that control, are controlled by, or are under common 580 | control with that entity. For the purposes of this definition, 581 | "control" means (i) the power, direct or indirect, to cause the 582 | direction or management of such entity, whether by contract or 583 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 584 | outstanding shares, or (iii) beneficial ownership of such entity. 585 | 586 | "You" (or "Your") shall mean an individual or Legal Entity 587 | exercising permissions granted by this License. 588 | 589 | "Source" form shall mean the preferred form for making modifications, 590 | including but not limited to software source code, documentation 591 | source, and configuration files. 592 | 593 | "Object" form shall mean any form resulting from mechanical 594 | transformation or translation of a Source form, including but 595 | not limited to compiled object code, generated documentation, 596 | and conversions to other media types. 597 | 598 | "Work" shall mean the work of authorship, whether in Source or 599 | Object form, made available under the License, as indicated by a 600 | copyright notice that is included in or attached to the work 601 | (an example is provided in the Appendix below). 602 | 603 | "Derivative Works" shall mean any work, whether in Source or Object 604 | form, that is based on (or derived from) the Work and for which the 605 | editorial revisions, annotations, elaborations, or other modifications 606 | represent, as a whole, an original work of authorship. For the purposes 607 | of this License, Derivative Works shall not include works that remain 608 | separable from, or merely link (or bind by name) to the interfaces of, 609 | the Work and Derivative Works thereof. 610 | 611 | "Contribution" shall mean any work of authorship, including 612 | the original version of the Work and any modifications or additions 613 | to that Work or Derivative Works thereof, that is intentionally 614 | submitted to Licensor for inclusion in the Work by the copyright owner 615 | or by an individual or Legal Entity authorized to submit on behalf of 616 | the copyright owner. For the purposes of this definition, "submitted" 617 | means any form of electronic, verbal, or written communication sent 618 | to the Licensor or its representatives, including but not limited to 619 | communication on electronic mailing lists, source code control systems, 620 | and issue tracking systems that are managed by, or on behalf of, the 621 | Licensor for the purpose of discussing and improving the Work, but 622 | excluding communication that is conspicuously marked or otherwise 623 | designated in writing by the copyright owner as "Not a Contribution." 624 | 625 | "Contributor" shall mean Licensor and any individual or Legal Entity 626 | on behalf of whom a Contribution has been received by Licensor and 627 | subsequently incorporated within the Work. 628 | 629 | 2. Grant of Copyright License. Subject to the terms and conditions of 630 | this License, each Contributor hereby grants to You a perpetual, 631 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 632 | copyright license to reproduce, prepare Derivative Works of, 633 | publicly display, publicly perform, sublicense, and distribute the 634 | Work and such Derivative Works in Source or Object form. 635 | 636 | 3. Grant of Patent License. Subject to the terms and conditions of 637 | this License, each Contributor hereby grants to You a perpetual, 638 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 639 | (except as stated in this section) patent license to make, have made, 640 | use, offer to sell, sell, import, and otherwise transfer the Work, 641 | where such license applies only to those patent claims licensable 642 | by such Contributor that are necessarily infringed by their 643 | Contribution(s) alone or by combination of their Contribution(s) 644 | with the Work to which such Contribution(s) was submitted. If You 645 | institute patent litigation against any entity (including a 646 | cross-claim or counterclaim in a lawsuit) alleging that the Work 647 | or a Contribution incorporated within the Work constitutes direct 648 | or contributory patent infringement, then any patent licenses 649 | granted to You under this License for that Work shall terminate 650 | as of the date such litigation is filed. 651 | 652 | 4. Redistribution. You may reproduce and distribute copies of the 653 | Work or Derivative Works thereof in any medium, with or without 654 | modifications, and in Source or Object form, provided that You 655 | meet the following conditions: 656 | 657 | (a) You must give any other recipients of the Work or 658 | Derivative Works a copy of this License; and 659 | 660 | (b) You must cause any modified files to carry prominent notices 661 | stating that You changed the files; and 662 | 663 | (c) You must retain, in the Source form of any Derivative Works 664 | that You distribute, all copyright, patent, trademark, and 665 | attribution notices from the Source form of the Work, 666 | excluding those notices that do not pertain to any part of 667 | the Derivative Works; and 668 | 669 | (d) If the Work includes a "NOTICE" text file as part of its 670 | distribution, then any Derivative Works that You distribute must 671 | include a readable copy of the attribution notices contained 672 | within such NOTICE file, excluding those notices that do not 673 | pertain to any part of the Derivative Works, in at least one 674 | of the following places: within a NOTICE text file distributed 675 | as part of the Derivative Works; within the Source form or 676 | documentation, if provided along with the Derivative Works; or, 677 | within a display generated by the Derivative Works, if and 678 | wherever such third-party notices normally appear. The contents 679 | of the NOTICE file are for informational purposes only and 680 | do not modify the License. You may add Your own attribution 681 | notices within Derivative Works that You distribute, alongside 682 | or as an addendum to the NOTICE text from the Work, provided 683 | that such additional attribution notices cannot be construed 684 | as modifying the License. 685 | 686 | You may add Your own copyright statement to Your modifications and 687 | may provide additional or different license terms and conditions 688 | for use, reproduction, or distribution of Your modifications, or 689 | for any such Derivative Works as a whole, provided Your use, 690 | reproduction, and distribution of the Work otherwise complies with 691 | the conditions stated in this License. 692 | 693 | 5. Submission of Contributions. Unless You explicitly state otherwise, 694 | any Contribution intentionally submitted for inclusion in the Work 695 | by You to the Licensor shall be under the terms and conditions of 696 | this License, without any additional terms or conditions. 697 | Notwithstanding the above, nothing herein shall supersede or modify 698 | the terms of any separate license agreement you may have executed 699 | with Licensor regarding such Contributions. 700 | 701 | 6. Trademarks. This License does not grant permission to use the trade 702 | names, trademarks, service marks, or product names of the Licensor, 703 | except as required for reasonable and customary use in describing the 704 | origin of the Work and reproducing the content of the NOTICE file. 705 | 706 | 7. Disclaimer of Warranty. Unless required by applicable law or 707 | agreed to in writing, Licensor provides the Work (and each 708 | Contributor provides its Contributions) on an "AS IS" BASIS, 709 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 710 | implied, including, without limitation, any warranties or conditions 711 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 712 | PARTICULAR PURPOSE. You are solely responsible for determining the 713 | appropriateness of using or redistributing the Work and assume any 714 | risks associated with Your exercise of permissions under this License. 715 | 716 | 8. Limitation of Liability. In no event and under no legal theory, 717 | whether in tort (including negligence), contract, or otherwise, 718 | unless required by applicable law (such as deliberate and grossly 719 | negligent acts) or agreed to in writing, shall any Contributor be 720 | liable to You for damages, including any direct, indirect, special, 721 | incidental, or consequential damages of any character arising as a 722 | result of this License or out of the use or inability to use the 723 | Work (including but not limited to damages for loss of goodwill, 724 | work stoppage, computer failure or malfunction, or any and all 725 | other commercial damages or losses), even if such Contributor 726 | has been advised of the possibility of such damages. 727 | 728 | 9. Accepting Warranty or Additional Liability. While redistributing 729 | the Work or Derivative Works thereof, You may choose to offer, 730 | and charge a fee for, acceptance of support, warranty, indemnity, 731 | or other liability obligations and/or rights consistent with this 732 | License. However, in accepting such obligations, You may act only 733 | on Your own behalf and on Your sole responsibility, not on behalf 734 | of any other Contributor, and only if You agree to indemnify, 735 | defend, and hold each Contributor harmless for any liability 736 | incurred by, or claims asserted against, such Contributor by reason 737 | of your accepting any such warranty or additional liability. 738 | 739 | END OF TERMS AND CONDITIONS 740 | 741 | APPENDIX: How to apply the Apache License to your work. 742 | 743 | To apply the Apache License to your work, attach the following 744 | boilerplate notice, with the fields enclosed by brackets "{}" 745 | replaced with your own identifying information. (Don't include 746 | the brackets!) The text should be enclosed in the appropriate 747 | comment syntax for the file format. We also recommend that a 748 | file or class name and description of purpose be included on the 749 | same "printed page" as the copyright notice for easier 750 | identification within third-party archives. 751 | 752 | Copyright 2018 Gregor Martynus and other contributors. 753 | 754 | Licensed under the Apache License, Version 2.0 (the "License"); 755 | you may not use this file except in compliance with the License. 756 | You may obtain a copy of the License at 757 | 758 | http://www.apache.org/licenses/LICENSE-2.0 759 | 760 | Unless required by applicable law or agreed to in writing, software 761 | distributed under the License is distributed on an "AS IS" BASIS, 762 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 763 | See the License for the specific language governing permissions and 764 | limitations under the License. 765 | 766 | 767 | deprecation 768 | ISC 769 | The ISC License 770 | 771 | Copyright (c) Gregor Martynus and contributors 772 | 773 | Permission to use, copy, modify, and/or distribute this software for any 774 | purpose with or without fee is hereby granted, provided that the above 775 | copyright notice and this permission notice appear in all copies. 776 | 777 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 778 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 779 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 780 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 781 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 782 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 783 | IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 784 | 785 | 786 | is-plain-object 787 | MIT 788 | The MIT License (MIT) 789 | 790 | Copyright (c) 2014-2017, Jon Schlinkert. 791 | 792 | Permission is hereby granted, free of charge, to any person obtaining a copy 793 | of this software and associated documentation files (the "Software"), to deal 794 | in the Software without restriction, including without limitation the rights 795 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 796 | copies of the Software, and to permit persons to whom the Software is 797 | furnished to do so, subject to the following conditions: 798 | 799 | The above copyright notice and this permission notice shall be included in 800 | all copies or substantial portions of the Software. 801 | 802 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 803 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 804 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 805 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 806 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 807 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 808 | THE SOFTWARE. 809 | 810 | 811 | js-yaml 812 | MIT 813 | (The MIT License) 814 | 815 | Copyright (C) 2011-2015 by Vitaly Puzrin 816 | 817 | Permission is hereby granted, free of charge, to any person obtaining a copy 818 | of this software and associated documentation files (the "Software"), to deal 819 | in the Software without restriction, including without limitation the rights 820 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 821 | copies of the Software, and to permit persons to whom the Software is 822 | furnished to do so, subject to the following conditions: 823 | 824 | The above copyright notice and this permission notice shall be included in 825 | all copies or substantial portions of the Software. 826 | 827 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 828 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 829 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 830 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 831 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 832 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 833 | THE SOFTWARE. 834 | 835 | 836 | node-fetch 837 | MIT 838 | The MIT License (MIT) 839 | 840 | Copyright (c) 2016 David Frank 841 | 842 | Permission is hereby granted, free of charge, to any person obtaining a copy 843 | of this software and associated documentation files (the "Software"), to deal 844 | in the Software without restriction, including without limitation the rights 845 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 846 | copies of the Software, and to permit persons to whom the Software is 847 | furnished to do so, subject to the following conditions: 848 | 849 | The above copyright notice and this permission notice shall be included in all 850 | copies or substantial portions of the Software. 851 | 852 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 853 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 854 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 855 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 856 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 857 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 858 | SOFTWARE. 859 | 860 | 861 | 862 | once 863 | ISC 864 | The ISC License 865 | 866 | Copyright (c) Isaac Z. Schlueter and Contributors 867 | 868 | Permission to use, copy, modify, and/or distribute this software for any 869 | purpose with or without fee is hereby granted, provided that the above 870 | copyright notice and this permission notice appear in all copies. 871 | 872 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 873 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 874 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 875 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 876 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 877 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 878 | IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 879 | 880 | 881 | packageurl-js 882 | MIT 883 | 884 | tr46 885 | MIT 886 | 887 | tunnel 888 | MIT 889 | The MIT License (MIT) 890 | 891 | Copyright (c) 2012 Koichi Kobayashi 892 | 893 | Permission is hereby granted, free of charge, to any person obtaining a copy 894 | of this software and associated documentation files (the "Software"), to deal 895 | in the Software without restriction, including without limitation the rights 896 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 897 | copies of the Software, and to permit persons to whom the Software is 898 | furnished to do so, subject to the following conditions: 899 | 900 | The above copyright notice and this permission notice shall be included in 901 | all copies or substantial portions of the Software. 902 | 903 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 904 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 905 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 906 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 907 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 908 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 909 | THE SOFTWARE. 910 | 911 | 912 | universal-user-agent 913 | ISC 914 | # [ISC License](https://spdx.org/licenses/ISC) 915 | 916 | Copyright (c) 2018, Gregor Martynus (https://github.com/gr2m) 917 | 918 | Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. 919 | 920 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 921 | 922 | 923 | uuid 924 | MIT 925 | The MIT License (MIT) 926 | 927 | Copyright (c) 2010-2020 Robert Kieffer and other contributors 928 | 929 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 930 | 931 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 932 | 933 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 934 | 935 | 936 | webidl-conversions 937 | BSD-2-Clause 938 | # The BSD 2-Clause License 939 | 940 | Copyright (c) 2014, Domenic Denicola 941 | All rights reserved. 942 | 943 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 944 | 945 | 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 946 | 947 | 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 948 | 949 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 950 | 951 | 952 | whatwg-url 953 | MIT 954 | The MIT License (MIT) 955 | 956 | Copyright (c) 2015–2016 Sebastian Mayr 957 | 958 | Permission is hereby granted, free of charge, to any person obtaining a copy 959 | of this software and associated documentation files (the "Software"), to deal 960 | in the Software without restriction, including without limitation the rights 961 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 962 | copies of the Software, and to permit persons to whom the Software is 963 | furnished to do so, subject to the following conditions: 964 | 965 | The above copyright notice and this permission notice shall be included in 966 | all copies or substantial portions of the Software. 967 | 968 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 969 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 970 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 971 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 972 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 973 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 974 | THE SOFTWARE. 975 | 976 | 977 | wrappy 978 | ISC 979 | The ISC License 980 | 981 | Copyright (c) Isaac Z. Schlueter and Contributors 982 | 983 | Permission to use, copy, modify, and/or distribute this software for any 984 | purpose with or without fee is hereby granted, provided that the above 985 | copyright notice and this permission notice appear in all copies. 986 | 987 | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 988 | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 989 | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 990 | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 991 | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 992 | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR 993 | IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 994 | 995 | 996 | xmlbuilder2 997 | MIT 998 | MIT License 999 | 1000 | Copyright (c) 2019 Ozgur Ozcitak 1001 | 1002 | Permission is hereby granted, free of charge, to any person obtaining a copy 1003 | of this software and associated documentation files (the "Software"), to deal 1004 | in the Software without restriction, including without limitation the rights 1005 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 1006 | copies of the Software, and to permit persons to whom the Software is 1007 | furnished to do so, subject to the following conditions: 1008 | 1009 | The above copyright notice and this permission notice shall be included in all 1010 | copies or substantial portions of the Software. 1011 | 1012 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 1013 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 1014 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 1015 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 1016 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 1017 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 1018 | SOFTWARE. 1019 | -------------------------------------------------------------------------------- /dist/sourcemap-register.js: -------------------------------------------------------------------------------- 1 | (()=>{var e={650:e=>{var r=Object.prototype.toString;var n=typeof Buffer.alloc==="function"&&typeof Buffer.allocUnsafe==="function"&&typeof Buffer.from==="function";function isArrayBuffer(e){return r.call(e).slice(8,-1)==="ArrayBuffer"}function fromArrayBuffer(e,r,t){r>>>=0;var o=e.byteLength-r;if(o<0){throw new RangeError("'offset' is out of bounds")}if(t===undefined){t=o}else{t>>>=0;if(t>o){throw new RangeError("'length' is out of bounds")}}return n?Buffer.from(e.slice(r,r+t)):new Buffer(new Uint8Array(e.slice(r,r+t)))}function fromString(e,r){if(typeof r!=="string"||r===""){r="utf8"}if(!Buffer.isEncoding(r)){throw new TypeError('"encoding" must be a valid string encoding')}return n?Buffer.from(e,r):new Buffer(e,r)}function bufferFrom(e,r,t){if(typeof e==="number"){throw new TypeError('"value" argument must not be a number')}if(isArrayBuffer(e)){return fromArrayBuffer(e,r,t)}if(typeof e==="string"){return fromString(e,r)}return n?Buffer.from(e):new Buffer(e)}e.exports=bufferFrom},274:(e,r,n)=>{var t=n(339);var o=Object.prototype.hasOwnProperty;var i=typeof Map!=="undefined";function ArraySet(){this._array=[];this._set=i?new Map:Object.create(null)}ArraySet.fromArray=function ArraySet_fromArray(e,r){var n=new ArraySet;for(var t=0,o=e.length;t=0){return r}}else{var n=t.toSetString(e);if(o.call(this._set,n)){return this._set[n]}}throw new Error('"'+e+'" is not in the set.')};ArraySet.prototype.at=function ArraySet_at(e){if(e>=0&&e{var t=n(190);var o=5;var i=1<>1;return r?-n:n}r.encode=function base64VLQ_encode(e){var r="";var n;var i=toVLQSigned(e);do{n=i&a;i>>>=o;if(i>0){n|=u}r+=t.encode(n)}while(i>0);return r};r.decode=function base64VLQ_decode(e,r,n){var i=e.length;var s=0;var l=0;var c,p;do{if(r>=i){throw new Error("Expected more digits in base 64 VLQ value.")}p=t.decode(e.charCodeAt(r++));if(p===-1){throw new Error("Invalid base64 digit: "+e.charAt(r-1))}c=!!(p&u);p&=a;s=s+(p<{var n="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/".split("");r.encode=function(e){if(0<=e&&e{r.GREATEST_LOWER_BOUND=1;r.LEAST_UPPER_BOUND=2;function recursiveSearch(e,n,t,o,i,a){var u=Math.floor((n-e)/2)+e;var s=i(t,o[u],true);if(s===0){return u}else if(s>0){if(n-u>1){return recursiveSearch(u,n,t,o,i,a)}if(a==r.LEAST_UPPER_BOUND){return n1){return recursiveSearch(e,u,t,o,i,a)}if(a==r.LEAST_UPPER_BOUND){return u}else{return e<0?-1:e}}}r.search=function search(e,n,t,o){if(n.length===0){return-1}var i=recursiveSearch(-1,n.length,e,n,t,o||r.GREATEST_LOWER_BOUND);if(i<0){return-1}while(i-1>=0){if(t(n[i],n[i-1],true)!==0){break}--i}return i}},680:(e,r,n)=>{var t=n(339);function generatedPositionAfter(e,r){var n=e.generatedLine;var o=r.generatedLine;var i=e.generatedColumn;var a=r.generatedColumn;return o>n||o==n&&a>=i||t.compareByGeneratedPositionsInflated(e,r)<=0}function MappingList(){this._array=[];this._sorted=true;this._last={generatedLine:-1,generatedColumn:0}}MappingList.prototype.unsortedForEach=function MappingList_forEach(e,r){this._array.forEach(e,r)};MappingList.prototype.add=function MappingList_add(e){if(generatedPositionAfter(this._last,e)){this._last=e;this._array.push(e)}else{this._sorted=false;this._array.push(e)}};MappingList.prototype.toArray=function MappingList_toArray(){if(!this._sorted){this._array.sort(t.compareByGeneratedPositionsInflated);this._sorted=true}return this._array};r.H=MappingList},758:(e,r)=>{function swap(e,r,n){var t=e[r];e[r]=e[n];e[n]=t}function randomIntInRange(e,r){return Math.round(e+Math.random()*(r-e))}function doQuickSort(e,r,n,t){if(n{var t;var o=n(339);var i=n(345);var a=n(274).I;var u=n(449);var s=n(758).U;function SourceMapConsumer(e,r){var n=e;if(typeof e==="string"){n=o.parseSourceMapInput(e)}return n.sections!=null?new IndexedSourceMapConsumer(n,r):new BasicSourceMapConsumer(n,r)}SourceMapConsumer.fromSourceMap=function(e,r){return BasicSourceMapConsumer.fromSourceMap(e,r)};SourceMapConsumer.prototype._version=3;SourceMapConsumer.prototype.__generatedMappings=null;Object.defineProperty(SourceMapConsumer.prototype,"_generatedMappings",{configurable:true,enumerable:true,get:function(){if(!this.__generatedMappings){this._parseMappings(this._mappings,this.sourceRoot)}return this.__generatedMappings}});SourceMapConsumer.prototype.__originalMappings=null;Object.defineProperty(SourceMapConsumer.prototype,"_originalMappings",{configurable:true,enumerable:true,get:function(){if(!this.__originalMappings){this._parseMappings(this._mappings,this.sourceRoot)}return this.__originalMappings}});SourceMapConsumer.prototype._charIsMappingSeparator=function SourceMapConsumer_charIsMappingSeparator(e,r){var n=e.charAt(r);return n===";"||n===","};SourceMapConsumer.prototype._parseMappings=function SourceMapConsumer_parseMappings(e,r){throw new Error("Subclasses must implement _parseMappings")};SourceMapConsumer.GENERATED_ORDER=1;SourceMapConsumer.ORIGINAL_ORDER=2;SourceMapConsumer.GREATEST_LOWER_BOUND=1;SourceMapConsumer.LEAST_UPPER_BOUND=2;SourceMapConsumer.prototype.eachMapping=function SourceMapConsumer_eachMapping(e,r,n){var t=r||null;var i=n||SourceMapConsumer.GENERATED_ORDER;var a;switch(i){case SourceMapConsumer.GENERATED_ORDER:a=this._generatedMappings;break;case SourceMapConsumer.ORIGINAL_ORDER:a=this._originalMappings;break;default:throw new Error("Unknown order of iteration.")}var u=this.sourceRoot;a.map((function(e){var r=e.source===null?null:this._sources.at(e.source);r=o.computeSourceURL(u,r,this._sourceMapURL);return{source:r,generatedLine:e.generatedLine,generatedColumn:e.generatedColumn,originalLine:e.originalLine,originalColumn:e.originalColumn,name:e.name===null?null:this._names.at(e.name)}}),this).forEach(e,t)};SourceMapConsumer.prototype.allGeneratedPositionsFor=function SourceMapConsumer_allGeneratedPositionsFor(e){var r=o.getArg(e,"line");var n={source:o.getArg(e,"source"),originalLine:r,originalColumn:o.getArg(e,"column",0)};n.source=this._findSourceIndex(n.source);if(n.source<0){return[]}var t=[];var a=this._findMapping(n,this._originalMappings,"originalLine","originalColumn",o.compareByOriginalPositions,i.LEAST_UPPER_BOUND);if(a>=0){var u=this._originalMappings[a];if(e.column===undefined){var s=u.originalLine;while(u&&u.originalLine===s){t.push({line:o.getArg(u,"generatedLine",null),column:o.getArg(u,"generatedColumn",null),lastColumn:o.getArg(u,"lastGeneratedColumn",null)});u=this._originalMappings[++a]}}else{var l=u.originalColumn;while(u&&u.originalLine===r&&u.originalColumn==l){t.push({line:o.getArg(u,"generatedLine",null),column:o.getArg(u,"generatedColumn",null),lastColumn:o.getArg(u,"lastGeneratedColumn",null)});u=this._originalMappings[++a]}}}return t};r.SourceMapConsumer=SourceMapConsumer;function BasicSourceMapConsumer(e,r){var n=e;if(typeof e==="string"){n=o.parseSourceMapInput(e)}var t=o.getArg(n,"version");var i=o.getArg(n,"sources");var u=o.getArg(n,"names",[]);var s=o.getArg(n,"sourceRoot",null);var l=o.getArg(n,"sourcesContent",null);var c=o.getArg(n,"mappings");var p=o.getArg(n,"file",null);if(t!=this._version){throw new Error("Unsupported version: "+t)}if(s){s=o.normalize(s)}i=i.map(String).map(o.normalize).map((function(e){return s&&o.isAbsolute(s)&&o.isAbsolute(e)?o.relative(s,e):e}));this._names=a.fromArray(u.map(String),true);this._sources=a.fromArray(i,true);this._absoluteSources=this._sources.toArray().map((function(e){return o.computeSourceURL(s,e,r)}));this.sourceRoot=s;this.sourcesContent=l;this._mappings=c;this._sourceMapURL=r;this.file=p}BasicSourceMapConsumer.prototype=Object.create(SourceMapConsumer.prototype);BasicSourceMapConsumer.prototype.consumer=SourceMapConsumer;BasicSourceMapConsumer.prototype._findSourceIndex=function(e){var r=e;if(this.sourceRoot!=null){r=o.relative(this.sourceRoot,r)}if(this._sources.has(r)){return this._sources.indexOf(r)}var n;for(n=0;n1){v.source=l+_[1];l+=_[1];v.originalLine=i+_[2];i=v.originalLine;v.originalLine+=1;v.originalColumn=a+_[3];a=v.originalColumn;if(_.length>4){v.name=c+_[4];c+=_[4]}}m.push(v);if(typeof v.originalLine==="number"){d.push(v)}}}s(m,o.compareByGeneratedPositionsDeflated);this.__generatedMappings=m;s(d,o.compareByOriginalPositions);this.__originalMappings=d};BasicSourceMapConsumer.prototype._findMapping=function SourceMapConsumer_findMapping(e,r,n,t,o,a){if(e[n]<=0){throw new TypeError("Line must be greater than or equal to 1, got "+e[n])}if(e[t]<0){throw new TypeError("Column must be greater than or equal to 0, got "+e[t])}return i.search(e,r,o,a)};BasicSourceMapConsumer.prototype.computeColumnSpans=function SourceMapConsumer_computeColumnSpans(){for(var e=0;e=0){var t=this._generatedMappings[n];if(t.generatedLine===r.generatedLine){var i=o.getArg(t,"source",null);if(i!==null){i=this._sources.at(i);i=o.computeSourceURL(this.sourceRoot,i,this._sourceMapURL)}var a=o.getArg(t,"name",null);if(a!==null){a=this._names.at(a)}return{source:i,line:o.getArg(t,"originalLine",null),column:o.getArg(t,"originalColumn",null),name:a}}}return{source:null,line:null,column:null,name:null}};BasicSourceMapConsumer.prototype.hasContentsOfAllSources=function BasicSourceMapConsumer_hasContentsOfAllSources(){if(!this.sourcesContent){return false}return this.sourcesContent.length>=this._sources.size()&&!this.sourcesContent.some((function(e){return e==null}))};BasicSourceMapConsumer.prototype.sourceContentFor=function SourceMapConsumer_sourceContentFor(e,r){if(!this.sourcesContent){return null}var n=this._findSourceIndex(e);if(n>=0){return this.sourcesContent[n]}var t=e;if(this.sourceRoot!=null){t=o.relative(this.sourceRoot,t)}var i;if(this.sourceRoot!=null&&(i=o.urlParse(this.sourceRoot))){var a=t.replace(/^file:\/\//,"");if(i.scheme=="file"&&this._sources.has(a)){return this.sourcesContent[this._sources.indexOf(a)]}if((!i.path||i.path=="/")&&this._sources.has("/"+t)){return this.sourcesContent[this._sources.indexOf("/"+t)]}}if(r){return null}else{throw new Error('"'+t+'" is not in the SourceMap.')}};BasicSourceMapConsumer.prototype.generatedPositionFor=function SourceMapConsumer_generatedPositionFor(e){var r=o.getArg(e,"source");r=this._findSourceIndex(r);if(r<0){return{line:null,column:null,lastColumn:null}}var n={source:r,originalLine:o.getArg(e,"line"),originalColumn:o.getArg(e,"column")};var t=this._findMapping(n,this._originalMappings,"originalLine","originalColumn",o.compareByOriginalPositions,o.getArg(e,"bias",SourceMapConsumer.GREATEST_LOWER_BOUND));if(t>=0){var i=this._originalMappings[t];if(i.source===n.source){return{line:o.getArg(i,"generatedLine",null),column:o.getArg(i,"generatedColumn",null),lastColumn:o.getArg(i,"lastGeneratedColumn",null)}}}return{line:null,column:null,lastColumn:null}};t=BasicSourceMapConsumer;function IndexedSourceMapConsumer(e,r){var n=e;if(typeof e==="string"){n=o.parseSourceMapInput(e)}var t=o.getArg(n,"version");var i=o.getArg(n,"sections");if(t!=this._version){throw new Error("Unsupported version: "+t)}this._sources=new a;this._names=new a;var u={line:-1,column:0};this._sections=i.map((function(e){if(e.url){throw new Error("Support for url field in sections not implemented.")}var n=o.getArg(e,"offset");var t=o.getArg(n,"line");var i=o.getArg(n,"column");if(t{var t=n(449);var o=n(339);var i=n(274).I;var a=n(680).H;function SourceMapGenerator(e){if(!e){e={}}this._file=o.getArg(e,"file",null);this._sourceRoot=o.getArg(e,"sourceRoot",null);this._skipValidation=o.getArg(e,"skipValidation",false);this._sources=new i;this._names=new i;this._mappings=new a;this._sourcesContents=null}SourceMapGenerator.prototype._version=3;SourceMapGenerator.fromSourceMap=function SourceMapGenerator_fromSourceMap(e){var r=e.sourceRoot;var n=new SourceMapGenerator({file:e.file,sourceRoot:r});e.eachMapping((function(e){var t={generated:{line:e.generatedLine,column:e.generatedColumn}};if(e.source!=null){t.source=e.source;if(r!=null){t.source=o.relative(r,t.source)}t.original={line:e.originalLine,column:e.originalColumn};if(e.name!=null){t.name=e.name}}n.addMapping(t)}));e.sources.forEach((function(t){var i=t;if(r!==null){i=o.relative(r,t)}if(!n._sources.has(i)){n._sources.add(i)}var a=e.sourceContentFor(t);if(a!=null){n.setSourceContent(t,a)}}));return n};SourceMapGenerator.prototype.addMapping=function SourceMapGenerator_addMapping(e){var r=o.getArg(e,"generated");var n=o.getArg(e,"original",null);var t=o.getArg(e,"source",null);var i=o.getArg(e,"name",null);if(!this._skipValidation){this._validateMapping(r,n,t,i)}if(t!=null){t=String(t);if(!this._sources.has(t)){this._sources.add(t)}}if(i!=null){i=String(i);if(!this._names.has(i)){this._names.add(i)}}this._mappings.add({generatedLine:r.line,generatedColumn:r.column,originalLine:n!=null&&n.line,originalColumn:n!=null&&n.column,source:t,name:i})};SourceMapGenerator.prototype.setSourceContent=function SourceMapGenerator_setSourceContent(e,r){var n=e;if(this._sourceRoot!=null){n=o.relative(this._sourceRoot,n)}if(r!=null){if(!this._sourcesContents){this._sourcesContents=Object.create(null)}this._sourcesContents[o.toSetString(n)]=r}else if(this._sourcesContents){delete this._sourcesContents[o.toSetString(n)];if(Object.keys(this._sourcesContents).length===0){this._sourcesContents=null}}};SourceMapGenerator.prototype.applySourceMap=function SourceMapGenerator_applySourceMap(e,r,n){var t=r;if(r==null){if(e.file==null){throw new Error("SourceMapGenerator.prototype.applySourceMap requires either an explicit source file, "+'or the source map\'s "file" property. Both were omitted.')}t=e.file}var a=this._sourceRoot;if(a!=null){t=o.relative(a,t)}var u=new i;var s=new i;this._mappings.unsortedForEach((function(r){if(r.source===t&&r.originalLine!=null){var i=e.originalPositionFor({line:r.originalLine,column:r.originalColumn});if(i.source!=null){r.source=i.source;if(n!=null){r.source=o.join(n,r.source)}if(a!=null){r.source=o.relative(a,r.source)}r.originalLine=i.line;r.originalColumn=i.column;if(i.name!=null){r.name=i.name}}}var l=r.source;if(l!=null&&!u.has(l)){u.add(l)}var c=r.name;if(c!=null&&!s.has(c)){s.add(c)}}),this);this._sources=u;this._names=s;e.sources.forEach((function(r){var t=e.sourceContentFor(r);if(t!=null){if(n!=null){r=o.join(n,r)}if(a!=null){r=o.relative(a,r)}this.setSourceContent(r,t)}}),this)};SourceMapGenerator.prototype._validateMapping=function SourceMapGenerator_validateMapping(e,r,n,t){if(r&&typeof r.line!=="number"&&typeof r.column!=="number"){throw new Error("original.line and original.column are not numbers -- you probably meant to omit "+"the original mapping entirely and only map the generated position. If so, pass "+"null for the original mapping instead of an object with empty or null values.")}if(e&&"line"in e&&"column"in e&&e.line>0&&e.column>=0&&!r&&!n&&!t){return}else if(e&&"line"in e&&"column"in e&&r&&"line"in r&&"column"in r&&e.line>0&&e.column>=0&&r.line>0&&r.column>=0&&n){return}else{throw new Error("Invalid mapping: "+JSON.stringify({generated:e,source:n,original:r,name:t}))}};SourceMapGenerator.prototype._serializeMappings=function SourceMapGenerator_serializeMappings(){var e=0;var r=1;var n=0;var i=0;var a=0;var u=0;var s="";var l;var c;var p;var f;var g=this._mappings.toArray();for(var h=0,d=g.length;h0){if(!o.compareByGeneratedPositionsInflated(c,g[h-1])){continue}l+=","}}l+=t.encode(c.generatedColumn-e);e=c.generatedColumn;if(c.source!=null){f=this._sources.indexOf(c.source);l+=t.encode(f-u);u=f;l+=t.encode(c.originalLine-1-i);i=c.originalLine-1;l+=t.encode(c.originalColumn-n);n=c.originalColumn;if(c.name!=null){p=this._names.indexOf(c.name);l+=t.encode(p-a);a=p}}s+=l}return s};SourceMapGenerator.prototype._generateSourcesContent=function SourceMapGenerator_generateSourcesContent(e,r){return e.map((function(e){if(!this._sourcesContents){return null}if(r!=null){e=o.relative(r,e)}var n=o.toSetString(e);return Object.prototype.hasOwnProperty.call(this._sourcesContents,n)?this._sourcesContents[n]:null}),this)};SourceMapGenerator.prototype.toJSON=function SourceMapGenerator_toJSON(){var e={version:this._version,sources:this._sources.toArray(),names:this._names.toArray(),mappings:this._serializeMappings()};if(this._file!=null){e.file=this._file}if(this._sourceRoot!=null){e.sourceRoot=this._sourceRoot}if(this._sourcesContents){e.sourcesContent=this._generateSourcesContent(e.sources,e.sourceRoot)}return e};SourceMapGenerator.prototype.toString=function SourceMapGenerator_toString(){return JSON.stringify(this.toJSON())};r.h=SourceMapGenerator},351:(e,r,n)=>{var t;var o=n(591).h;var i=n(339);var a=/(\r?\n)/;var u=10;var s="$$$isSourceNode$$$";function SourceNode(e,r,n,t,o){this.children=[];this.sourceContents={};this.line=e==null?null:e;this.column=r==null?null:r;this.source=n==null?null:n;this.name=o==null?null:o;this[s]=true;if(t!=null)this.add(t)}SourceNode.fromStringWithSourceMap=function SourceNode_fromStringWithSourceMap(e,r,n){var t=new SourceNode;var o=e.split(a);var u=0;var shiftNextLine=function(){var e=getNextLine();var r=getNextLine()||"";return e+r;function getNextLine(){return u=0;r--){this.prepend(e[r])}}else if(e[s]||typeof e==="string"){this.children.unshift(e)}else{throw new TypeError("Expected a SourceNode, string, or an array of SourceNodes and strings. Got "+e)}return this};SourceNode.prototype.walk=function SourceNode_walk(e){var r;for(var n=0,t=this.children.length;n0){r=[];for(n=0;n{function getArg(e,r,n){if(r in e){return e[r]}else if(arguments.length===3){return n}else{throw new Error('"'+r+'" is a required argument.')}}r.getArg=getArg;var n=/^(?:([\w+\-.]+):)?\/\/(?:(\w+:\w+)@)?([\w.-]*)(?::(\d+))?(.*)$/;var t=/^data:.+\,.+$/;function urlParse(e){var r=e.match(n);if(!r){return null}return{scheme:r[1],auth:r[2],host:r[3],port:r[4],path:r[5]}}r.urlParse=urlParse;function urlGenerate(e){var r="";if(e.scheme){r+=e.scheme+":"}r+="//";if(e.auth){r+=e.auth+"@"}if(e.host){r+=e.host}if(e.port){r+=":"+e.port}if(e.path){r+=e.path}return r}r.urlGenerate=urlGenerate;function normalize(e){var n=e;var t=urlParse(e);if(t){if(!t.path){return e}n=t.path}var o=r.isAbsolute(n);var i=n.split(/\/+/);for(var a,u=0,s=i.length-1;s>=0;s--){a=i[s];if(a==="."){i.splice(s,1)}else if(a===".."){u++}else if(u>0){if(a===""){i.splice(s+1,u);u=0}else{i.splice(s,2);u--}}}n=i.join("/");if(n===""){n=o?"/":"."}if(t){t.path=n;return urlGenerate(t)}return n}r.normalize=normalize;function join(e,r){if(e===""){e="."}if(r===""){r="."}var n=urlParse(r);var o=urlParse(e);if(o){e=o.path||"/"}if(n&&!n.scheme){if(o){n.scheme=o.scheme}return urlGenerate(n)}if(n||r.match(t)){return r}if(o&&!o.host&&!o.path){o.host=r;return urlGenerate(o)}var i=r.charAt(0)==="/"?r:normalize(e.replace(/\/+$/,"")+"/"+r);if(o){o.path=i;return urlGenerate(o)}return i}r.join=join;r.isAbsolute=function(e){return e.charAt(0)==="/"||n.test(e)};function relative(e,r){if(e===""){e="."}e=e.replace(/\/$/,"");var n=0;while(r.indexOf(e+"/")!==0){var t=e.lastIndexOf("/");if(t<0){return r}e=e.slice(0,t);if(e.match(/^([^\/]+:\/)?\/*$/)){return r}++n}return Array(n+1).join("../")+r.substr(e.length+1)}r.relative=relative;var o=function(){var e=Object.create(null);return!("__proto__"in e)}();function identity(e){return e}function toSetString(e){if(isProtoString(e)){return"$"+e}return e}r.toSetString=o?identity:toSetString;function fromSetString(e){if(isProtoString(e)){return e.slice(1)}return e}r.fromSetString=o?identity:fromSetString;function isProtoString(e){if(!e){return false}var r=e.length;if(r<9){return false}if(e.charCodeAt(r-1)!==95||e.charCodeAt(r-2)!==95||e.charCodeAt(r-3)!==111||e.charCodeAt(r-4)!==116||e.charCodeAt(r-5)!==111||e.charCodeAt(r-6)!==114||e.charCodeAt(r-7)!==112||e.charCodeAt(r-8)!==95||e.charCodeAt(r-9)!==95){return false}for(var n=r-10;n>=0;n--){if(e.charCodeAt(n)!==36){return false}}return true}function compareByOriginalPositions(e,r,n){var t=strcmp(e.source,r.source);if(t!==0){return t}t=e.originalLine-r.originalLine;if(t!==0){return t}t=e.originalColumn-r.originalColumn;if(t!==0||n){return t}t=e.generatedColumn-r.generatedColumn;if(t!==0){return t}t=e.generatedLine-r.generatedLine;if(t!==0){return t}return strcmp(e.name,r.name)}r.compareByOriginalPositions=compareByOriginalPositions;function compareByGeneratedPositionsDeflated(e,r,n){var t=e.generatedLine-r.generatedLine;if(t!==0){return t}t=e.generatedColumn-r.generatedColumn;if(t!==0||n){return t}t=strcmp(e.source,r.source);if(t!==0){return t}t=e.originalLine-r.originalLine;if(t!==0){return t}t=e.originalColumn-r.originalColumn;if(t!==0){return t}return strcmp(e.name,r.name)}r.compareByGeneratedPositionsDeflated=compareByGeneratedPositionsDeflated;function strcmp(e,r){if(e===r){return 0}if(e===null){return 1}if(r===null){return-1}if(e>r){return 1}return-1}function compareByGeneratedPositionsInflated(e,r){var n=e.generatedLine-r.generatedLine;if(n!==0){return n}n=e.generatedColumn-r.generatedColumn;if(n!==0){return n}n=strcmp(e.source,r.source);if(n!==0){return n}n=e.originalLine-r.originalLine;if(n!==0){return n}n=e.originalColumn-r.originalColumn;if(n!==0){return n}return strcmp(e.name,r.name)}r.compareByGeneratedPositionsInflated=compareByGeneratedPositionsInflated;function parseSourceMapInput(e){return JSON.parse(e.replace(/^\)]}'[^\n]*\n/,""))}r.parseSourceMapInput=parseSourceMapInput;function computeSourceURL(e,r,n){r=r||"";if(e){if(e[e.length-1]!=="/"&&r[0]!=="/"){e+="/"}r=e+r}if(n){var t=urlParse(n);if(!t){throw new Error("sourceMapURL could not be parsed")}if(t.path){var o=t.path.lastIndexOf("/");if(o>=0){t.path=t.path.substring(0,o+1)}}r=join(urlGenerate(t),r)}return normalize(r)}r.computeSourceURL=computeSourceURL},997:(e,r,n)=>{n(591).h;r.SourceMapConsumer=n(952).SourceMapConsumer;n(351)},284:(e,r,n)=>{e=n.nmd(e);var t=n(997).SourceMapConsumer;var o=n(17);var i;try{i=n(147);if(!i.existsSync||!i.readFileSync){i=null}}catch(e){}var a=n(650);function dynamicRequire(e,r){return e.require(r)}var u=false;var s=false;var l=false;var c="auto";var p={};var f={};var g=/^data:application\/json[^,]+base64,/;var h=[];var d=[];function isInBrowser(){if(c==="browser")return true;if(c==="node")return false;return typeof window!=="undefined"&&typeof XMLHttpRequest==="function"&&!(window.require&&window.module&&window.process&&window.process.type==="renderer")}function hasGlobalProcessEventEmitter(){return typeof process==="object"&&process!==null&&typeof process.on==="function"}function globalProcessVersion(){if(typeof process==="object"&&process!==null){return process.version}else{return""}}function globalProcessStderr(){if(typeof process==="object"&&process!==null){return process.stderr}}function globalProcessExit(e){if(typeof process==="object"&&process!==null&&typeof process.exit==="function"){return process.exit(e)}}function handlerExec(e){return function(r){for(var n=0;n"}var n=this.getLineNumber();if(n!=null){r+=":"+n;var t=this.getColumnNumber();if(t){r+=":"+t}}}var o="";var i=this.getFunctionName();var a=true;var u=this.isConstructor();var s=!(this.isToplevel()||u);if(s){var l=this.getTypeName();if(l==="[object Object]"){l="null"}var c=this.getMethodName();if(i){if(l&&i.indexOf(l)!=0){o+=l+"."}o+=i;if(c&&i.indexOf("."+c)!=i.length-c.length-1){o+=" [as "+c+"]"}}else{o+=l+"."+(c||"")}}else if(u){o+="new "+(i||"")}else if(i){o+=i}else{o+=r;a=false}if(a){o+=" ("+r+")"}return o}function cloneCallSite(e){var r={};Object.getOwnPropertyNames(Object.getPrototypeOf(e)).forEach((function(n){r[n]=/^(?:is|get)/.test(n)?function(){return e[n].call(e)}:e[n]}));r.toString=CallSiteToString;return r}function wrapCallSite(e,r){if(r===undefined){r={nextPosition:null,curPosition:null}}if(e.isNative()){r.curPosition=null;return e}var n=e.getFileName()||e.getScriptNameOrSourceURL();if(n){var t=e.getLineNumber();var o=e.getColumnNumber()-1;var i=/^v(10\.1[6-9]|10\.[2-9][0-9]|10\.[0-9]{3,}|1[2-9]\d*|[2-9]\d|\d{3,}|11\.11)/;var a=i.test(globalProcessVersion())?0:62;if(t===1&&o>a&&!isInBrowser()&&!e.isEval()){o-=a}var u=mapSourcePosition({source:n,line:t,column:o});r.curPosition=u;e=cloneCallSite(e);var s=e.getFunctionName;e.getFunctionName=function(){if(r.nextPosition==null){return s()}return r.nextPosition.name||s()};e.getFileName=function(){return u.source};e.getLineNumber=function(){return u.line};e.getColumnNumber=function(){return u.column+1};e.getScriptNameOrSourceURL=function(){return u.source};return e}var l=e.isEval()&&e.getEvalOrigin();if(l){l=mapEvalOrigin(l);e=cloneCallSite(e);e.getEvalOrigin=function(){return l};return e}return e}function prepareStackTrace(e,r){if(l){p={};f={}}var n=e.name||"Error";var t=e.message||"";var o=n+": "+t;var i={nextPosition:null,curPosition:null};var a=[];for(var u=r.length-1;u>=0;u--){a.push("\n at "+wrapCallSite(r[u],i));i.nextPosition=i.curPosition}i.curPosition=i.nextPosition=null;return o+a.reverse().join("")}function getErrorSource(e){var r=/\n at [^(]+ \((.*):(\d+):(\d+)\)/.exec(e.stack);if(r){var n=r[1];var t=+r[2];var o=+r[3];var a=p[n];if(!a&&i&&i.existsSync(n)){try{a=i.readFileSync(n,"utf8")}catch(e){a=""}}if(a){var u=a.split(/(?:\r\n|\r|\n)/)[t-1];if(u){return n+":"+t+"\n"+u+"\n"+new Array(o).join(" ")+"^"}}}return null}function printErrorAndExit(e){var r=getErrorSource(e);var n=globalProcessStderr();if(n&&n._handle&&n._handle.setBlocking){n._handle.setBlocking(true)}if(r){console.error();console.error(r)}console.error(e.stack);globalProcessExit(1)}function shimEmitUncaughtException(){var e=process.emit;process.emit=function(r){if(r==="uncaughtException"){var n=arguments[1]&&arguments[1].stack;var t=this.listeners(r).length>0;if(n&&!t){return printErrorAndExit(arguments[1])}}return e.apply(this,arguments)}}var S=h.slice(0);var _=d.slice(0);r.wrapCallSite=wrapCallSite;r.getErrorSource=getErrorSource;r.mapSourcePosition=mapSourcePosition;r.retrieveSourceMap=v;r.install=function(r){r=r||{};if(r.environment){c=r.environment;if(["node","browser","auto"].indexOf(c)===-1){throw new Error("environment "+c+" was unknown. Available options are {auto, browser, node}")}}if(r.retrieveFile){if(r.overrideRetrieveFile){h.length=0}h.unshift(r.retrieveFile)}if(r.retrieveSourceMap){if(r.overrideRetrieveSourceMap){d.length=0}d.unshift(r.retrieveSourceMap)}if(r.hookRequire&&!isInBrowser()){var n=dynamicRequire(e,"module");var t=n.prototype._compile;if(!t.__sourceMapSupport){n.prototype._compile=function(e,r){p[r]=e;f[r]=undefined;return t.call(this,e,r)};n.prototype._compile.__sourceMapSupport=true}}if(!l){l="emptyCacheBetweenOperations"in r?r.emptyCacheBetweenOperations:false}if(!u){u=true;Error.prepareStackTrace=prepareStackTrace}if(!s){var o="handleUncaughtExceptions"in r?r.handleUncaughtExceptions:true;try{var i=dynamicRequire(e,"worker_threads");if(i.isMainThread===false){o=false}}catch(e){}if(o&&hasGlobalProcessEventEmitter()){s=true;shimEmitUncaughtException()}}};r.resetRetrieveHandlers=function(){h.length=0;d.length=0;h=S.slice(0);d=_.slice(0);v=handlerExec(d);m=handlerExec(h)}},147:e=>{"use strict";e.exports=require("fs")},17:e=>{"use strict";e.exports=require("path")}};var r={};function __webpack_require__(n){var t=r[n];if(t!==undefined){return t.exports}var o=r[n]={id:n,loaded:false,exports:{}};var i=true;try{e[n](o,o.exports,__webpack_require__);i=false}finally{if(i)delete r[n]}o.loaded=true;return o.exports}(()=>{__webpack_require__.nmd=e=>{e.paths=[];if(!e.children)e.children=[];return e}})();if(typeof __webpack_require__!=="undefined")__webpack_require__.ab=__dirname+"/";var n={};(()=>{__webpack_require__(284).install()})();module.exports=n})(); -------------------------------------------------------------------------------- /jest.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | clearMocks: true, 3 | moduleFileExtensions: ['js', 'ts'], 4 | testMatch: ['**/*.test.ts'], 5 | transform: { 6 | '^.+\\.ts$': 'ts-jest' 7 | }, 8 | verbose: true 9 | } -------------------------------------------------------------------------------- /lib/main.js: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { 3 | if (k2 === undefined) k2 = k; 4 | var desc = Object.getOwnPropertyDescriptor(m, k); 5 | if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) { 6 | desc = { enumerable: true, get: function() { return m[k]; } }; 7 | } 8 | Object.defineProperty(o, k2, desc); 9 | }) : (function(o, m, k, k2) { 10 | if (k2 === undefined) k2 = k; 11 | o[k2] = m[k]; 12 | })); 13 | var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) { 14 | Object.defineProperty(o, "default", { enumerable: true, value: v }); 15 | }) : function(o, v) { 16 | o["default"] = v; 17 | }); 18 | var __importStar = (this && this.__importStar) || function (mod) { 19 | if (mod && mod.__esModule) return mod; 20 | var result = {}; 21 | if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k); 22 | __setModuleDefault(result, mod); 23 | return result; 24 | }; 25 | var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { 26 | function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } 27 | return new (P || (P = Promise))(function (resolve, reject) { 28 | function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } 29 | function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } 30 | function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } 31 | step((generator = generator.apply(thisArg, _arguments || [])).next()); 32 | }); 33 | }; 34 | Object.defineProperty(exports, "__esModule", { value: true }); 35 | exports.parseSbomFile = exports.map = exports.process = exports.run = exports.SBom = void 0; 36 | const core = __importStar(require("@actions/core")); 37 | const github = __importStar(require("@actions/github")); 38 | const cdx = __importStar(require("@cyclonedx/cyclonedx-library")); 39 | const fs = __importStar(require("fs")); 40 | const snapshot_1 = require("@github/dependency-submission-toolkit/dist/snapshot"); 41 | const dependency_submission_toolkit_1 = require("@github/dependency-submission-toolkit"); 42 | class SBom extends cdx.Models.Bom { 43 | constructor() { 44 | super(); 45 | this.dependencies = []; 46 | } 47 | } 48 | exports.SBom = SBom; 49 | function run() { 50 | return __awaiter(this, void 0, void 0, function* () { 51 | const sbomFiles = core.getMultilineInput('sbom-files'); 52 | if (sbomFiles === null || sbomFiles === void 0 ? void 0 : sbomFiles.length) { 53 | for (const sbomFile of sbomFiles) { 54 | try { 55 | core.debug(`Processing ${sbomFile} ...`); 56 | yield process(sbomFile); 57 | } 58 | catch (error) { 59 | if (error instanceof Error) 60 | core.setFailed(error.message); 61 | } 62 | } 63 | } 64 | else { 65 | core.warning('No SBOM files to process'); 66 | } 67 | }); 68 | } 69 | exports.run = run; 70 | function process(sbomFile) { 71 | return __awaiter(this, void 0, void 0, function* () { 72 | const snapshot = map(parseSbomFile(sbomFile), sbomFile); 73 | try { 74 | yield (0, dependency_submission_toolkit_1.submitSnapshot)(snapshot, github === null || github === void 0 ? void 0 : github.context); 75 | } 76 | catch (error) { 77 | if (error instanceof Error) 78 | core.error(error.message); 79 | throw error; 80 | } 81 | }); 82 | } 83 | exports.process = process; 84 | function map(sbom, sbomFilename) { 85 | var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k; 86 | //const bom: SBom = sbom as SBom 87 | const detectors = Array.from(sbom.metadata.tools.values()).map(tool => { 88 | var _a, _b, _c, _d; 89 | return { 90 | name: (_a = tool.name) !== null && _a !== void 0 ? _a : 'unknown', 91 | version: (_b = tool.version) !== null && _b !== void 0 ? _b : 'unknown', 92 | url: ((_d = (_c = tool.externalReferences) === null || _c === void 0 ? void 0 : _c[0]) === null || _d === void 0 ? void 0 : _d.url) || 'https://' 93 | }; 94 | }); 95 | const detector = (_a = detectors.pop()) !== null && _a !== void 0 ? _a : { name: '', url: '', version: '' }; 96 | let scanned = (_b = sbom.metadata) === null || _b === void 0 ? void 0 : _b.timestamp; 97 | if (typeof sbom.metadata.timestamp === 'string') { 98 | scanned = new Date(sbom.metadata.timestamp); 99 | } 100 | const job = (0, snapshot_1.jobFromContext)(github.context); 101 | job.correlator += sbomFilename; 102 | const snap = new dependency_submission_toolkit_1.Snapshot(detector, github === null || github === void 0 ? void 0 : github.context, job, scanned); 103 | const buildTarget = new dependency_submission_toolkit_1.BuildTarget(sbomFilename || 104 | ((_e = (_d = (_c = sbom.metadata) === null || _c === void 0 ? void 0 : _c.component) === null || _d === void 0 ? void 0 : _d.swid) === null || _e === void 0 ? void 0 : _e.version) || 105 | ((_g = (_f = sbom.metadata) === null || _f === void 0 ? void 0 : _f.component) === null || _g === void 0 ? void 0 : _g.version) || 106 | 'someName'); 107 | snap.addManifest(buildTarget); 108 | const packageCache = new dependency_submission_toolkit_1.PackageCache(); 109 | const deps = dependencyForPackage((_j = (_h = sbom.metadata.component) === null || _h === void 0 ? void 0 : _h.purl) === null || _j === void 0 ? void 0 : _j.toString(), sbom.dependencies); 110 | if (!deps.length && sbom.components) { 111 | // main package url has not defined explicit dependencies in SBOM, add all components 112 | for (const c of sbom.components) { 113 | if (c.purl) 114 | deps.push((_k = c.purl) === null || _k === void 0 ? void 0 : _k.toString()); 115 | } 116 | } 117 | for (const dep of deps) { 118 | const pkg = packageCache.lookupPackage(dep); 119 | pkg 120 | ? buildTarget.addDirectDependency(pkg) 121 | : buildTarget.addDirectDependency(packageCache.package(dep)); 122 | addIndirectDeps(dep, sbom, packageCache, buildTarget); 123 | } 124 | return snap; 125 | } 126 | exports.map = map; 127 | function addIndirectDeps(dep, sbom, packageCache, buildTarget) { 128 | const indirectDeps = dependencyForPackage(dep, sbom.dependencies); 129 | for (const indirectDep of indirectDeps) { 130 | const inpkg = packageCache.lookupPackage(indirectDep); 131 | inpkg 132 | ? buildTarget.addIndirectDependency(inpkg) 133 | : buildTarget.addIndirectDependency(packageCache.package(indirectDep)); 134 | addIndirectDeps(indirectDep, sbom, packageCache, buildTarget); 135 | } 136 | } 137 | /** 138 | * Find dependencies for a package url 139 | * @param purl Package URL 140 | * @param deps Dependencies as listed in SBOM 141 | * @returns List of package URLs, empty if no dependencies 142 | */ 143 | function dependencyForPackage(purl, deps) { 144 | if (!purl) 145 | return []; 146 | const componentDeps = deps === null || deps === void 0 ? void 0 : deps.find(c => c.ref.toString() === purl); 147 | return (componentDeps === null || componentDeps === void 0 ? void 0 : componentDeps.dependsOn) || []; 148 | } 149 | function parseSbomFile(sbomFile) { 150 | return JSON.parse(fs.readFileSync(sbomFile, 'utf8')); 151 | } 152 | exports.parseSbomFile = parseSbomFile; 153 | run(); 154 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "typescript-action", 3 | "version": "0.0.0", 4 | "private": true, 5 | "description": "TypeScript template action", 6 | "main": "lib/main.js", 7 | "scripts": { 8 | "build": "tsc", 9 | "format": "prettier --write '**/*.ts'", 10 | "format-check": "prettier --check '**/*.ts'", 11 | "lint": "eslint src/**/*.ts", 12 | "package": "ncc build --source-map --license licenses.txt", 13 | "debug": "tsc && jest", 14 | "test": "jest", 15 | "all": "npm run build && npm run format && npm run lint && npm run package && npm test" 16 | }, 17 | "repository": { 18 | "type": "git", 19 | "url": "git+https://github.com/actions/typescript-action.git" 20 | }, 21 | "keywords": [ 22 | "actions", 23 | "node", 24 | "setup" 25 | ], 26 | "author": "", 27 | "license": "MIT", 28 | "dependencies": { 29 | "@actions/core": "^1.10.0", 30 | "@actions/github": "^5.1.1", 31 | "@cyclonedx/cyclonedx-library": "^1.9.2", 32 | "@github/dependency-submission-toolkit": "^1.2.8" 33 | }, 34 | "devDependencies": { 35 | "@types/jest": "^27.5.2", 36 | "@types/node": "^16.18.11", 37 | "@typescript-eslint/eslint-plugin": "^5.48.2", 38 | "@typescript-eslint/parser": "^5.48.2", 39 | "@vercel/ncc": "^0.36.0", 40 | "eslint": "^8.32.0", 41 | "eslint-config-prettier": "^8.6.0", 42 | "eslint-plugin-github": "^4.6.0", 43 | "eslint-plugin-jest": "^27.2.1", 44 | "github-action-ts-run-api": "^2.3.0", 45 | "jest": "^27.2.5", 46 | "js-yaml": "^4.1.0", 47 | "prettier": "2.8.3", 48 | "ts-jest": "^27.1.2", 49 | "typescript": "^4.9.4" 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /src/main.ts: -------------------------------------------------------------------------------- 1 | import * as core from '@actions/core' 2 | import * as github from '@actions/github' 3 | import * as cdx from '@cyclonedx/cyclonedx-library' 4 | import * as fs from 'fs' 5 | import { 6 | Detector, 7 | Job, 8 | jobFromContext 9 | } from '@github/dependency-submission-toolkit/dist/snapshot' 10 | import { 11 | PackageCache, 12 | Package, 13 | Snapshot, 14 | submitSnapshot, 15 | BuildTarget 16 | } from '@github/dependency-submission-toolkit' 17 | 18 | export class SBom extends cdx.Models.Bom { 19 | constructor() { 20 | super() 21 | this.dependencies = [] 22 | } 23 | dependencies: Dependency[] 24 | } 25 | 26 | type Dependency = { 27 | ref: string 28 | dependsOn: string[] 29 | } 30 | 31 | export async function run(): Promise { 32 | const sbomFiles: string[] = core.getMultilineInput('sbom-files') 33 | if (sbomFiles?.length) { 34 | for (const sbomFile of sbomFiles) { 35 | try { 36 | core.debug(`Processing ${sbomFile} ...`) 37 | await process(sbomFile) 38 | } catch (error) { 39 | if (error instanceof Error) core.setFailed(error.message) 40 | } 41 | } 42 | } else { 43 | core.warning('No SBOM files to process') 44 | } 45 | } 46 | 47 | export async function process(sbomFile: string): Promise { 48 | const snapshot = map(parseSbomFile(sbomFile), sbomFile) 49 | try { 50 | await submitSnapshot(snapshot, github?.context) 51 | } catch (error) { 52 | if (error instanceof Error) core.error(error.message) 53 | throw error 54 | } 55 | } 56 | 57 | export function map(sbom: SBom, sbomFilename?: string): Snapshot { 58 | //const bom: SBom = sbom as SBom 59 | const detectors = Array.from(sbom.metadata.tools.values()).map(tool => { 60 | return { 61 | name: tool.name ?? 'unknown', 62 | version: tool.version ?? 'unknown', 63 | url: tool.externalReferences?.[0]?.url || 'https://' 64 | } as Detector 65 | }) 66 | const detector = detectors.pop() ?? {name: '', url: '', version: ''} 67 | 68 | let scanned: Date | undefined = sbom.metadata?.timestamp 69 | if (typeof sbom.metadata.timestamp === 'string') { 70 | scanned = new Date(sbom.metadata.timestamp) 71 | } 72 | 73 | const job: Job = jobFromContext(github.context) 74 | job.correlator += sbomFilename 75 | 76 | const snap: Snapshot = new Snapshot(detector, github?.context, job, scanned) 77 | 78 | const buildTarget = new BuildTarget( 79 | sbomFilename || 80 | sbom.metadata?.component?.swid?.version || 81 | sbom.metadata?.component?.version || 82 | 'someName' 83 | ) 84 | snap.addManifest(buildTarget) 85 | 86 | const packageCache: PackageCache = new PackageCache() 87 | const deps = dependencyForPackage( 88 | sbom.metadata.component?.purl?.toString(), 89 | sbom.dependencies 90 | ) 91 | if (!deps.length && sbom.components) { 92 | // main package url has not defined explicit dependencies in SBOM, add all components 93 | for (const c of sbom.components) { 94 | if (c.purl) deps.push(c.purl?.toString()) 95 | } 96 | } 97 | for (const dep of deps) { 98 | const pkg: Package | undefined = packageCache.lookupPackage(dep) 99 | pkg 100 | ? buildTarget.addDirectDependency(pkg) 101 | : buildTarget.addDirectDependency(packageCache.package(dep)) 102 | 103 | addIndirectDeps(dep, sbom, packageCache, buildTarget) 104 | } 105 | 106 | return snap 107 | } 108 | 109 | function addIndirectDeps( 110 | dep: string, 111 | sbom: SBom, 112 | packageCache: PackageCache, 113 | buildTarget: BuildTarget 114 | ): void { 115 | const indirectDeps = dependencyForPackage(dep, sbom.dependencies) 116 | for (const indirectDep of indirectDeps) { 117 | const inpkg: Package | undefined = packageCache.lookupPackage(indirectDep) 118 | inpkg 119 | ? buildTarget.addIndirectDependency(inpkg) 120 | : buildTarget.addIndirectDependency(packageCache.package(indirectDep)) 121 | addIndirectDeps(indirectDep, sbom, packageCache, buildTarget) 122 | } 123 | } 124 | 125 | /** 126 | * Find dependencies for a package url 127 | * @param purl Package URL 128 | * @param deps Dependencies as listed in SBOM 129 | * @returns List of package URLs, empty if no dependencies 130 | */ 131 | function dependencyForPackage( 132 | purl: string | undefined, 133 | deps: Dependency[] 134 | ): string[] { 135 | if (!purl) return [] 136 | const componentDeps = deps?.find(c => c.ref.toString() === purl) 137 | return componentDeps?.dependsOn || [] 138 | } 139 | 140 | export function parseSbomFile(sbomFile: string): SBom { 141 | return JSON.parse(fs.readFileSync(sbomFile, 'utf8')) as SBom 142 | } 143 | 144 | run() 145 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "target": "es6", /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */ 4 | "module": "commonjs", /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */ 5 | "outDir": "./lib", /* Redirect output structure to the directory. */ 6 | "rootDir": "./src", /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */ 7 | "strict": true, /* Enable all strict type-checking options. */ 8 | "noImplicitAny": false, /* Raise error on expressions and declarations with an implied 'any' type. */ 9 | "esModuleInterop": true /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */ 10 | }, 11 | "exclude": [ 12 | "node_modules", 13 | "**/*.test.ts" 14 | ] 15 | } --------------------------------------------------------------------------------