@cyclonedx/cdxgen 10.1.0 → 10.1.2

package/README.md

@@ -540,11 +540,18 @@ Refer to the [permissions document](./docs/PERMISSIONS.md)
 Follow the usual PR process, but before raising a PR, run the following commands.
 
 ```bash
+# Generate types using jsdoc syntax
+npm run gen-types
+# Run eslint with auto fix
 npm run lint
+# Run prettier
 npm run pretty
+# Run jest tests
 npm test
 ```
 
+If you are completely new to contributing to open-source projects, then look for [issues](https://github.com/CycloneDX/cdxgen/issues) with the labels "good first issue" or "help wanted".
+
 ## Enterprise support
 
 Enterprise support, including custom development and integration services, is available via [AppThreat Ltd](https://www.appthreat.com). Free community support is also available via [Discord](https://discord.gg/tmmtjCEHNV).

package/analyzer.js

@@ -1,9 +1,8 @@
 import { parse } from "@babel/parser";
 import traverse from "@babel/traverse";
-import { join } from "node:path";
 import process from "node:process";
-import { readdirSync, lstatSync, readFileSync } from "node:fs";
-import { basename, resolve, isAbsolute, relative } from "node:path";
+import { lstatSync, readFileSync, readdirSync } from "node:fs";
+import { basename, isAbsolute, join, relative, resolve } from "node:path";
 
 const IGNORE_DIRS = process.env.ASTGEN_IGNORE_DIRS
   ? process.env.ASTGEN_IGNORE_DIRS.split(",")
@@ -190,21 +189,25 @@ const fileToParseableCode = (file) => {
   let code = readFileSync(file, "utf-8");
   if (file.endsWith(".vue") || file.endsWith(".svelte")) {
     code = code
-      .replace(vueCommentRegex, function (match) {
-        return match.replaceAll(/\S/g, " ");
-      })
-      .replace(vueCleaningRegex, function (match) {
-        return match.replaceAll(/\S/g, " ").substring(1) + ";";
-      })
-      .replace(vueBindRegex, function (match, grA, grB, grC) {
-        return grA.replaceAll(/\S/g, " ") + grB + grC.replaceAll(/\S/g, " ");
-      })
-      .replace(vuePropRegex, function (match, grA, grB) {
-        return " " + grA.replace(/[.:@]/g, " ") + grB;
-      })
-      .replace(vueTemplateRegex, function (match, grA, grB, grC) {
-        return grA + grB.replaceAll("{{", "{ ").replaceAll("}}", " }") + grC;
-      });
+      .replace(vueCommentRegex, (match) => match.replaceAll(/\S/g, " "))
+      .replace(
+        vueCleaningRegex,
+        (match) => match.replaceAll(/\S/g, " ").substring(1) + ";"
+      )
+      .replace(
+        vueBindRegex,
+        (match, grA, grB, grC) =>
+          grA.replaceAll(/\S/g, " ") + grB + grC.replaceAll(/\S/g, " ")
+      )
+      .replace(
+        vuePropRegex,
+        (match, grA, grB) => " " + grA.replace(/[.:@]/g, " ") + grB
+      )
+      .replace(
+        vueTemplateRegex,
+        (match, grA, grB, grC) =>
+          grA + grB.replaceAll("{{", "{ ").replaceAll("}}", " }") + grC
+      );
   }
   return code;
 };

package/bin/cdxgen.js

@@ -7,16 +7,16 @@ import { tmpdir } from "node:os";
 import { basename, dirname, join, resolve } from "node:path";
 import jws from "jws";
 import crypto from "node:crypto";
-import { fileURLToPath, URL } from "node:url";
+import { URL, fileURLToPath } from "node:url";
 import globalAgent from "global-agent";
 import process from "node:process";
 import {
   printCallStack,
+  printDependencyTree,
   printOccurrences,
-  printServices,
   printReachables,
-  printTable,
-  printDependencyTree
+  printServices,
+  printTable
 } from "../display.js";
 import { findUpSync } from "find-up";
 import { load as _load } from "js-yaml";

package/bin/evinse.js

@@ -10,8 +10,8 @@ import { validateBom } from "../validator.js";
 import {
   printCallStack,
   printOccurrences,
-  printServices,
-  printReachables
+  printReachables,
+  printServices
 } from "../display.js";
 import { ATOM_DB } from "../utils.js";
 import { findUpSync } from "find-up";

package/bin/repl.js

@@ -11,11 +11,11 @@ import { createBom } from "../index.js";
 import { validateBom } from "../validator.js";
 import {
   printCallStack,
-  printOccurrences,
-  printOSTable,
-  printTable,
   printDependencyTree,
-  printServices
+  printOSTable,
+  printOccurrences,
+  printServices,
+  printTable
 } from "../display.js";
 
 const options = {

package/bin/verify.js

@@ -5,7 +5,7 @@ import { hideBin } from "yargs/helpers";
 import fs from "node:fs";
 import jws from "jws";
 import process from "node:process";
-import { fileURLToPath, URL } from "node:url";
+import { URL, fileURLToPath } from "node:url";
 import { dirname, join } from "node:path";
 
 let url = import.meta.url;

package/binary.js

@@ -1,4 +1,4 @@
-import { platform as _platform, arch as _arch, tmpdir, homedir } from "node:os";
+import { arch as _arch, platform as _platform, homedir, tmpdir } from "node:os";
 import process from "node:process";
 import { Buffer } from "node:buffer";
 import {
@@ -8,12 +8,12 @@ import {
   readFileSync,
   rmSync
 } from "node:fs";
-import { join, dirname, basename } from "node:path";
+import { basename, dirname, join } from "node:path";
 import { spawnSync } from "node:child_process";
 import { PackageURL } from "packageurl-js";
 import { DEBUG_MODE, TIMEOUT_MS, findLicenseId } from "./utils.js";
 
-import { fileURLToPath, URL } from "node:url";
+import { URL, fileURLToPath } from "node:url";
 
 let url = import.meta.url;
 if (!url.startsWith("file://")) {

package/db.js

@@ -1,5 +1,5 @@
 import path from "node:path";
-import { Sequelize, DataTypes, Model } from "sequelize";
+import { DataTypes, Model, Sequelize } from "sequelize";
 import SQLite from "sqlite3";
 
 class Namespaces extends Model {}

package/docker.js

@@ -5,21 +5,21 @@ import stream from "node:stream/promises";
 import process from "node:process";
 import { Buffer } from "node:buffer";
 import {
+  createReadStream,
   existsSync,
-  readdirSync,
-  statSync,
   lstatSync,
-  readFileSync,
-  createReadStream,
-  mkdtempSync,
   mkdirSync,
-  rmSync
+  mkdtempSync,
+  readFileSync,
+  readdirSync,
+  rmSync,
+  statSync
 } from "node:fs";
 import { join } from "node:path";
 import {
+  platform as _platform,
   userInfo as _userInfo,
   homedir,
-  platform as _platform,
   tmpdir
 } from "node:os";
 import { x } from "tar";
@@ -1196,7 +1196,7 @@ export const addSkippedSrcFiles = (skippedImageSrcs, components) => {
     for (const co of components) {
       const srcFileValues = [];
       let srcImageValue;
-      co.properties.forEach(function (property) {
+      co.properties.forEach((property) => {
         if (property.name === "oci:SrcImage") {
           srcImageValue = property.value;
         }

package/docker.test.js

@@ -1,13 +1,13 @@
 import {
+  addSkippedSrcFiles,
+  exportImage,
   getConnection,
-  parseImageName,
   getImage,
-  removeImage,
-  exportImage,
   isWin,
-  addSkippedSrcFiles
+  parseImageName,
+  removeImage
 } from "./docker.js";
-import { expect, test, describe, beforeEach } from "@jest/globals";
+import { beforeEach, describe, expect, test } from "@jest/globals";
 
 test("docker connection", async () => {
   if (!(isWin && process.env.CI === "true")) {

package/envcontext.js

@@ -1,15 +1,15 @@
 import { spawnSync } from "node:child_process";
 import {
-  isWin,
-  PYTHON_CMD,
-  JAVA_CMD,
+  CARGO_CMD,
   DOTNET_CMD,
-  NODE_CMD,
-  NPM_CMD,
   GCC_CMD,
   GO_CMD,
+  JAVA_CMD,
+  NODE_CMD,
+  NPM_CMD,
+  PYTHON_CMD,
   RUSTC_CMD,
-  CARGO_CMD
+  isWin
 } from "./utils.js";
 import process from "node:process";
 import { Buffer } from "node:buffer";

package/envcontext.test.js

@@ -1,16 +1,16 @@
 import { expect, test } from "@jest/globals";
 
 import {
-  getBranch,
-  getOriginUrl,
-  listFiles,
-  collectJavaInfo,
   collectDotnetInfo,
-  collectPythonInfo,
-  collectNodeInfo,
   collectGccInfo,
+  collectGoInfo,
+  collectJavaInfo,
+  collectNodeInfo,
+  collectPythonInfo,
   collectRustInfo,
-  collectGoInfo
+  getBranch,
+  getOriginUrl,
+  listFiles
 } from "./envcontext.js";
 
 test("git tests", () => {

package/evinser.js

@@ -1,11 +1,11 @@
 import {
+  DEBUG_MODE,
+  collectGradleDependencies,
+  collectMvnDependencies,
   executeAtom,
   getAllFiles,
   getGradleCommand,
-  getMavenCommand,
-  collectGradleDependencies,
-  collectMvnDependencies,
-  DEBUG_MODE
+  getMavenCommand
 } from "./utils.js";
 import { tmpdir } from "node:os";
 import path from "node:path";
@@ -20,7 +20,7 @@ const typePurlsCache = {};
 /**
  * Function to create the db for the libraries referred in the sbom.
  *
- * @param {object} Command line options
+ * @param {Object} Command line options
  */
 export const prepareDB = async (options) => {
   if (!options.dbPath.includes("memory") && !fs.existsSync(options.dbPath)) {
@@ -318,8 +318,8 @@ export const initFromSbom = (components, language) => {
 /**
  * Function to analyze the project
  *
- * @param {object} dbObjMap DB and model instances
- * @param {object} Command line options
+ * @param {Object} dbObjMap DB and model instances
+ * @param {Object} Command line options
  */
 export const analyzeProject = async (dbObjMap, options) => {
   const dirPath = options._[0] || ".";
@@ -479,11 +479,11 @@ export const parseObjectSlices = async (
  * https://github.com/AppThreat/atom/blob/main/specification/docs/slices.md#use
  *
  * @param {string} language Application language
- * @param {object} userDefinedTypesMap User Defined types in the application
- * @param {array} usages Usages array for each objectSlice
- * @param {object} dbObjMap DB Models
- * @param {object} purlLocationMap Object to track locations where purls are used
- * @param {object} purlImportsMap Object to track package urls and their import aliases
+ * @param {Object} userDefinedTypesMap User Defined types in the application
+ * @param {Array} usages Usages array for each objectSlice
+ * @param {Object} dbObjMap DB Models
+ * @param {Object} purlLocationMap Object to track locations where purls are used
+ * @param {Object} purlImportsMap Object to track package urls and their import aliases
  * @returns
  */
 export const parseSliceUsages = async (
@@ -764,8 +764,8 @@ export const isFilterableType = (
  * Method to detect services from annotation objects in the usage slice
  *
  * @param {string} language Application language
- * @param {array} usages Usages array for each objectSlice
- * @param {object} servicesMap Existing service map
+ * @param {Array} usages Usages array for each objectSlice
+ * @param {Object} servicesMap Existing service map
  */
 export const detectServicesFromUsages = (language, slice, servicesMap = {}) => {
   const usages = slice.usages;
@@ -830,8 +830,8 @@ export const detectServicesFromUsages = (language, slice, servicesMap = {}) => {
  * Method to detect services from user defined types in the usage slice
  *
  * @param {string} language Application language
- * @param {array} userDefinedTypes User defined types
- * @param {object} servicesMap Existing service map
+ * @param {Array} userDefinedTypes User defined types
+ * @param {Object} servicesMap Existing service map
  */
 export const detectServicesFromUDT = (
   language,
@@ -962,8 +962,8 @@ export const extractEndpoints = (language, code) => {
 /**
  * Method to create the SBOM with evidence file called evinse file.
  *
- * @param {object} sliceArtefacts Various artefacts from the slice operation
- * @param {object} options Command line options
+ * @param {Object} sliceArtefacts Various artefacts from the slice operation
+ * @param {Object} options Command line options
  * @returns
  */
 export const createEvinseFile = (sliceArtefacts, options) => {
@@ -1085,11 +1085,11 @@ export const createEvinseFile = (sliceArtefacts, options) => {
  * Implemented based on the logic proposed here - https://github.com/AppThreat/atom/blob/main/specification/docs/slices.md#data-flow-slice
  *
  * @param {string} language Application language
- * @param {object} userDefinedTypesMap User Defined types in the application
- * @param {object} dataFlowSlice Data flow slice object from atom
- * @param {object} dbObjMap DB models
- * @param {object} purlLocationMap Object to track locations where purls are used
- * @param {object} purlImportsMap Object to track package urls and their import aliases
+ * @param {Object} userDefinedTypesMap User Defined types in the application
+ * @param {Object} dataFlowSlice Data flow slice object from atom
+ * @param {Object} dbObjMap DB models
+ * @param {Object} purlLocationMap Object to track locations where purls are used
+ * @param {Object} purlImportsMap Object to track package urls and their import aliases
  */
 export const collectDataFlowFrames = async (
   language,
@@ -1212,7 +1212,7 @@ export const collectDataFlowFrames = async (
  * Implemented based on the logic proposed here - https://github.com/AppThreat/atom/blob/main/specification/docs/slices.md#data-flow-slice
  *
  * @param {string} language Application language
- * @param {object} reachablesSlice Reachables slice object from atom
+ * @param {Object} reachablesSlice Reachables slice object from atom
  */
 export const collectReachableFrames = (language, reachablesSlice) => {
   const reachableNodes = reachablesSlice?.reachables || [];
@@ -1253,7 +1253,7 @@ export const collectReachableFrames = (language, reachablesSlice) => {
 /**
  * Method to pick a callstack frame as an evidence. This method is required since CycloneDX 1.5 accepts only a single frame as evidence.
  *
- * @param {array} dfFrames Data flow frames
+ * @param {Array} dfFrames Data flow frames
  * @returns
  */
 export const framePicker = (dfFrames) => {