ecosystems-bibliothecary 14.2.0 → 15.0.0

data/.github/CONTRIBUTING.md

@@ -1,195 +0,0 @@
-## Contributing to Libraries.io :heart:
-Thanks for considering contributing. These guidelines outline how to contribute to the [Libraries.io](http://github.com/librariesio) project.
-
-## Table of Contents
-[What is Libraries.io all about?](#whats-librariesio-about)
-
-[Who is Libraries.io for?](#who-is-librariesio-for)
-
-[What should I know Before I get started?](#what-should-i-know-before-i-get-started)
-* [Code of conduct](#code-of-conduct)
-* [Language](#language)
-* [Installation and setup](#setup)
-
-[How can I contribute?](#how-can-i-contribute)
-* [Reporting bugs](#reporting-bugs)
-* [Suggesting enhancements](#suggesting-enhancements)
-* [Suggesting a new feature](#suggesting-new-features)
-* [Your first contribution](#your-first-contribution)
-* [Tackling something meatier](#tackling-something-meatier)
-
-[How can I talk to other contributors?](#how-can-i-talk-to-other-contributors)
-* [Chat](#chat)
-* [Video](#video)
-* [Social media](#twitter)
-
-[Who Are Libraries.io's Users?](#who-are-librariesios-users)
-
-[Our workflow](#workflow)
-
-
-## What's Libraries.io About?
-_Our goal is to raise the quality of all software._
-
-By outlining our [mission and strategy](/strategy.md) we hope to give you more power to make decisions and determine how best to spend your time. Specifically we tackle three distinct problems:
-
-* Discovery: _Helping developers make faster, more informed decisions about the software that they use._
-* Maintainability: _Helping maintainers understand more about the software they depend upon and the consumers of their software._
-* Sustainability: _Supporting undervalued software by highlighting shortfalls in contribution and funneling support to them._
-
-The first of these problems is our foccus for Libraries.io. The other two we are trying to tackle at [Tidelift](https://tidelift.com).
-
-## Who is Libraries.io For?
-Libraries.io currently caters for the needs of three distinct user groups:
-
-* Google: _is hungry for your linked datas so she can serve you up search traffic_
-* Searcher: _is a developer with a problem, she is looking for something to help solve it._
-* Maintainer: _has a project that is used within and/or incorporates open dependencies. She needs to ensure her project(s) are working as expected for users._
-
-These groups have been expanded into [personas](/personas.md) for contributors to reference.
-
-## What Should I Know Before I Get Started?
-
-### Code of Conduct
-Libraries.io is an open and inclusive [community of people](https://github.com/orgs/librariesio/people) working together. We expect contributors to abide by our [contributor code of conduct](CODE_OF_CONDUCT.md) which basically say 'be excellent to each other'. Please report unacceptable behavior to conduct@libraries.io
-
-### Language
-We communicate predominately in English. Contributions to the project should be made with English as the first language. We are happy for members of the community to communicate in a language other than English in chat, email and video but be aware that this might be considered exclusive by other members of the community.
-
-### Documentation
-Documentation for the project as a whole is available at [docs.libraries.io](https://docs.libraries.io). These pages are generated from the [documentation](https://github.com/librariesio/documentation) repo. Documentation that needs to be in every repo is replicated in [required-files](https://github.com/librariesio/required-files) (currently limited to [GitHub templates](https://github.com/blog/2111-issue-and-pull-request-templates)). Otherwise documentation will be specific to that repo. For example the main [Libraries.io](https://github.com/librariesio/libraries.io) `README.md` contains information about installing and running the main rails application.
-
-### Setup
-If you wish to make contributions to Libraries.io then you'll need a local version of the site to test. You can find instructions to install the correct Ruby version, Postgres, and to set up the database in our [README](https://github.com/librariesio/libraries.io/blob/master/README.md#getting-started).
-
-## How Can I Contribute?
-
-### Reporting Bugs
-
-The simplest thing that you can do to help us is by filing good bug reports, so here we go:
-
-#### Before Submitting a Bug Report
-
-* Double-check that the bug is persistent. The site is still in it's infancy and sometimes artifacts may appear and disappear.
-* Double-check the bug hasn't already been reported [on our issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they *should* be labelled `bug` or `bugsnag`.
-
-If something hasn't been raised, you can go ahead and create a new issue using [the template](/issue_template.md). If you'd like to help investigate further or fix the bug just mention it in your issue and check out our [workflow](#workflow).
-
-### Suggesting Enhancements
-
-The next simplest thing you can do to help us is by telling us how we can improve the features we already support, here we go:
-
-#### Before Submitting an Enhancement
-
-* Check that the enhancement is not already [in our issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they should be labelled 'enhancement'.
-
-If there isn't already an issue for feature then go ahead and create a new issue for it using the [template](/issue_template.md). If you'd like to work on the enhancement then just mention it in a comment and check out our [workflow](#workflow).
-
-### Suggesting New Features
-
-If you're into this zone then you need to understand a little more about what we're trying to achieve:
-
-#### Before Suggesting a Feature
-
-* Check that it aligns with [our strategy](strategy.md) and is specifically not in line with something we have said we will not do (for the moment this is anything to do with ranking *people*).
-* Check that the feature is not already [in our issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio), they should be tagged 'feature'.
-
-If you're still thinking about that killer feature that no one else is thinking about then *please* create an issue for it using the [template](/issue_template.md).
-
-### Your First Contribution
-You're in luck! We label issues that are ideal for first time contributors with [`first-pr`](https://github.com/search?l=&q=is%3Aopen+is%3Aissue+org%3Alibrariesio+label%3Afirst-pr&ref=advsearch&type=Issues&utf8=%E2%9C%93). For someone who wants something a little more meaty you might find an issue that needs some assistance with [`help wanted`](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio+label%3A%22help+wanted%22&type=Issues). Next you'll want to read our [workflow](#workflow).
-
-### Tackling Something Meatier
-
-Tickets are labeled by size, skills required and to indicate workflow. Details can be found in our [labelling policy](/labelling.md).
-
-To get you started you might want to check out issues concerning [documentation](https://github.com/librariesio/documentation/issues/), [user experience](https://github.com/librariesio/libraries.io/labels/ux), [visual design](https://github.com/librariesio/libraries.io/issues/labels/visual%20design) or perhaps something already [awaiting help](https://github.com/librariesio/libraries.io/labels/help%20wanted). You may find the following useful:
-
-* Our [strategy](/strategy.md) which outlines what our goals are, how we are going to achieve those goals and what we are specifically going to avoid.
-* An [overview](/overview.md) of the components that make up the Libraries.io project and run the [https://libraries.io](https://libraries.io) site.
-
-## How Can I Talk To Other Contributors?
-
-### Chat
-We use [Slack](http://slack.io) for chat. There's an open invitation available to anyone who wishes to join the conversation at [http://slack.libraries.io](http://slack.libraries.io).
-
-We try to use the following channels accordingly:
-
-* `#general` channel is used for general, water cooler-type conversation, contributor updates and issue discussion.
-* `#events` is used to share and discuss events that may be of interest to or attended by members of the community
-* `#activity` contains notifications from the various platforms that we use to keep the Libraries.io project turning. Including notifications from GitHub, Twitter and our servers.
-
-Members are encouraged to openly discuss their work, their lives, share views and ask for help using chat. It should be considered a *safe space* in which there is *no such thing as a stupid question*. Conversely no one contributor should ever be expected to have read something said in a chat. If someone should know something then it should be written down as an issue and/or documented in an obvious place for others to find.  
-
-### Video
-[Google Hangouts](http://hangouts.google.com) is our preferred tool for video chat. We operate an [open hangout](http://bit.ly/2kWtYak) for anyone to jump into at any time to discuss issues face to face.
-
-### Regular updates
-Contributors are encouraged to share what they're working on. We do this through daily or weekly updates in the `#general` channel on Slack. Updates should take the format 'currently working on X, expecting to move onto Y, blocked on Z' where x, y and z are issues in our [issue tracker](https://github.com/search?utf8=%E2%9C%93&q=is%3Aopen+is%3Aissue+org%3Alibrariesio).
-
-Additionally we host an [open hangout](http://bit.ly/2kWtYak) for any contributor to join at *5pm BST/GMT on a Tuesday* to discuss their work, the next week's priorities and to ask questions of other contributors regarding any aspect of the project. Again this is considered a *safe space* in which *there is no such thing as a stupid question*.
-
-### Mail
-The [core team](https://github.com/orgs/librariesio/teams/core) operate a mailing list for project updates. If you'd like to subscribe you'll find a form in the footer on [Libraries.io](http://libraries.io).
-
-### Twitter
-We have an account on Twitter at [@librariesio](http://twitter.com/librariesio). This is predominately used to retweet news, events and musings by contributors rather than as a direct method of communication. Contributors are encouraged to use @librariesio in a tweet when talking about the project, so that we may retweet if appropriate. The account is moderated and protected by the [core team](https://github.com/orgs/librariesio/teams/core).
-
-### Facebook
-We have a Facebook page at [@libraries.io](https://www.facebook.com/libraries.io). Again this is predominantly used to gather and reflect news, events and musings by contributors rather than as a direct method of communication. Contributors are encouraged to reference Libraries.io in a post when talking about the project, so that we may reflect this if appropriate. Again the account is moderated and protected by the [core team](https://github.com/orgs/librariesio/teams/core).
-
-### Medium
-We have a Medium account at [@librariesio](https://medium.com/@librariesio) and once again it is used to reflect news, events and musings by contributors rather than a direct method of communication. Contributors are encouraged to reference @librariesio in a post when talking about the project, so that we may recommend it if appropriate. Again the account is moderated and protected by the [core team](https://github.com/orgs/librariesio/teams/core).
-
-## Who Are Libraries.io's Users?
-Libraries.io focusses on the following personas:
-
-### Google
-_Is hungry for linked data so she can serve you up search traffic_
-
-### 'Searcher'
-_Is a developer with a problem, she is looking for something to help solve it._
-
-### 'Extender'
-_Has her own ideas. She wants access to the raw data so that she can mash up her own service and offer it to the world._
-
-## Workflow
-In general we use [GitHub](https://help.github.com/) and [Git](https://git-scm.com/docs/gittutorial) to support our workflow. If you are unfamiliar with those tools then you should check them out until you feel you have a basic understanding of GitHub and a working understanding of Git. Specifically you should understand how forking, branching, committing, PRing and merging works.
-
-#### Forking
-We prefer that contributors fork the project in order to contribute.
-
-#### Branching
-We *try* to use principles of [GitHub-flow](https://lucamezzalira.com/2014/03/10/git-flow-vs-github-flow/) in our branching model. That is the `master` branch will always be deployable to the live site, and that every branch from that will be used to add a feature, fix a bug, improve something or otherwise represent an atomic unit of work.
-
-#### Ticketing
-We *try* to create an issue for everything. That is any bug, feature or enhancement that is worth an open, focussed and documented discussion.
-
-#### Labelling
-We constrain labels as they are a key part of our workflow. Tickets will be labeled according to our [labelling policy](/labelling.md).
-
-#### Templates
-We use templates to guide contributors toward good practice in [filing bugs, requesting enhancements and features](/issue_template.md) and in [issuing pull-requests](/pull_request_template.md).
-
-#### Commenting
-If it is possible to comment your contribution — for instance if you are contributing code — then do so in a way that is simple, clear, concise and lowers the level of understanding necessary for others to comprehend what comes afterward. If you are contributing code it is very likely it will be rejected if it does not contain sufficient comments.
-
-#### Committing
-When committing to a branch be sure to use plain, simple language that describes the incremental changes made on the branch toward the overall goal. Avoid unnecessary complexity. Simplify whenever possible. Assume a reasonable but not comprehensive knowledge of the tools, techniques and context of your work.
-
-#### Testing
-When adding or fixing functionality, tests should be added to help reduce future regressions and breakage. All tests are ran automatically when new commits are pushed to a branch. Pull requests with broken/missing tests are not likely to be merged.
-
-#### Submitting for Review
-Once a piece of work (in a branch) is complete it should be readied for review. This is your last chance to ensure that your contribution is [properly tested](#testing). If you are contributing code it is likely your contribution will be rejected if it would lower the test-coverage. Once this is done you can submit a pull-request following the [template](/pull_request_template.md).
-
-It is likely that your contributions will need to be checked by at least one member of the [core team](https://github.com/orgs/librariesio/teams/core) prior to merging. It is also incredibly likely that your contribution may need some re-work in order to be accepted. Particularly if it lacks an appropriate level of comments, tests or it is difficult to understand your commits. Please do not take offense if this is the case. We understand that contributors give their time because they want to improve the project but please understand it is another's responsibility to ensure that the project is maintainable, and good practices like these are key to ensuring that is possible.
-
-#### Reviewing a PR
-We appreciate that it may be difficult to offer constructive criticism, but it is a necessary part of ensuring the project is maintainable and successful. If it is difficult to understand something, request it is better documented and/or commented. If you do not feel assured of the robustness of a contribution, request it is better tested. If it is unclear what the goal of the piece of work is and how it relates to the [strategy](/strategy.md), request a clarification in the corresponding issue. If a pull-request has no corresponding issue, decreases test coverage or otherwise decreases the quality of the project. Reject it. Otherwise, merge it.
-
-#### Merging
-As we keep the `master` branch in a permanent state of 'deployment ready' once-merged your contribution will be live on the next deployment.
-
-#### Deploying
-Any member of the [deployers](https://github.com/orgs/librariesio/teams/deployers) team are able to redeploy the site. If you require a deployment then you might find one of them in our `#general` [chat channel on Slack](slack.libraries.io).

data/.github/workflows/ci.yml

@@ -1,25 +0,0 @@
-name: Bibliothecary CI
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    branches: [ main ]
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v4
-
-    - name: Set up Ruby
-      uses: ruby/setup-ruby@v1
-      with:
-        ruby-version: 4.0.0
-
-    - name: Install dependencies
-      run: bundle install
-
-    - name: Run tests
-      run: bundle exec rake

data/.gitignore

@@ -1,10 +0,0 @@
-/.bundle/
-/.yardoc
-/Gemfile.lock
-/_yardoc/
-/coverage/
-/doc/
-/pkg/
-/spec/reports/
-/tmp/
-*.gem

data/.rspec

@@ -1,2 +0,0 @@
---format documentation
---color

data/.rubocop.yml

@@ -1,69 +0,0 @@
----
-
-# Without this, CI might pickup nested dep's rubocop files in vendor/
-inherit_mode:
-  merge:
-    - Exclude
-
-AllCops:
-  NewCops: enable
-  TargetRubyVersion: 4.0
-  Exclude:
-    - spec/fixtures/**/*
-    - vendor/bundle/**/* # This is actually needed for CI, not for biblio itself
-
-
-Metrics/BlockLength:
-  Max: 100
-  Exclude:
-    - config/routes.rb
-    - config/initializers/*
-    - spec/**/*_spec.rb
-    - spec/factories.rb
-    - lib/tasks/*.rake
-
-# metrics and documentation. code is complex as it needs to be,
-# and docs shouldn't be required. add them when needed.
-Metrics/AbcSize:
-  Enabled: false
-Layout/LineLength:
-  Enabled: false
-Metrics/ClassLength:
-  Enabled: false
-Metrics/MethodLength:
-  Enabled: false
-Metrics/ModuleLength:
-  Enabled: false
-Metrics/CyclomaticComplexity:
-  Enabled: false
-Metrics/PerceivedComplexity:
-  Enabled: false
-Metrics/ParameterLists:
-  Max: 7
-  CountKeywordArgs: false
-Style/Documentation:
-  Enabled: false
-
-# differences from standard ruby style guide.
-Style/RegexpLiteral:
-  Enabled: false
-Style/StringLiterals:
-  EnforcedStyle: double_quotes
-Style/TrailingCommaInArrayLiteral:
-  EnforcedStyleForMultiline: comma
-Style/TrailingCommaInHashLiteral:
-  EnforcedStyleForMultiline: comma
-Layout/FirstArrayElementIndentation:
-  Enabled: false
-Layout/MultilineMethodCallIndentation:
-  EnforcedStyle: indented
-Style/NumericPredicate:
-  Enabled: false
-Style/FormatStringToken:
-  Enabled: false
-Style/MultilineBlockChain:
-  Enabled: false
-Style/IfUnlessModifier:
-  Enabled: false
-Layout/BlockAlignment:
-  EnforcedStyleAlignWith: start_of_block

data/.ruby-version

@@ -1 +0,0 @@
-4.0.0

data/.tidelift

@@ -1 +0,0 @@
-TIDELIFT_EXCLUDED_MANIFESTS=spec/fixtures

data/CODE_OF_CONDUCT.md

@@ -1,74 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
-our community a harassment-free experience for everyone, regardless of age, body
-size, disability, ethnicity, gender identity and expression, level of experience,
-nationality, personal appearance, race, religion, or sexual identity and
-orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment
-include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or
-advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic
-  address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
-response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or
-reject comments, commits, code, wiki edits, issues, and other contributions
-that are not aligned to this Code of Conduct, or to ban temporarily or
-permanently any contributor for other behaviors that they deem inappropriate,
-threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces
-when an individual is representing the project or its community. Examples of
-representing a project or community include using an official project e-mail
-address, posting via an official social media account, or acting as an appointed
-representative at an online or offline event. Representation of a project may be
-further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported by contacting the project team at andrew@libraries.io. All
-complaints will be reviewed and investigated and will result in a response that
-is deemed necessary and appropriate to the circumstances. The project team is
-obligated to maintain confidentiality with regard to the reporter of an incident.
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good
-faith may face temporary or permanent repercussions as determined by other
-members of the project's leadership.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
-available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

data/Gemfile

@@ -1,34 +0,0 @@
-# frozen_string_literal: true
-
-source "https://rubygems.org"
-
-# Temporarily pegging to HEAD until 0.2.1 is released: https://github.com/piotrmurach/strings-ansi/pull/2
-gem "strings-ansi", ref: "35d0c9430cf0a8022dc12bdab005bce296cb9f00", github: "piotrmurach/strings-ansi"
-
-# Ruby 3.4+ no longer includes these as default gems
-gem "base64"
-gem "bigdecimal"
-gem "csv"
-gem "logger"
-gem "ostruct"
-
-# Specify your gem's dependencies in bibliothecary.gemspec
-gemspec
-
-group :development do
-  gem "pry"
-end
-
-group :development, :test do
-  gem "rake", "~> 13.0"
-  gem "rubocop", "~> 1.71"
-  gem "rubocop-rails"
-  gem "rubocop-rake" # This is needed by packageurl-ruby, until it reclassifies it as a dev dependency.
-end
-
-group :test do
-  gem "rspec", "~> 3.0"
-  gem "simplecov"
-  gem "super_diff", "~> 0.18.0"
-  gem "webmock"
-end

data/Rakefile

@@ -1,18 +0,0 @@
-# frozen_string_literal: true
-
-require "bundler/gem_tasks"
-require "rspec/core/rake_task"
-
-RSpec::Core::RakeTask.new(:spec)
-
-task default: :spec
-
-desc "Run the linter"
-task :lint do
-  sh "bundle exec rubocop -P"
-end
-
-desc "Run the linter with autofix"
-task :fix do
-  sh "bundle exec rubocop -A"
-end

data/bin/console

@@ -1,15 +0,0 @@
-#!/usr/bin/env ruby
-# frozen_string_literal: true
-
-require "bundler/setup"
-require "bibliothecary"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# (If you use this, don't forget to add pry to your Gemfile!)
-# require "pry"
-# Pry.start
-
-require "pry"
-Pry.start

data/bin/setup

@@ -1,8 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-IFS=$'\n\t'
-set -vx
-
-bundle install
-
-# Do any other automated setup that you need to do here

data/lib/bibliothecary/multi_parsers/bundler_like_manifest.rb

@@ -1,26 +0,0 @@
-# frozen_string_literal: true
-
-module Bibliothecary
-  module MultiParsers
-    module BundlerLikeManifest
-      # this takes parsed Bundler and Bundler-like (CocoaPods)
-      # manifests and turns them into a list of dependencies.
-      def parse_ruby_manifest(manifest, platform, source = nil)
-        manifest.dependencies.inject([]) do |deps, dep|
-          deps.push(Dependency.new(
-                      platform: platform,
-                      name: dep.name,
-                      requirement: dep
-                        .requirement
-                        .requirements
-                        .sort_by(&:last)
-                        .map { |op, version| "#{op} #{version}" }
-                        .join(", "),
-                      type: dep.type.to_s,
-                      source: source
-                    ))
-        end.uniq
-      end
-    end
-  end
-end

data/lib/bibliothecary/multi_parsers/cyclonedx.rb

@@ -1,170 +0,0 @@
-# frozen_string_literal: true
-
-require "json"
-require "ox"
-
-# packageurl-ruby uses pattern-matching (https://docs.ruby-lang.org/en/2.7.0/NEWS.html#label-Pattern+matching)
-# which warns a whole bunch in Ruby 2.7 as being an experimental feature, but has
-# been accepted in Ruby 3.0 (https://rubyreferences.github.io/rubychanges/3.0.html#pattern-matching).
-Warning[:experimental] = false
-require "package_url"
-Warning[:experimental] = true
-
-module Bibliothecary
-  module MultiParsers
-    module CycloneDX
-      include Bibliothecary::Analyser
-      include Bibliothecary::Analyser::TryCache
-
-      NoComponents = Class.new(StandardError)
-
-      class ManifestEntries
-        # If a purl type (key) exists, it will be used in a manifest for
-        # the key's value. If not, it's ignored.
-        #
-        # https://github.com/package-url/purl-spec/blob/master/PURL-TYPES.rst
-        PURL_TYPE_MAPPING = {
-          "brew" => :homebrew,
-          "cargo" => :cargo,
-          "carthage" => :carthage, 
-          "clojars" => :clojars,
-          "cocoapods" => :cocoapods,
-          "composer" => :packagist,
-          "conda" => :conda,
-          "cpan" => :cpan,
-          "cran" => :cran,
-          "docker" => :docker,
-          "dub" => :dub,
-          "elm" => :elm,
-          "gem" => :rubygems,
-          "golang" => :go,
-          "hackage" => :hackage,
-          "haxe" => :haxelib,
-          "hex" => :hex,
-          "julia" => :julia,
-          "maven" => :maven,
-          "meteor" => :meteor,
-          "npm" => :npm,
-          "nuget" => :nuget,
-          "pub" => :pub,
-          "pypi" => :pypi,
-          "swift" => :swift_pm,          
-        }
-
-        attr_reader :manifests
-
-        def initialize(parse_queue:)
-          @manifests = {}
-
-          # Instead of recursing, we'll work through a queue of components
-          # to process, letting the different parser add components to the
-          # queue however they need to  pull them from the source document.
-          @parse_queue = parse_queue.dup
-        end
-
-        def add(purl, source = nil)
-          mapping = PurlUtil::PURL_TYPE_MAPPING[purl.type]
-          return unless mapping
-
-          @manifests[mapping] ||= Set.new
-          @manifests[mapping] << Dependency.new(
-            name: PurlUtil.full_name(purl),
-            requirement: purl.version,
-            platform: mapping.to_s,
-            type: "lockfile",
-            source: source
-          )
-        end
-
-        # Iterates over each manifest entry in the parse_queue, and accepts a block which will
-        # be called on each component. The block has two jobs: 1) add more sub-components
-        # to parse (if they exist), and 2) return the components purl.
-        def parse!(source = nil, &block)
-          until @parse_queue.empty?
-            component = @parse_queue.shift
-
-            purl_text = block.call(component, @parse_queue)
-
-            next unless purl_text
-
-            purl = PackageURL.parse(purl_text)
-
-            add(purl, source)
-          end
-        end
-
-        def [](key)
-          @manifests[key]&.to_a
-        end
-      end
-
-      def self.mapping
-        {
-          match_filename("cyclonedx.json") => {
-            kind: "lockfile",
-            parser: :parse_cyclonedx_json,
-            ungroupable: true,
-          },
-          match_extension("cdx.json") => {
-            kind: "lockfile",
-            parser: :parse_cyclonedx_json,
-            ungroupable: true,
-          },
-          match_filename("cyclonedx.xml") => {
-            kind: "lockfile",
-            parser: :parse_cyclonedx_xml,
-            ungroupable: true,
-          },
-          match_extension(".cdx.xml") => {
-            kind: "lockfile",
-            parser: :parse_cyclonedx_xml,
-            ungroupable: true,
-          },
-        }
-      end
-
-      def parse_cyclonedx_json(file_contents, options: {})
-        manifest = try_cache(options, options[:filename]) do
-          JSON.parse(file_contents)
-        end
-
-        raise NoComponents unless manifest["components"]
-
-        entries = ManifestEntries.new(parse_queue: manifest["components"])
-
-        entries.parse!(options.fetch(:filename, nil)) do |component, parse_queue|
-          parse_queue.concat(component["components"]) if component["components"]
-
-          component["purl"]
-        end
-
-        ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
-      end
-
-      def parse_cyclonedx_xml(file_contents, options: {})
-        manifest = try_cache(options, options[:filename]) do
-          Ox.parse(file_contents)
-        end
-
-        root = manifest
-        if root.respond_to?(:bom)
-          root = root.bom
-        end
-
-        raise NoComponents unless root.locate("components").first
-
-        entries = ManifestEntries.new(parse_queue: root.locate("components/*"))
-
-        entries.parse!(options.fetch(:filename, nil)) do |component, parse_queue|
-          # #locate returns an empty array if nothing is found, so we can
-          # always safely concatenate it to the parse queue.
-          parse_queue.concat(component.locate("components/*"))
-
-          component.locate("purl").first&.text
-        end
-
-        ParserResult.new(dependencies: entries[platform_name.to_sym] || [])
-      end
-    end
-  end
-end