@cyclonedx/cdxgen 10.0.2 → 10.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +3 -3
- package/utils.js +4 -1
- package/utils.test.js +12 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "10.0.
|
|
3
|
+
"version": "10.0.3",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
|
@@ -65,7 +65,7 @@
|
|
|
65
65
|
"find-up": "7.0.0",
|
|
66
66
|
"glob": "^10.3.10",
|
|
67
67
|
"global-agent": "^3.0.0",
|
|
68
|
-
"got": "14.
|
|
68
|
+
"got": "14.1.0",
|
|
69
69
|
"iconv-lite": "^0.6.3",
|
|
70
70
|
"js-yaml": "^4.1.0",
|
|
71
71
|
"jws": "^4.0.0",
|
|
@@ -82,7 +82,7 @@
|
|
|
82
82
|
"yargs": "^17.7.2"
|
|
83
83
|
},
|
|
84
84
|
"optionalDependencies": {
|
|
85
|
-
"@appthreat/atom": "2.0.
|
|
85
|
+
"@appthreat/atom": "2.0.7",
|
|
86
86
|
"@appthreat/cdx-proto": "^0.0.4",
|
|
87
87
|
"@cyclonedx/cdxgen-plugins-bin": "^1.5.8",
|
|
88
88
|
"@cyclonedx/cdxgen-plugins-bin-windows-amd64": "^1.5.8",
|
package/utils.js
CHANGED
|
@@ -1185,8 +1185,11 @@ export const parseYarnLock = async function (yarnLockFile) {
|
|
|
1185
1185
|
}
|
|
1186
1186
|
// checksum used by yarn 2/3 is hex encoded
|
|
1187
1187
|
if (l.startsWith("checksum")) {
|
|
1188
|
+
// in some cases yarn 4 will add a prefix to the checksum, containing the cachekey and compression level
|
|
1189
|
+
// example: 10c0/53c2b231a61a46792b39a0d43bc4f4f77...
|
|
1190
|
+
const checksum = parts[1].split("/").pop();
|
|
1188
1191
|
integrity =
|
|
1189
|
-
"sha512-" + Buffer.from(
|
|
1192
|
+
"sha512-" + Buffer.from(checksum, "hex").toString("base64");
|
|
1190
1193
|
}
|
|
1191
1194
|
if (l.startsWith("resolved")) {
|
|
1192
1195
|
const tmpB = parts[1].split("#");
|
package/utils.test.js
CHANGED
|
@@ -2399,6 +2399,18 @@ test("parseYarnLock", async () => {
|
|
|
2399
2399
|
expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
|
|
2400
2400
|
"pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
|
|
2401
2401
|
);
|
|
2402
|
+
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv4.1.lock");
|
|
2403
|
+
expect(parsedList.pkgList.length).toEqual(861);
|
|
2404
|
+
expect(parsedList.dependenciesList.length).toEqual(858);
|
|
2405
|
+
expect(parsedList.pkgList[0].purl).toEqual(
|
|
2406
|
+
"pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
|
|
2407
|
+
);
|
|
2408
|
+
expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
|
|
2409
|
+
"pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
|
|
2410
|
+
);
|
|
2411
|
+
expect(parsedList.pkgList[0]._integrity).toEqual(
|
|
2412
|
+
"sha512-U8KyMaYaRnkrOaDUO8T093a7RUKqV+4EkwZ2gC5VASgsL8iqwU5M0fESD/i1Jha2/1q1Oa0wqiJ31yZES3Fhnw=="
|
|
2413
|
+
);
|
|
2402
2414
|
});
|
|
2403
2415
|
|
|
2404
2416
|
test("parseComposerLock", () => {
|