@cyclonedx/cdxgen 10.3.0 → 10.3.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -0
- package/binary.js +5 -8
- package/index.js +2 -21
- package/package.json +1 -1
package/README.md
CHANGED
package/binary.js
CHANGED
|
@@ -6,7 +6,8 @@ import {
|
|
|
6
6
|
mkdirSync,
|
|
7
7
|
mkdtempSync,
|
|
8
8
|
readFileSync,
|
|
9
|
-
rmSync
|
|
9
|
+
rmSync,
|
|
10
|
+
lstatSync
|
|
10
11
|
} from "node:fs";
|
|
11
12
|
import { basename, dirname, join, resolve } from "node:path";
|
|
12
13
|
import { spawnSync } from "node:child_process";
|
|
@@ -19,12 +20,7 @@ let url = import.meta.url;
|
|
|
19
20
|
if (!url.startsWith("file://")) {
|
|
20
21
|
url = new URL(`file://${import.meta.url}`).toString();
|
|
21
22
|
}
|
|
22
|
-
|
|
23
|
-
// When cdxgen is used as a library, dirName would be inside the node_modules directory
|
|
24
|
-
// we need to locate the base directory of the dependent project in this case.
|
|
25
|
-
if (dirName.includes("node_modules")) {
|
|
26
|
-
dirName = dirName.split(join("node_modules", "@cyclonedx"))[0];
|
|
27
|
-
}
|
|
23
|
+
const dirName = import.meta ? dirname(fileURLToPath(url)) : __dirname;
|
|
28
24
|
|
|
29
25
|
const isWin = _platform() === "win32";
|
|
30
26
|
|
|
@@ -802,10 +798,11 @@ export function getBinaryBom(src, binaryBomFile, deepMode) {
|
|
|
802
798
|
if (DEBUG_MODE) {
|
|
803
799
|
console.log("Executing", BLINT_BIN, args.join(" "));
|
|
804
800
|
}
|
|
801
|
+
const cwd = lstatSync(src).isDirectory() ? src : dirname(src);
|
|
805
802
|
const result = spawnSync(BLINT_BIN, args, {
|
|
806
803
|
encoding: "utf-8",
|
|
807
804
|
timeout: TIMEOUT_MS,
|
|
808
|
-
cwd
|
|
805
|
+
cwd
|
|
809
806
|
});
|
|
810
807
|
if (result.status !== 0 || result.error) {
|
|
811
808
|
if (result.stderr) {
|
package/index.js
CHANGED
|
@@ -83,7 +83,6 @@ import {
|
|
|
83
83
|
parseGoModData,
|
|
84
84
|
parseGoModGraph,
|
|
85
85
|
parseGoModWhy,
|
|
86
|
-
parseGoVersionData,
|
|
87
86
|
parseGopkgData,
|
|
88
87
|
parseGosumData,
|
|
89
88
|
parseGradleDep,
|
|
@@ -149,7 +148,6 @@ import {
|
|
|
149
148
|
executeOsQuery,
|
|
150
149
|
getCargoAuditableInfo,
|
|
151
150
|
getDotnetSlices,
|
|
152
|
-
getGoBuildInfo,
|
|
153
151
|
getOSPackages,
|
|
154
152
|
getBinaryBom
|
|
155
153
|
} from "./binary.js";
|
|
@@ -2696,25 +2694,8 @@ export async function createGoBom(path, options) {
|
|
|
2696
2694
|
} catch (err) {
|
|
2697
2695
|
maybeBinary = false;
|
|
2698
2696
|
}
|
|
2699
|
-
if (maybeBinary) {
|
|
2700
|
-
|
|
2701
|
-
const dlist = await parseGoVersionData(buildInfoData);
|
|
2702
|
-
if (dlist && dlist.length) {
|
|
2703
|
-
pkgList = pkgList.concat(dlist);
|
|
2704
|
-
}
|
|
2705
|
-
// Since this pkg list is derived from the binary mark them as used.
|
|
2706
|
-
const allImports = {};
|
|
2707
|
-
for (const mpkg of pkgList) {
|
|
2708
|
-
const pkgFullName = `${mpkg.group}/${mpkg.name}`;
|
|
2709
|
-
allImports[pkgFullName] = true;
|
|
2710
|
-
}
|
|
2711
|
-
return buildBomNSData(options, pkgList, "golang", {
|
|
2712
|
-
allImports,
|
|
2713
|
-
dependencies,
|
|
2714
|
-
parentComponent,
|
|
2715
|
-
src: path,
|
|
2716
|
-
filename: path
|
|
2717
|
-
});
|
|
2697
|
+
if (maybeBinary || options.lifecycle === "post-build") {
|
|
2698
|
+
return createBinaryBom(path, options);
|
|
2718
2699
|
}
|
|
2719
2700
|
|
|
2720
2701
|
// Read in go.sum and merge all go.sum files.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "10.3.
|
|
3
|
+
"version": "10.3.1",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|