@cyclonedx/cdxgen 10.3.4 → 10.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (45) hide show
  1. package/README.md +2 -4
  2. package/analyzer.js +18 -18
  3. package/bin/cdxgen.js +79 -77
  4. package/bin/evinse.js +26 -26
  5. package/bin/repl.js +56 -62
  6. package/bin/verify.js +9 -9
  7. package/binary.js +55 -54
  8. package/cbomutils.js +6 -6
  9. package/db.js +17 -17
  10. package/display.js +30 -30
  11. package/display.test.js +2 -2
  12. package/docker.js +92 -89
  13. package/docker.test.js +30 -30
  14. package/envcontext.js +15 -15
  15. package/envcontext.test.js +1 -1
  16. package/evinser.js +94 -93
  17. package/evinser.test.js +24 -24
  18. package/index.js +523 -483
  19. package/package.json +8 -16
  20. package/piptree.js +6 -6
  21. package/postgen.js +2 -2
  22. package/postgen.test.js +5 -5
  23. package/protobom.js +37 -7
  24. package/protobom.test.js +6 -6
  25. package/server.js +16 -16
  26. package/types/analyzer.d.ts +7 -4
  27. package/types/binary.d.ts +12 -8
  28. package/types/cbomutils.d.ts +1 -1
  29. package/types/db.d.ts +23 -11
  30. package/types/display.d.ts +1 -1
  31. package/types/docker.d.ts +52 -32
  32. package/types/envcontext.d.ts +40 -40
  33. package/types/evinser.d.ts +3436 -717
  34. package/types/index.d.ts +66 -40
  35. package/types/jest.config.d.ts +2 -2
  36. package/types/piptree.d.ts +6 -2
  37. package/types/postgen.d.ts +1 -1
  38. package/types/protobom.d.ts +7 -3
  39. package/types/protobom.d.ts.map +1 -1
  40. package/types/server.d.ts +1 -1
  41. package/types/utils.d.ts +496 -302
  42. package/types/validator.d.ts +1 -1
  43. package/utils.js +742 -675
  44. package/utils.test.js +716 -674
  45. package/validator.js +20 -17
package/utils.test.js CHANGED
@@ -1,3 +1,8 @@
1
+ import { Buffer } from "node:buffer";
2
+ import { readFileSync } from "node:fs";
3
+ import path from "node:path";
4
+ import { expect, test } from "@jest/globals";
5
+ import { parse } from "ssri";
1
6
  import {
2
7
  encodeForPurl,
3
8
  findLicenseId,
@@ -77,90 +82,85 @@ import {
77
82
  parseSwiftResolved,
78
83
  parseYarnLock,
79
84
  readZipEntry,
80
- yarnLockToIdentMap
85
+ yarnLockToIdentMap,
81
86
  } from "./utils.js";
82
- import { readFileSync } from "node:fs";
83
- import { parse } from "ssri";
84
- import { expect, test } from "@jest/globals";
85
- import path from "node:path";
86
- import { Buffer } from "node:buffer";
87
87
 
88
88
  test("SSRI test", () => {
89
89
  // gopkg.lock hash
90
90
  let ss = parse(
91
- "2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf"
91
+ "2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
92
92
  );
93
93
  expect(ss).toEqual(null);
94
94
  ss = parse(
95
- "sha256-2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf"
95
+ "sha256-2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
96
96
  );
97
97
  expect(ss.sha256[0].digest).toStrictEqual(
98
- "2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf"
98
+ "2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
99
99
  );
100
100
  ss = parse(
101
101
  "sha256-" +
102
102
  Buffer.from(
103
103
  "2ca532a6bc655663344004ba102436d29031018eab236247678db1d8978627bf",
104
- "hex"
105
- ).toString("base64")
104
+ "hex",
105
+ ).toString("base64"),
106
106
  );
107
107
  expect(ss.sha256[0].digest).toStrictEqual(
108
- "LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78="
108
+ "LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78=",
109
109
  );
110
110
  ss = parse(
111
- "sha512-Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw=="
111
+ "sha512-Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw==",
112
112
  );
113
113
  expect(ss.sha512[0].digest).toStrictEqual(
114
- "Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw=="
114
+ "Vn0lE2mprXEFPcRoI89xjw1fk1VJiyVbwfaPnVnvCXxEieByioO8Mj6sMwa6ON9PRuqbAjIxaQpkzccu41sYlw==",
115
115
  );
116
116
  });
117
117
 
118
118
  test("Parse requires dist string", () => {
119
119
  expect(parsePyRequiresDist("lazy-object-proxy (>=1.4.0)")).toEqual({
120
120
  name: "lazy-object-proxy",
121
- version: "1.4.0"
121
+ version: "1.4.0",
122
122
  });
123
123
  expect(parsePyRequiresDist("wrapt (<1.13,>=1.11)")).toEqual({
124
124
  name: "wrapt",
125
- version: "1.13"
125
+ version: "1.13",
126
126
  });
127
127
  expect(
128
128
  parsePyRequiresDist(
129
- 'typed-ast (<1.5,>=1.4.0) ; implementation_name == "cpython" and python_version < "3.8"'
130
- )
129
+ 'typed-ast (<1.5,>=1.4.0) ; implementation_name == "cpython" and python_version < "3.8"',
130
+ ),
131
131
  ).toEqual({ name: "typed-ast", version: "1.5" });
132
132
  expect(parsePyRequiresDist("asgiref (<4,>=3.2.10)")).toEqual({
133
133
  name: "asgiref",
134
- version: "4"
134
+ version: "4",
135
135
  });
136
136
  expect(parsePyRequiresDist("pytz")).toEqual({
137
137
  name: "pytz",
138
- version: ""
138
+ version: "",
139
139
  });
140
140
  expect(parsePyRequiresDist("sqlparse (>=0.2.2)")).toEqual({
141
141
  name: "sqlparse",
142
- version: "0.2.2"
142
+ version: "0.2.2",
143
143
  });
144
144
  expect(
145
- parsePyRequiresDist("argon2-cffi (>=16.1.0) ; extra == 'argon2'")
145
+ parsePyRequiresDist("argon2-cffi (>=16.1.0) ; extra == 'argon2'"),
146
146
  ).toEqual({ name: "argon2-cffi", version: "16.1.0" });
147
147
  expect(parsePyRequiresDist("bcrypt ; extra == 'bcrypt'")).toEqual({
148
148
  name: "bcrypt",
149
- version: ""
149
+ version: "",
150
150
  });
151
151
  });
152
152
 
153
153
  test("finds license id from name", () => {
154
154
  expect(findLicenseId("Apache License Version 2.0")).toEqual("Apache-2.0");
155
155
  expect(findLicenseId("GNU General Public License (GPL) version 2.0")).toEqual(
156
- "GPL-2.0-only"
156
+ "GPL-2.0-only",
157
157
  );
158
158
  });
159
159
 
160
160
  test("parse gradle dependencies", () => {
161
161
  expect(parseGradleDep(null)).toEqual({});
162
162
  let parsedList = parseGradleDep(
163
- readFileSync("./test/gradle-dep.out", { encoding: "utf-8" })
163
+ readFileSync("./test/gradle-dep.out", { encoding: "utf-8" }),
164
164
  );
165
165
  expect(parsedList.pkgList.length).toEqual(33);
166
166
  expect(parsedList.dependenciesList.length).toEqual(34);
@@ -168,15 +168,15 @@ test("parse gradle dependencies", () => {
168
168
  group: "org.ethereum",
169
169
  name: "solcJ-all",
170
170
  qualifiers: {
171
- type: "jar"
171
+ type: "jar",
172
172
  },
173
173
  version: "0.4.25",
174
174
  "bom-ref": "pkg:maven/org.ethereum/solcJ-all@0.4.25?type=jar",
175
- purl: "pkg:maven/org.ethereum/solcJ-all@0.4.25?type=jar"
175
+ purl: "pkg:maven/org.ethereum/solcJ-all@0.4.25?type=jar",
176
176
  });
177
177
 
178
178
  parsedList = parseGradleDep(
179
- readFileSync("./test/data/gradle-android-dep.out", { encoding: "utf-8" })
179
+ readFileSync("./test/data/gradle-android-dep.out", { encoding: "utf-8" }),
180
180
  );
181
181
  expect(parsedList.pkgList.length).toEqual(104);
182
182
  expect(parsedList.dependenciesList.length).toEqual(105);
@@ -184,38 +184,38 @@ test("parse gradle dependencies", () => {
184
184
  group: "com.android.support.test",
185
185
  name: "runner",
186
186
  qualifiers: {
187
- type: "jar"
187
+ type: "jar",
188
188
  },
189
189
  scope: "optional",
190
190
  version: "1.0.2",
191
191
  properties: [
192
192
  {
193
193
  name: "GradleProfileName",
194
- value: "androidTestImplementation"
195
- }
194
+ value: "androidTestImplementation",
195
+ },
196
196
  ],
197
197
  "bom-ref": "pkg:maven/com.android.support.test/runner@1.0.2?type=jar",
198
- purl: "pkg:maven/com.android.support.test/runner@1.0.2?type=jar"
198
+ purl: "pkg:maven/com.android.support.test/runner@1.0.2?type=jar",
199
199
  });
200
200
  expect(parsedList.pkgList[103]).toEqual({
201
201
  group: "androidx.core",
202
202
  name: "core",
203
203
  qualifiers: {
204
- type: "jar"
204
+ type: "jar",
205
205
  },
206
206
  version: "1.7.0",
207
207
  scope: "optional",
208
208
  properties: [
209
209
  {
210
210
  name: "GradleProfileName",
211
- value: "releaseUnitTestRuntimeClasspath"
212
- }
211
+ value: "releaseUnitTestRuntimeClasspath",
212
+ },
213
213
  ],
214
214
  "bom-ref": "pkg:maven/androidx.core/core@1.7.0?type=jar",
215
- purl: "pkg:maven/androidx.core/core@1.7.0?type=jar"
215
+ purl: "pkg:maven/androidx.core/core@1.7.0?type=jar",
216
216
  });
217
217
  parsedList = parseGradleDep(
218
- readFileSync("./test/data/gradle-out1.dep", { encoding: "utf-8" })
218
+ readFileSync("./test/data/gradle-out1.dep", { encoding: "utf-8" }),
219
219
  );
220
220
  expect(parsedList.pkgList.length).toEqual(89);
221
221
  expect(parsedList.dependenciesList.length).toEqual(90);
@@ -227,16 +227,16 @@ test("parse gradle dependencies", () => {
227
227
  properties: [
228
228
  {
229
229
  name: "GradleProfileName",
230
- value: "compileClasspath"
231
- }
230
+ value: "compileClasspath",
231
+ },
232
232
  ],
233
233
  "bom-ref":
234
234
  "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.2.0.RELEASE?type=jar",
235
- purl: "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.2.0.RELEASE?type=jar"
235
+ purl: "pkg:maven/org.springframework.boot/spring-boot-starter-web@2.2.0.RELEASE?type=jar",
236
236
  });
237
237
 
238
238
  parsedList = parseGradleDep(
239
- readFileSync("./test/data/gradle-rich1.dep", { encoding: "utf-8" })
239
+ readFileSync("./test/data/gradle-rich1.dep", { encoding: "utf-8" }),
240
240
  );
241
241
  expect(parsedList.pkgList.length).toEqual(4);
242
242
  expect(parsedList.pkgList[parsedList.pkgList.length - 1]).toEqual({
@@ -245,10 +245,10 @@ test("parse gradle dependencies", () => {
245
245
  qualifiers: { type: "jar" },
246
246
  version: "1.4.5",
247
247
  "bom-ref": "pkg:maven/ch.qos.logback/logback-core@1.4.5?type=jar",
248
- purl: "pkg:maven/ch.qos.logback/logback-core@1.4.5?type=jar"
248
+ purl: "pkg:maven/ch.qos.logback/logback-core@1.4.5?type=jar",
249
249
  });
250
250
  parsedList = parseGradleDep(
251
- readFileSync("./test/data/gradle-rich2.dep", { encoding: "utf-8" })
251
+ readFileSync("./test/data/gradle-rich2.dep", { encoding: "utf-8" }),
252
252
  );
253
253
  expect(parsedList.pkgList.length).toEqual(2);
254
254
  expect(parsedList.pkgList).toEqual([
@@ -258,7 +258,7 @@ test("parse gradle dependencies", () => {
258
258
  qualifiers: { type: "jar" },
259
259
  version: "8.1.1",
260
260
  "bom-ref": "pkg:maven/io.appium/java-client@8.1.1?type=jar",
261
- purl: "pkg:maven/io.appium/java-client@8.1.1?type=jar"
261
+ purl: "pkg:maven/io.appium/java-client@8.1.1?type=jar",
262
262
  },
263
263
  {
264
264
  group: "org.seleniumhq.selenium",
@@ -267,11 +267,11 @@ test("parse gradle dependencies", () => {
267
267
  version: "4.5.0",
268
268
  "bom-ref":
269
269
  "pkg:maven/org.seleniumhq.selenium/selenium-support@4.5.0?type=jar",
270
- purl: "pkg:maven/org.seleniumhq.selenium/selenium-support@4.5.0?type=jar"
271
- }
270
+ purl: "pkg:maven/org.seleniumhq.selenium/selenium-support@4.5.0?type=jar",
271
+ },
272
272
  ]);
273
273
  parsedList = parseGradleDep(
274
- readFileSync("./test/data/gradle-rich3.dep", { encoding: "utf-8" })
274
+ readFileSync("./test/data/gradle-rich3.dep", { encoding: "utf-8" }),
275
275
  );
276
276
  expect(parsedList.pkgList.length).toEqual(1);
277
277
  expect(parsedList.pkgList).toEqual([
@@ -282,11 +282,11 @@ test("parse gradle dependencies", () => {
282
282
  qualifiers: { type: "jar" },
283
283
  "bom-ref":
284
284
  "pkg:maven/org.seleniumhq.selenium/selenium-remote-driver@4.5.0?type=jar",
285
- purl: "pkg:maven/org.seleniumhq.selenium/selenium-remote-driver@4.5.0?type=jar"
286
- }
285
+ purl: "pkg:maven/org.seleniumhq.selenium/selenium-remote-driver@4.5.0?type=jar",
286
+ },
287
287
  ]);
288
288
  parsedList = parseGradleDep(
289
- readFileSync("./test/data/gradle-rich4.dep", { encoding: "utf-8" })
289
+ readFileSync("./test/data/gradle-rich4.dep", { encoding: "utf-8" }),
290
290
  );
291
291
  expect(parsedList.pkgList.length).toEqual(1);
292
292
  expect(parsedList.pkgList).toEqual([
@@ -297,45 +297,47 @@ test("parse gradle dependencies", () => {
297
297
  qualifiers: { type: "jar" },
298
298
  "bom-ref":
299
299
  "pkg:maven/org.seleniumhq.selenium/selenium-api@4.5.0?type=jar",
300
- purl: "pkg:maven/org.seleniumhq.selenium/selenium-api@4.5.0?type=jar"
301
- }
300
+ purl: "pkg:maven/org.seleniumhq.selenium/selenium-api@4.5.0?type=jar",
301
+ },
302
302
  ]);
303
303
  parsedList = parseGradleDep(
304
- readFileSync("./test/data/gradle-rich5.dep", { encoding: "utf-8" })
304
+ readFileSync("./test/data/gradle-rich5.dep", { encoding: "utf-8" }),
305
305
  );
306
306
  expect(parsedList.pkgList.length).toEqual(67);
307
307
  expect(parsedList.dependenciesList.length).toEqual(68);
308
308
  parsedList = parseGradleDep(
309
- readFileSync("./test/data/gradle-out-249.dep", { encoding: "utf-8" })
309
+ readFileSync("./test/data/gradle-out-249.dep", { encoding: "utf-8" }),
310
310
  );
311
311
  expect(parsedList.pkgList.length).toEqual(21);
312
312
  expect(parsedList.dependenciesList.length).toEqual(22);
313
313
  parsedList = parseGradleDep(
314
- readFileSync("./test/data/gradle-service.out", { encoding: "utf-8" })
314
+ readFileSync("./test/data/gradle-service.out", { encoding: "utf-8" }),
315
315
  );
316
316
  expect(parsedList.pkgList.length).toEqual(35);
317
317
  expect(parsedList.dependenciesList.length).toEqual(36);
318
318
  parsedList = parseGradleDep(
319
- readFileSync("./test/data/gradle-s.out", { encoding: "utf-8" })
319
+ readFileSync("./test/data/gradle-s.out", { encoding: "utf-8" }),
320
320
  );
321
321
  expect(parsedList.pkgList.length).toEqual(28);
322
322
  expect(parsedList.dependenciesList.length).toEqual(29);
323
323
  parsedList = parseGradleDep(
324
- readFileSync("./test/data/gradle-core.out", { encoding: "utf-8" })
324
+ readFileSync("./test/data/gradle-core.out", { encoding: "utf-8" }),
325
325
  );
326
326
  expect(parsedList.pkgList.length).toEqual(18);
327
327
  expect(parsedList.dependenciesList.length).toEqual(19);
328
328
  parsedList = parseGradleDep(
329
- readFileSync("./test/data/gradle-single.out", { encoding: "utf-8" })
329
+ readFileSync("./test/data/gradle-single.out", { encoding: "utf-8" }),
330
330
  );
331
331
  expect(parsedList.pkgList.length).toEqual(152);
332
332
  expect(parsedList.dependenciesList.length).toEqual(153);
333
333
  parsedList = parseGradleDep(
334
- readFileSync("./test/data/gradle-android-app.dep", { encoding: "utf-8" })
334
+ readFileSync("./test/data/gradle-android-app.dep", { encoding: "utf-8" }),
335
335
  );
336
336
  expect(parsedList.pkgList.length).toEqual(102);
337
337
  parsedList = parseGradleDep(
338
- readFileSync("./test/data/gradle-android-jetify.dep", { encoding: "utf-8" })
338
+ readFileSync("./test/data/gradle-android-jetify.dep", {
339
+ encoding: "utf-8",
340
+ }),
339
341
  );
340
342
  expect(parsedList.pkgList.length).toEqual(1);
341
343
  expect(parsedList.pkgList).toEqual([
@@ -345,18 +347,18 @@ test("parse gradle dependencies", () => {
345
347
  version: "1.2.0",
346
348
  qualifiers: { type: "jar" },
347
349
  "bom-ref": "pkg:maven/androidx.appcompat/appcompat@1.2.0?type=jar",
348
- purl: "pkg:maven/androidx.appcompat/appcompat@1.2.0?type=jar"
349
- }
350
+ purl: "pkg:maven/androidx.appcompat/appcompat@1.2.0?type=jar",
351
+ },
350
352
  ]);
351
353
  parsedList = parseGradleDep(
352
- readFileSync("./test/data/gradle-sm.dep", { encoding: "utf-8" })
354
+ readFileSync("./test/data/gradle-sm.dep", { encoding: "utf-8" }),
353
355
  );
354
356
  expect(parsedList.pkgList.length).toEqual(6);
355
357
  expect(parsedList.dependenciesList.length).toEqual(7);
356
358
  parsedList = parseGradleDep(
357
359
  readFileSync("./test/data/gradle-dependencies-559.txt", {
358
- encoding: "utf-8"
359
- })
360
+ encoding: "utf-8",
361
+ }),
360
362
  );
361
363
  expect(parsedList.pkgList.length).toEqual(372);
362
364
  });
@@ -364,39 +366,39 @@ test("parse gradle dependencies", () => {
364
366
  test("parse gradle projects", () => {
365
367
  expect(parseGradleProjects(null)).toEqual({
366
368
  projects: [],
367
- rootProject: "root"
369
+ rootProject: "root",
368
370
  });
369
371
  let retMap = parseGradleProjects(
370
- readFileSync("./test/data/gradle-projects.out", { encoding: "utf-8" })
372
+ readFileSync("./test/data/gradle-projects.out", { encoding: "utf-8" }),
371
373
  );
372
374
  expect(retMap.rootProject).toEqual("elasticsearch");
373
375
  expect(retMap.projects.length).toEqual(368);
374
376
  retMap = parseGradleProjects(
375
- readFileSync("./test/data/gradle-projects1.out", { encoding: "utf-8" })
377
+ readFileSync("./test/data/gradle-projects1.out", { encoding: "utf-8" }),
376
378
  );
377
379
  expect(retMap.rootProject).toEqual("elasticsearch");
378
380
  expect(retMap.projects.length).toEqual(409);
379
381
  retMap = parseGradleProjects(
380
- readFileSync("./test/data/gradle-projects2.out", { encoding: "utf-8" })
382
+ readFileSync("./test/data/gradle-projects2.out", { encoding: "utf-8" }),
381
383
  );
382
384
  expect(retMap.rootProject).toEqual("fineract");
383
385
  expect(retMap.projects.length).toEqual(22);
384
386
  retMap = parseGradleProjects(
385
- readFileSync("./test/data/gradle-android-app.dep", { encoding: "utf-8" })
387
+ readFileSync("./test/data/gradle-android-app.dep", { encoding: "utf-8" }),
386
388
  );
387
389
  expect(retMap.rootProject).toEqual("root");
388
390
  expect(retMap.projects).toEqual([":app"]);
389
391
  retMap = parseGradleProjects(
390
392
  readFileSync("./test/data/gradle-properties-sm.txt", {
391
- encoding: "utf-8"
392
- })
393
+ encoding: "utf-8",
394
+ }),
393
395
  );
394
396
  expect(retMap.rootProject).toEqual("root");
395
397
  expect(retMap.projects).toEqual([
396
398
  ":module:dummy:core",
397
399
  ":module:dummy:service",
398
400
  ":module:dummy:starter",
399
- ":custom:foo:service"
401
+ ":custom:foo:service",
400
402
  ]);
401
403
  });
402
404
 
@@ -407,18 +409,18 @@ test("parse gradle properties", () => {
407
409
  metadata: {
408
410
  group: "",
409
411
  version: "latest",
410
- properties: []
411
- }
412
+ properties: [],
413
+ },
412
414
  });
413
415
  let retMap = parseGradleProperties(
414
- readFileSync("./test/data/gradle-properties.txt", { encoding: "utf-8" })
416
+ readFileSync("./test/data/gradle-properties.txt", { encoding: "utf-8" }),
415
417
  );
416
418
  expect(retMap).toEqual({
417
419
  rootProject: "dependency-diff-check",
418
420
  projects: [
419
421
  ":dependency-diff-check-client-starter",
420
422
  ":dependency-diff-check-common-core",
421
- ":dependency-diff-check-service"
423
+ ":dependency-diff-check-service",
422
424
  ],
423
425
  metadata: {
424
426
  group: "com.ajmalab",
@@ -427,23 +429,23 @@ test("parse gradle properties", () => {
427
429
  {
428
430
  name: "buildFile",
429
431
  value:
430
- "/home/almalinux/work/sandbox/dependency-diff-check/build.gradle"
432
+ "/home/almalinux/work/sandbox/dependency-diff-check/build.gradle",
431
433
  },
432
434
  {
433
435
  name: "projectDir",
434
- value: "/home/almalinux/work/sandbox/dependency-diff-check"
436
+ value: "/home/almalinux/work/sandbox/dependency-diff-check",
435
437
  },
436
438
  {
437
439
  name: "rootDir",
438
- value: "/home/almalinux/work/sandbox/dependency-diff-check"
439
- }
440
- ]
441
- }
440
+ value: "/home/almalinux/work/sandbox/dependency-diff-check",
441
+ },
442
+ ],
443
+ },
442
444
  });
443
445
  retMap = parseGradleProperties(
444
446
  readFileSync("./test/data/gradle-properties-single.txt", {
445
- encoding: "utf-8"
446
- })
447
+ encoding: "utf-8",
448
+ }),
447
449
  );
448
450
  expect(retMap).toEqual({
449
451
  rootProject: "java-test",
@@ -454,20 +456,20 @@ test("parse gradle properties", () => {
454
456
  properties: [
455
457
  {
456
458
  name: "buildFile",
457
- value: "/home/almalinux/work/sandbox/java-test/build.gradle"
459
+ value: "/home/almalinux/work/sandbox/java-test/build.gradle",
458
460
  },
459
461
  {
460
462
  name: "projectDir",
461
- value: "/home/almalinux/work/sandbox/java-test"
463
+ value: "/home/almalinux/work/sandbox/java-test",
462
464
  },
463
- { name: "rootDir", value: "/home/almalinux/work/sandbox/java-test" }
464
- ]
465
- }
465
+ { name: "rootDir", value: "/home/almalinux/work/sandbox/java-test" },
466
+ ],
467
+ },
466
468
  });
467
469
  retMap = parseGradleProperties(
468
470
  readFileSync("./test/data/gradle-properties-single2.txt", {
469
- encoding: "utf-8"
470
- })
471
+ encoding: "utf-8",
472
+ }),
471
473
  );
472
474
  expect(retMap).toEqual({
473
475
  rootProject: "java-test",
@@ -478,38 +480,38 @@ test("parse gradle properties", () => {
478
480
  properties: [
479
481
  {
480
482
  name: "buildFile",
481
- value: "/home/almalinux/work/sandbox/java-test/build.gradle"
483
+ value: "/home/almalinux/work/sandbox/java-test/build.gradle",
482
484
  },
483
485
  { name: "projectDir", value: "/home/almalinux/work/sandbox/java-test" },
484
- { name: "rootDir", value: "/home/almalinux/work/sandbox/java-test" }
485
- ]
486
- }
486
+ { name: "rootDir", value: "/home/almalinux/work/sandbox/java-test" },
487
+ ],
488
+ },
487
489
  });
488
490
  retMap = parseGradleProperties(
489
491
  readFileSync("./test/data/gradle-properties-elastic.txt", {
490
- encoding: "utf-8"
491
- })
492
+ encoding: "utf-8",
493
+ }),
492
494
  );
493
495
  expect(retMap.rootProject).toEqual("elasticsearch");
494
496
  expect(retMap.projects.length).toEqual(409);
495
497
  retMap = parseGradleProperties(
496
498
  readFileSync("./test/data/gradle-properties-android.txt", {
497
- encoding: "utf-8"
498
- })
499
+ encoding: "utf-8",
500
+ }),
499
501
  );
500
502
  expect(retMap.rootProject).toEqual("CdxgenAndroidTest");
501
503
  expect(retMap.projects.length).toEqual(2);
502
504
  retMap = parseGradleProperties(
503
505
  readFileSync("./test/data/gradle-properties-sm.txt", {
504
- encoding: "utf-8"
505
- })
506
+ encoding: "utf-8",
507
+ }),
506
508
  );
507
509
  expect(retMap.rootProject).toEqual("root");
508
510
  expect(retMap.projects).toEqual([]);
509
511
  retMap = parseGradleProperties(
510
512
  readFileSync("./test/data/gradle-properties-559.txt", {
511
- encoding: "utf-8"
512
- })
513
+ encoding: "utf-8",
514
+ }),
513
515
  );
514
516
  expect(retMap.rootProject).toEqual("failing-project");
515
517
  expect(retMap.projects).toEqual([]);
@@ -518,7 +520,7 @@ test("parse gradle properties", () => {
518
520
  test("parse maven tree", () => {
519
521
  expect(parseMavenTree(null)).toEqual({});
520
522
  let parsedList = parseMavenTree(
521
- readFileSync("./test/data/sample-mvn-tree.txt", { encoding: "utf-8" })
523
+ readFileSync("./test/data/sample-mvn-tree.txt", { encoding: "utf-8" }),
522
524
  );
523
525
  expect(parsedList.pkgList.length).toEqual(61);
524
526
  expect(parsedList.dependenciesList.length).toEqual(61);
@@ -526,7 +528,7 @@ test("parse maven tree", () => {
526
528
  group: "com.pogeyan.cmis",
527
529
  name: "copper-server",
528
530
  version: "1.15.2",
529
- qualifiers: { type: "war" }
531
+ qualifiers: { type: "war" },
530
532
  });
531
533
  expect(parsedList.dependenciesList[0]).toEqual({
532
534
  ref: "pkg:maven/com.pogeyan.cmis/copper-server@1.15.2?type=war",
@@ -549,13 +551,13 @@ test("parse maven tree", () => {
549
551
  "pkg:maven/com.typesafe.akka/akka-cluster_2.11@2.4.14?type=jar",
550
552
  "pkg:maven/org.codehaus.jackson/jackson-mapper-asl@1.9.13?type=jar",
551
553
  "pkg:maven/org.slf4j/slf4j-log4j12@1.7.21?type=jar",
552
- "pkg:maven/commons-io/commons-io@2.6?type=jar"
553
- ]
554
+ "pkg:maven/commons-io/commons-io@2.6?type=jar",
555
+ ],
554
556
  });
555
557
  parsedList = parseMavenTree(
556
558
  readFileSync("./test/data/mvn-dep-tree-simple.txt", {
557
- encoding: "utf-8"
558
- })
559
+ encoding: "utf-8",
560
+ }),
559
561
  );
560
562
  expect(parsedList.pkgList.length).toEqual(37);
561
563
  expect(parsedList.dependenciesList.length).toEqual(37);
@@ -563,7 +565,7 @@ test("parse maven tree", () => {
563
565
  group: "com.gitlab.security_products.tests",
564
566
  name: "java-maven",
565
567
  version: "1.0-SNAPSHOT",
566
- qualifiers: { type: "jar" }
568
+ qualifiers: { type: "jar" },
567
569
  });
568
570
  expect(parsedList.dependenciesList[0]).toEqual({
569
571
  ref: "pkg:maven/com.gitlab.security_products.tests/java-maven@1.0-SNAPSHOT?type=jar",
@@ -574,26 +576,26 @@ test("parse maven tree", () => {
574
576
  "pkg:maven/org.apache.maven/maven-artifact@3.3.9?type=jar",
575
577
  "pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.9.2?type=jar",
576
578
  "pkg:maven/org.mozilla/rhino@1.7.10?type=jar",
577
- "pkg:maven/org.apache.geode/geode-core@1.1.1?type=jar"
578
- ]
579
+ "pkg:maven/org.apache.geode/geode-core@1.1.1?type=jar",
580
+ ],
579
581
  });
580
582
  parsedList = parseMavenTree(
581
583
  readFileSync("./test/data/mvn-p2-plugin.txt", {
582
- encoding: "utf-8"
583
- })
584
+ encoding: "utf-8",
585
+ }),
584
586
  );
585
587
  expect(parsedList.pkgList.length).toEqual(79);
586
588
  expect(parsedList.pkgList[0]).toEqual({
587
589
  group: "example.group",
588
590
  name: "eclipse-repository",
589
591
  version: "1.0.0-SNAPSHOT",
590
- qualifiers: { type: "eclipse-repository" }
592
+ qualifiers: { type: "eclipse-repository" },
591
593
  });
592
594
  expect(parsedList.pkgList[4]).toEqual({
593
595
  group: "p2.eclipse.plugin",
594
596
  name: "com.ibm.icu",
595
597
  version: "67.1.0.v20200706-1749",
596
- qualifiers: { type: "eclipse-plugin" }
598
+ qualifiers: { type: "eclipse-plugin" },
597
599
  });
598
600
  expect(parsedList.dependenciesList.length).toEqual(79);
599
601
  expect(parsedList.dependenciesList[0]).toEqual({
@@ -603,8 +605,8 @@ test("parse maven tree", () => {
603
605
  "pkg:maven/example.group/example-feature-2@0.2.0-SNAPSHOT?type=eclipse-feature",
604
606
  "pkg:maven/example.group/example-bundle@0.1.0-SNAPSHOT?type=eclipse-plugin",
605
607
  "pkg:maven/example.group/org.tycho.demo.rootfiles@1.0.0?type=p2-installable-unit",
606
- "pkg:maven/example.group/org.tycho.demo.rootfiles.win@1.0.0-SNAPSHOT?type=p2-installable-unit"
607
- ]
608
+ "pkg:maven/example.group/org.tycho.demo.rootfiles.win@1.0.0-SNAPSHOT?type=p2-installable-unit",
609
+ ],
608
610
  });
609
611
  });
610
612
 
@@ -666,17 +668,17 @@ test("get py metadata", async () => {
666
668
  {
667
669
  group: "",
668
670
  name: "Flask",
669
- version: "1.1.0"
670
- }
671
+ version: "1.1.0",
672
+ },
671
673
  ],
672
- false
674
+ false,
673
675
  );
674
676
  expect(data).toEqual([
675
677
  {
676
678
  group: "",
677
679
  name: "Flask",
678
- version: "1.1.0"
679
- }
680
+ version: "1.1.0",
681
+ },
680
682
  ]);
681
683
  }, 240000);
682
684
 
@@ -692,11 +694,11 @@ test("parseGoModData", async () => {
692
694
  "github.com/spf13/viper@v1.0.2":
693
695
  "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
694
696
  "github.com/stretchr/testify@v1.6.1":
695
- "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg="
697
+ "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
696
698
  };
697
699
  dep_list = await parseGoModData(
698
700
  readFileSync("./test/gomod/go.mod", { encoding: "utf-8" }),
699
- gosumMap
701
+ gosumMap,
700
702
  );
701
703
  expect(dep_list.length).toEqual(4);
702
704
  expect(dep_list[0]).toEqual({
@@ -706,7 +708,7 @@ test("parseGoModData", async () => {
706
708
  version: "v1.38.47",
707
709
  _integrity: "sha256-fake-sha-for-aws-go-sdk=",
708
710
  "bom-ref": "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
709
- purl: "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47"
711
+ purl: "pkg:golang/github.com/aws/aws-sdk-go@v1.38.47",
710
712
  });
711
713
  expect(dep_list[1]).toEqual({
712
714
  group: "",
@@ -715,7 +717,7 @@ test("parseGoModData", async () => {
715
717
  purl: "pkg:golang/github.com/spf13/cobra@v1.0.0",
716
718
  license: undefined,
717
719
  version: "v1.0.0",
718
- _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE="
720
+ _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
719
721
  });
720
722
  expect(dep_list[2]).toEqual({
721
723
  group: "",
@@ -724,7 +726,7 @@ test("parseGoModData", async () => {
724
726
  purl: "pkg:golang/google.golang.org/grpc@v1.21.0",
725
727
  license: undefined,
726
728
  version: "v1.21.0",
727
- _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM="
729
+ _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
728
730
  });
729
731
  expect(dep_list[3]).toEqual({
730
732
  group: "",
@@ -733,7 +735,7 @@ test("parseGoModData", async () => {
733
735
  purl: "pkg:golang/github.com/spf13/viper@v1.0.2",
734
736
  license: undefined,
735
737
  version: "v1.0.2",
736
- _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM="
738
+ _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
737
739
  });
738
740
  dep_list.forEach((d) => {
739
741
  expect(d.license);
@@ -744,7 +746,7 @@ test("parseGoSumData", async () => {
744
746
  let dep_list = await parseGoModData(null);
745
747
  expect(dep_list).toEqual([]);
746
748
  dep_list = await parseGosumData(
747
- readFileSync("./test/gomod/go.sum", { encoding: "utf-8" })
749
+ readFileSync("./test/gomod/go.sum", { encoding: "utf-8" }),
748
750
  );
749
751
  expect(dep_list.length).toEqual(4);
750
752
  expect(dep_list[0]).toEqual({
@@ -752,28 +754,28 @@ test("parseGoSumData", async () => {
752
754
  name: "google.golang.org/grpc",
753
755
  license: undefined,
754
756
  version: "v1.21.0",
755
- _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM="
757
+ _integrity: "sha256-oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=",
756
758
  });
757
759
  expect(dep_list[1]).toEqual({
758
760
  group: "",
759
761
  name: "github.com/spf13/cobra",
760
762
  license: undefined,
761
763
  version: "v1.0.0",
762
- _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE="
764
+ _integrity: "sha256-/6GTrnGXV9HjY+aR4k0oJ5tcvakLuG6EuKReYlHNrgE=",
763
765
  });
764
766
  expect(dep_list[2]).toEqual({
765
767
  group: "",
766
768
  name: "github.com/spf13/viper",
767
769
  license: undefined,
768
770
  version: "v1.0.2",
769
- _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM="
771
+ _integrity: "sha256-A8kyI5cUJhb8N+3pkfONlcEcZbueH6nhAm0Fq7SrnBM=",
770
772
  });
771
773
  expect(dep_list[3]).toEqual({
772
774
  group: "",
773
775
  name: "github.com/stretchr/testify",
774
776
  license: undefined,
775
777
  version: "v1.6.1",
776
- _integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg="
778
+ _integrity: "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=",
777
779
  });
778
780
  dep_list.forEach((d) => {
779
781
  expect(d.license);
@@ -783,7 +785,7 @@ test("parseGoSumData", async () => {
783
785
  test("parse go list dependencies", async () => {
784
786
  const retMap = await parseGoListDep(
785
787
  readFileSync("./test/data/golist-dep.txt", { encoding: "utf-8" }),
786
- {}
788
+ {},
787
789
  );
788
790
  expect(retMap.pkgList.length).toEqual(4);
789
791
  expect(retMap.pkgList[0]).toEqual({
@@ -799,10 +801,10 @@ test("parse go list dependencies", async () => {
799
801
  {
800
802
  name: "SrcGoMod",
801
803
  value:
802
- "/home/almalinux/go/pkg/mod/cache/download/github.com/gorilla/mux/@v/v1.7.4.mod"
804
+ "/home/almalinux/go/pkg/mod/cache/download/github.com/gorilla/mux/@v/v1.7.4.mod",
803
805
  },
804
- { name: "ModuleGoVersion", value: "1.12" }
805
- ]
806
+ { name: "ModuleGoVersion", value: "1.12" },
807
+ ],
806
808
  });
807
809
  });
808
810
 
@@ -812,7 +814,7 @@ test("parse go mod graph", async () => {
812
814
  "./test/data/gomod-graph.txt",
813
815
  {},
814
816
  [],
815
- {}
817
+ {},
816
818
  );
817
819
  expect(retMap.pkgList.length).toEqual(537);
818
820
  expect(retMap.pkgList[0]).toEqual({
@@ -829,22 +831,22 @@ test("parse go mod graph", async () => {
829
831
  {
830
832
  technique: "manifest-analysis",
831
833
  confidence: 1,
832
- value: "./test/data/gomod-graph.txt"
833
- }
834
- ]
835
- }
834
+ value: "./test/data/gomod-graph.txt",
835
+ },
836
+ ],
837
+ },
836
838
  },
837
- properties: [{ name: "SrcFile", value: "./test/data/gomod-graph.txt" }]
839
+ properties: [{ name: "SrcFile", value: "./test/data/gomod-graph.txt" }],
838
840
  });
839
841
  });
840
842
 
841
843
  test("parse go mod why dependencies", () => {
842
844
  let pkg_name = parseGoModWhy(
843
- readFileSync("./test/data/gomodwhy.txt", { encoding: "utf-8" })
845
+ readFileSync("./test/data/gomodwhy.txt", { encoding: "utf-8" }),
844
846
  );
845
847
  expect(pkg_name).toEqual("github.com/mailgun/mailgun-go/v4");
846
848
  pkg_name = parseGoModWhy(
847
- readFileSync("./test/data/gomodwhynot.txt", { encoding: "utf-8" })
849
+ readFileSync("./test/data/gomodwhynot.txt", { encoding: "utf-8" }),
848
850
  );
849
851
  expect(pkg_name).toBeUndefined();
850
852
  });
@@ -853,14 +855,14 @@ test("parseGopkgData", async () => {
853
855
  let dep_list = await parseGopkgData(null);
854
856
  expect(dep_list).toEqual([]);
855
857
  dep_list = await parseGopkgData(
856
- readFileSync("./test/gopkg/Gopkg.lock", { encoding: "utf-8" })
858
+ readFileSync("./test/gopkg/Gopkg.lock", { encoding: "utf-8" }),
857
859
  );
858
860
  expect(dep_list.length).toEqual(36);
859
861
  expect(dep_list[0]).toEqual({
860
862
  group: "",
861
863
  name: "cloud.google.com/go",
862
864
  version: "v0.39.0",
863
- _integrity: "sha256-LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78="
865
+ _integrity: "sha256-LKUyprxlVmM0QAS6ECQ20pAxAY6rI2JHZ42x2JeGJ78=",
864
866
  });
865
867
  dep_list.forEach((d) => {
866
868
  expect(d.license);
@@ -870,7 +872,7 @@ test("parseGopkgData", async () => {
870
872
  test("parse go version data", async () => {
871
873
  let dep_list = await parseGoVersionData(
872
874
  readFileSync("./test/data/goversion.txt", { encoding: "utf-8" }),
873
- {}
875
+ {},
874
876
  );
875
877
  expect(dep_list.length).toEqual(125);
876
878
  expect(dep_list[0]).toEqual({
@@ -881,11 +883,11 @@ test("parse go version data", async () => {
881
883
  purl: "pkg:golang/github.com/ShiftLeftSecurity/atlassian-connect-go@v0.0.2",
882
884
  version: "v0.0.2",
883
885
  _integrity: "",
884
- license: undefined
886
+ license: undefined,
885
887
  });
886
888
  dep_list = await parseGoVersionData(
887
889
  readFileSync("./test/data/goversion2.txt", { encoding: "utf-8" }),
888
- {}
890
+ {},
889
891
  );
890
892
  expect(dep_list.length).toEqual(149);
891
893
  expect(dep_list[0]).toEqual({
@@ -895,7 +897,7 @@ test("parse go version data", async () => {
895
897
  purl: "pkg:golang/cloud.google.com/go@v0.79.0",
896
898
  version: "v0.79.0",
897
899
  _integrity: "sha256-oqqswrt4x6b9OGBnNqdssxBl1xf0rSUNjU2BR4BZar0=",
898
- license: undefined
900
+ license: undefined,
899
901
  });
900
902
  });
901
903
 
@@ -915,8 +917,8 @@ test("parse cargo lock", async () => {
915
917
  {
916
918
  alg: "SHA-384",
917
919
  content:
918
- "6a07677093120a02583717b6dd1ef81d8de1e8d01bd226c83f0f9bdf3e56bb3a"
919
- }
920
+ "6a07677093120a02583717b6dd1ef81d8de1e8d01bd226c83f0f9bdf3e56bb3a",
921
+ },
920
922
  ],
921
923
  evidence: {
922
924
  identity: {
@@ -926,17 +928,17 @@ test("parse cargo lock", async () => {
926
928
  {
927
929
  technique: "manifest-analysis",
928
930
  confidence: 0.6,
929
- value: "./test/Cargo.lock"
930
- }
931
- ]
932
- }
931
+ value: "./test/Cargo.lock",
932
+ },
933
+ ],
934
+ },
933
935
  },
934
936
  properties: [
935
937
  {
936
938
  name: "SrcFile",
937
- value: "./test/Cargo.lock"
938
- }
939
- ]
939
+ value: "./test/Cargo.lock",
940
+ },
941
+ ],
940
942
  });
941
943
 
942
944
  dep_list = await parseCargoData("./test/data/Cargom.lock");
@@ -952,8 +954,8 @@ test("parse cargo lock", async () => {
952
954
  {
953
955
  alg: "SHA-384",
954
956
  content:
955
- "78d1833b3838dbe990df0f1f87baf640cf6146e898166afe401839d1b001e570"
956
- }
957
+ "78d1833b3838dbe990df0f1f87baf640cf6146e898166afe401839d1b001e570",
958
+ },
957
959
  ],
958
960
  evidence: {
959
961
  identity: {
@@ -963,17 +965,17 @@ test("parse cargo lock", async () => {
963
965
  {
964
966
  technique: "manifest-analysis",
965
967
  confidence: 0.6,
966
- value: "./test/data/Cargom.lock"
967
- }
968
- ]
969
- }
968
+ value: "./test/data/Cargom.lock",
969
+ },
970
+ ],
971
+ },
970
972
  },
971
973
  properties: [
972
974
  {
973
975
  name: "SrcFile",
974
- value: "./test/data/Cargom.lock"
975
- }
976
- ]
976
+ value: "./test/data/Cargom.lock",
977
+ },
978
+ ],
977
979
  });
978
980
 
979
981
  // The base64 package does not have an associated checksum. Make sure the
@@ -1000,7 +1002,7 @@ test("parse cargo lock lists last package", async () => {
1000
1002
 
1001
1003
  test("parse cargo lock dependencies tests", async () => {
1002
1004
  const dependencyData = await parseCargoDependencyData(
1003
- readFileSync("./test/Cargo.lock", { encoding: "utf-8" })
1005
+ readFileSync("./test/Cargo.lock", { encoding: "utf-8" }),
1004
1006
  );
1005
1007
  const purlIsPackage = (purl, packageName) =>
1006
1008
  new RegExp(`^pkg:cargo/${packageName}.+`).test(purl);
@@ -1010,7 +1012,7 @@ test("parse cargo lock dependencies tests", async () => {
1010
1012
  // Make sure some samples makes sense.
1011
1013
  // aho-corasick has a single dependency
1012
1014
  const ahoCorasick = dependencyData.find((dependency) =>
1013
- purlIsPackage(dependency.ref, "aho-corasick")
1015
+ purlIsPackage(dependency.ref, "aho-corasick"),
1014
1016
  );
1015
1017
  expect(ahoCorasick.dependsOn.length).toEqual(1);
1016
1018
  expect(purlIsPackage(ahoCorasick.dependsOn[0], "memchr")).toBeTruthy();
@@ -1018,14 +1020,14 @@ test("parse cargo lock dependencies tests", async () => {
1018
1020
  // First edge case is component with a dependency of a specific version.
1019
1021
  // winapi-util has a dependency on "winapi 0.3.8"
1020
1022
  const winapiUtil = dependencyData.find((dependency) =>
1021
- purlIsPackage(dependency.ref, "winapi-util")
1023
+ purlIsPackage(dependency.ref, "winapi-util"),
1022
1024
  );
1023
1025
  expect(purlIsPackage(winapiUtil.dependsOn[0], "winapi")).toBeTruthy();
1024
1026
  expect(winapiUtil.dependsOn[0]).toContain("0.3.8");
1025
1027
 
1026
1028
  // Second edge case is a component with a dependency of a specific version and a registry url.
1027
1029
  const base64 = dependencyData.find((dependency) =>
1028
- purlIsPackage(dependency.ref, "base64")
1030
+ purlIsPackage(dependency.ref, "base64"),
1029
1031
  );
1030
1032
  expect(purlIsPackage(base64.dependsOn[0], "byteorder")).toBeTruthy();
1031
1033
  expect(base64.dependsOn[0]).toContain("1.3.1");
@@ -1033,7 +1035,7 @@ test("parse cargo lock dependencies tests", async () => {
1033
1035
  // Make sure we respect packages specifying different versions of the same package.
1034
1036
  // kernel32-sys is dependent on a different version of winapi than winapi-util.
1035
1037
  const kernel32Sys = dependencyData.find((dependency) =>
1036
- purlIsPackage(dependency.ref, "kernel32-sys")
1038
+ purlIsPackage(dependency.ref, "kernel32-sys"),
1037
1039
  );
1038
1040
  expect(purlIsPackage(kernel32Sys.dependsOn[0], "winapi")).toBeTruthy();
1039
1041
  expect(kernel32Sys.dependsOn[0]).toContain("0.2.8");
@@ -1061,7 +1063,7 @@ checksum = "8a30b2e23b9e17a9f90641c7ab1549cd9b44f296d3ccbf309d2863cfe398a0cb"
1061
1063
 
1062
1064
  test("parse cargo lock dependencies tests for files on Windows", async () => {
1063
1065
  const fileContent = await readFileSync("./test/Cargo.lock", {
1064
- encoding: "utf-8"
1066
+ encoding: "utf-8",
1065
1067
  });
1066
1068
 
1067
1069
  // Simulate Windows files by forcing CRLF line endings to the data we
@@ -1120,14 +1122,14 @@ test("parse cargo toml", async () => {
1120
1122
  {
1121
1123
  technique: "manifest-analysis",
1122
1124
  confidence: 0.5,
1123
- value: "./test/data/Cargo1.toml"
1124
- }
1125
- ]
1126
- }
1125
+ value: "./test/data/Cargo1.toml",
1126
+ },
1127
+ ],
1128
+ },
1127
1129
  },
1128
1130
  purl: "pkg:cargo/unwind@0.0.0",
1129
1131
  "bom-ref": "pkg:cargo/unwind@0.0.0",
1130
- type: "library"
1132
+ type: "library",
1131
1133
  },
1132
1134
  {
1133
1135
  name: "libc",
@@ -1141,14 +1143,14 @@ test("parse cargo toml", async () => {
1141
1143
  {
1142
1144
  technique: "manifest-analysis",
1143
1145
  confidence: 0.5,
1144
- value: "./test/data/Cargo1.toml"
1145
- }
1146
- ]
1147
- }
1146
+ value: "./test/data/Cargo1.toml",
1147
+ },
1148
+ ],
1149
+ },
1148
1150
  },
1149
1151
  purl: "pkg:cargo/libc@0.2.79",
1150
1152
  "bom-ref": "pkg:cargo/libc@0.2.79",
1151
- type: "library"
1153
+ type: "library",
1152
1154
  },
1153
1155
  {
1154
1156
  name: "compiler_builtins",
@@ -1162,14 +1164,14 @@ test("parse cargo toml", async () => {
1162
1164
  {
1163
1165
  technique: "manifest-analysis",
1164
1166
  confidence: 0.5,
1165
- value: "./test/data/Cargo1.toml"
1166
- }
1167
- ]
1168
- }
1167
+ value: "./test/data/Cargo1.toml",
1168
+ },
1169
+ ],
1170
+ },
1169
1171
  },
1170
1172
  purl: "pkg:cargo/compiler_builtins@0.1.0",
1171
1173
  "bom-ref": "pkg:cargo/compiler_builtins@0.1.0",
1172
- type: "library"
1174
+ type: "library",
1173
1175
  },
1174
1176
  {
1175
1177
  name: "cfg-if",
@@ -1183,15 +1185,15 @@ test("parse cargo toml", async () => {
1183
1185
  {
1184
1186
  technique: "manifest-analysis",
1185
1187
  confidence: 0.5,
1186
- value: "./test/data/Cargo1.toml"
1187
- }
1188
- ]
1189
- }
1188
+ value: "./test/data/Cargo1.toml",
1189
+ },
1190
+ ],
1191
+ },
1190
1192
  },
1191
1193
  purl: "pkg:cargo/cfg-if@0.1.8",
1192
1194
  "bom-ref": "pkg:cargo/cfg-if@0.1.8",
1193
- type: "library"
1194
- }
1195
+ type: "library",
1196
+ },
1195
1197
  ]);
1196
1198
  dep_list = await parseCargoTomlData("./test/data/Cargo2.toml");
1197
1199
  expect(dep_list.length).toEqual(3);
@@ -1210,14 +1212,14 @@ test("parse cargo toml", async () => {
1210
1212
  {
1211
1213
  technique: "manifest-analysis",
1212
1214
  confidence: 0.5,
1213
- value: "./test/data/Cargo2.toml"
1214
- }
1215
- ]
1216
- }
1215
+ value: "./test/data/Cargo2.toml",
1216
+ },
1217
+ ],
1218
+ },
1217
1219
  },
1218
1220
  purl: "pkg:cargo/quiche-fuzz@0.1.0",
1219
1221
  "bom-ref": "pkg:cargo/quiche-fuzz@0.1.0",
1220
- type: "library"
1222
+ type: "library",
1221
1223
  },
1222
1224
  {
1223
1225
  name: "lazy_static",
@@ -1231,14 +1233,14 @@ test("parse cargo toml", async () => {
1231
1233
  {
1232
1234
  technique: "manifest-analysis",
1233
1235
  confidence: 0.5,
1234
- value: "./test/data/Cargo2.toml"
1235
- }
1236
- ]
1237
- }
1236
+ value: "./test/data/Cargo2.toml",
1237
+ },
1238
+ ],
1239
+ },
1238
1240
  },
1239
1241
  purl: "pkg:cargo/lazy_static@1",
1240
1242
  "bom-ref": "pkg:cargo/lazy_static@1",
1241
- type: "library"
1243
+ type: "library",
1242
1244
  },
1243
1245
  {
1244
1246
  name: "libfuzzer-sys",
@@ -1252,16 +1254,16 @@ test("parse cargo toml", async () => {
1252
1254
  {
1253
1255
  technique: "manifest-analysis",
1254
1256
  confidence: 0.5,
1255
- value: "./test/data/Cargo2.toml"
1256
- }
1257
- ]
1258
- }
1257
+ value: "./test/data/Cargo2.toml",
1258
+ },
1259
+ ],
1260
+ },
1259
1261
  },
1260
1262
  purl: "pkg:cargo/libfuzzer-sys@git%2Bhttps:%2F%2Fgithub.com%2Frust-fuzz%2Flibfuzzer-sys.git",
1261
1263
  "bom-ref":
1262
1264
  "pkg:cargo/libfuzzer-sys@git+https://github.com/rust-fuzz/libfuzzer-sys.git",
1263
- type: "library"
1264
- }
1265
+ type: "library",
1266
+ },
1265
1267
  ]);
1266
1268
  dep_list = await parseCargoTomlData("./test/data/Cargo3.toml", true);
1267
1269
  expect(dep_list.length).toEqual(10);
@@ -1270,13 +1272,13 @@ test("parse cargo toml", async () => {
1270
1272
  test("parse cargo auditable data", async () => {
1271
1273
  expect(await parseCargoAuditableData(null)).toEqual([]);
1272
1274
  const dep_list = await parseCargoAuditableData(
1273
- readFileSync("./test/data/cargo-auditable.txt", { encoding: "utf-8" })
1275
+ readFileSync("./test/data/cargo-auditable.txt", { encoding: "utf-8" }),
1274
1276
  );
1275
1277
  expect(dep_list.length).toEqual(32);
1276
1278
  expect(dep_list[0]).toEqual({
1277
1279
  group: "",
1278
1280
  name: "adler",
1279
- version: "1.0.2"
1281
+ version: "1.0.2",
1280
1282
  });
1281
1283
  });
1282
1284
 
@@ -1287,8 +1289,8 @@ test("get crates metadata", async () => {
1287
1289
  name: "abscissa_core",
1288
1290
  version: "0.5.2",
1289
1291
  _integrity:
1290
- "sha256-6a07677093120a02583717b6dd1ef81d8de1e8d01bd226c83f0f9bdf3e56bb3a"
1291
- }
1292
+ "sha256-6a07677093120a02583717b6dd1ef81d8de1e8d01bd226c83f0f9bdf3e56bb3a",
1293
+ },
1292
1294
  ]);
1293
1295
  expect(dep_list.length).toEqual(1);
1294
1296
  expect(dep_list[0]).toEqual({
@@ -1301,24 +1303,24 @@ test("get crates metadata", async () => {
1301
1303
  "Application microframework with support for command-line option parsing,\nconfiguration, error handling, logging, and terminal interactions.\nThis crate contains the framework's core functionality.\n",
1302
1304
  license: ["Apache-2.0"],
1303
1305
  repository: {
1304
- url: "https://github.com/iqlusioninc/abscissa/tree/main/core/"
1306
+ url: "https://github.com/iqlusioninc/abscissa/tree/main/core/",
1305
1307
  },
1306
- homepage: { url: "https://github.com/iqlusioninc/abscissa/" }
1308
+ homepage: { url: "https://github.com/iqlusioninc/abscissa/" },
1307
1309
  });
1308
1310
  }, 20000);
1309
1311
 
1310
1312
  test("parse pub lock", async () => {
1311
1313
  expect(await parsePubLockData(null)).toEqual([]);
1312
1314
  let dep_list = await parsePubLockData(
1313
- readFileSync("./test/data/pubspec.lock", { encoding: "utf-8" })
1315
+ readFileSync("./test/data/pubspec.lock", { encoding: "utf-8" }),
1314
1316
  );
1315
1317
  expect(dep_list.length).toEqual(26);
1316
1318
  expect(dep_list[0]).toEqual({
1317
1319
  name: "async",
1318
- version: "2.8.2"
1320
+ version: "2.8.2",
1319
1321
  });
1320
1322
  dep_list = parsePubYamlData(
1321
- readFileSync("./test/data/pubspec.yaml", { encoding: "utf-8" })
1323
+ readFileSync("./test/data/pubspec.yaml", { encoding: "utf-8" }),
1322
1324
  );
1323
1325
  expect(dep_list.length).toEqual(1);
1324
1326
  expect(dep_list[0]).toEqual({
@@ -1327,8 +1329,8 @@ test("parse pub lock", async () => {
1327
1329
  description:
1328
1330
  "Flutter package to show beautiful dialogs(INFO,QUESTION,WARNING,SUCCESS,ERROR) with animations as simply as possible.",
1329
1331
  homepage: {
1330
- url: "https://github.com/marcos930807/awesomeDialogs"
1331
- }
1332
+ url: "https://github.com/marcos930807/awesomeDialogs",
1333
+ },
1332
1334
  });
1333
1335
  });
1334
1336
 
@@ -1337,8 +1339,8 @@ test("get dart metadata", async () => {
1337
1339
  {
1338
1340
  group: "",
1339
1341
  name: "async",
1340
- version: "2.11.0"
1341
- }
1342
+ version: "2.11.0",
1343
+ },
1342
1344
  ]);
1343
1345
  expect(dep_list.length).toEqual(1);
1344
1346
  expect(dep_list[0]).toEqual({
@@ -1349,45 +1351,45 @@ test("get dart metadata", async () => {
1349
1351
  "Utility functions and classes related to the 'dart:async' library.",
1350
1352
  license: "BSD-3-Clause",
1351
1353
  repository: {
1352
- url: "https://github.com/dart-lang/async"
1353
- }
1354
+ url: "https://github.com/dart-lang/async",
1355
+ },
1354
1356
  });
1355
1357
  }, 120000);
1356
1358
 
1357
1359
  test("parse cabal freeze", () => {
1358
1360
  expect(parseCabalData(null)).toEqual([]);
1359
1361
  let dep_list = parseCabalData(
1360
- readFileSync("./test/data/cabal.project.freeze", { encoding: "utf-8" })
1362
+ readFileSync("./test/data/cabal.project.freeze", { encoding: "utf-8" }),
1361
1363
  );
1362
1364
  expect(dep_list.length).toEqual(24);
1363
1365
  expect(dep_list[0]).toEqual({
1364
1366
  name: "ansi-terminal",
1365
- version: "0.11.3"
1367
+ version: "0.11.3",
1366
1368
  });
1367
1369
  dep_list = parseCabalData(
1368
- readFileSync("./test/data/cabal-2.project.freeze", { encoding: "utf-8" })
1370
+ readFileSync("./test/data/cabal-2.project.freeze", { encoding: "utf-8" }),
1369
1371
  );
1370
1372
  expect(dep_list.length).toEqual(366);
1371
1373
  expect(dep_list[0]).toEqual({
1372
1374
  name: "Cabal",
1373
- version: "3.2.1.0"
1375
+ version: "3.2.1.0",
1374
1376
  });
1375
1377
  });
1376
1378
 
1377
1379
  test("parse conan data", () => {
1378
1380
  expect(parseConanLockData(null)).toEqual([]);
1379
1381
  let dep_list = parseConanLockData(
1380
- readFileSync("./test/data/conan.lock", { encoding: "utf-8" })
1382
+ readFileSync("./test/data/conan.lock", { encoding: "utf-8" }),
1381
1383
  );
1382
1384
  expect(dep_list.length).toEqual(3);
1383
1385
  expect(dep_list[0]).toEqual({
1384
1386
  name: "zstd",
1385
1387
  version: "1.4.4",
1386
1388
  "bom-ref": "pkg:conan/zstd@1.4.4",
1387
- purl: "pkg:conan/zstd@1.4.4"
1389
+ purl: "pkg:conan/zstd@1.4.4",
1388
1390
  });
1389
1391
  dep_list = parseConanData(
1390
- readFileSync("./test/data/conanfile.txt", { encoding: "utf-8" })
1392
+ readFileSync("./test/data/conanfile.txt", { encoding: "utf-8" }),
1391
1393
  );
1392
1394
  expect(dep_list.length).toEqual(3);
1393
1395
  expect(dep_list[0]).toEqual({
@@ -1395,10 +1397,10 @@ test("parse conan data", () => {
1395
1397
  version: "1.4.4",
1396
1398
  "bom-ref": "pkg:conan/zstd@1.4.4",
1397
1399
  purl: "pkg:conan/zstd@1.4.4",
1398
- scope: "required"
1400
+ scope: "required",
1399
1401
  });
1400
1402
  dep_list = parseConanData(
1401
- readFileSync("./test/data/cmakes/conanfile.txt", { encoding: "utf-8" })
1403
+ readFileSync("./test/data/cmakes/conanfile.txt", { encoding: "utf-8" }),
1402
1404
  );
1403
1405
  expect(dep_list.length).toEqual(1);
1404
1406
  expect(dep_list[0]).toEqual({
@@ -1406,10 +1408,10 @@ test("parse conan data", () => {
1406
1408
  version: "1.8.0",
1407
1409
  "bom-ref": "pkg:conan/qr-code-generator@1.8.0",
1408
1410
  purl: "pkg:conan/qr-code-generator@1.8.0",
1409
- scope: "required"
1411
+ scope: "required",
1410
1412
  });
1411
1413
  dep_list = parseConanData(
1412
- readFileSync("./test/data/cmakes/conanfile1.txt", { encoding: "utf-8" })
1414
+ readFileSync("./test/data/cmakes/conanfile1.txt", { encoding: "utf-8" }),
1413
1415
  );
1414
1416
  expect(dep_list.length).toEqual(42);
1415
1417
  expect(dep_list[0]).toEqual({
@@ -1418,131 +1420,131 @@ test("parse conan data", () => {
1418
1420
  name: "7-Zip",
1419
1421
  purl: "pkg:conan/7-Zip@19.00?revision=bb67aa9bc0da3feddc68ca9f334f4c8b",
1420
1422
  scope: "required",
1421
- version: "19.00"
1423
+ version: "19.00",
1422
1424
  });
1423
1425
  });
1424
1426
 
1425
1427
  test("parse clojure data", () => {
1426
1428
  expect(parseLeiningenData(null)).toEqual([]);
1427
1429
  let dep_list = parseLeiningenData(
1428
- readFileSync("./test/data/project.clj", { encoding: "utf-8" })
1430
+ readFileSync("./test/data/project.clj", { encoding: "utf-8" }),
1429
1431
  );
1430
1432
  expect(dep_list.length).toEqual(14);
1431
1433
  expect(dep_list[0]).toEqual({
1432
1434
  group: "",
1433
1435
  name: "leiningen-core",
1434
- version: "2.9.9-SNAPSHOT"
1436
+ version: "2.9.9-SNAPSHOT",
1435
1437
  });
1436
1438
  dep_list = parseLeiningenData(
1437
- readFileSync("./test/data/project.clj.1", { encoding: "utf-8" })
1439
+ readFileSync("./test/data/project.clj.1", { encoding: "utf-8" }),
1438
1440
  );
1439
1441
  expect(dep_list.length).toEqual(17);
1440
1442
  expect(dep_list[0]).toEqual({
1441
1443
  group: "org.clojure",
1442
1444
  name: "clojure",
1443
- version: "1.9.0"
1445
+ version: "1.9.0",
1444
1446
  });
1445
1447
  dep_list = parseLeiningenData(
1446
- readFileSync("./test/data/project.clj.2", { encoding: "utf-8" })
1448
+ readFileSync("./test/data/project.clj.2", { encoding: "utf-8" }),
1447
1449
  );
1448
1450
  expect(dep_list.length).toEqual(49);
1449
1451
  expect(dep_list[0]).toEqual({
1450
1452
  group: "",
1451
1453
  name: "bidi",
1452
- version: "2.1.6"
1454
+ version: "2.1.6",
1453
1455
  });
1454
1456
  dep_list = parseEdnData(
1455
- readFileSync("./test/data/deps.edn", { encoding: "utf-8" })
1457
+ readFileSync("./test/data/deps.edn", { encoding: "utf-8" }),
1456
1458
  );
1457
1459
  expect(dep_list.length).toEqual(20);
1458
1460
  expect(dep_list[0]).toEqual({
1459
1461
  group: "org.clojure",
1460
1462
  name: "clojure",
1461
- version: "1.10.3"
1463
+ version: "1.10.3",
1462
1464
  });
1463
1465
  dep_list = parseEdnData(
1464
- readFileSync("./test/data/deps.edn.1", { encoding: "utf-8" })
1466
+ readFileSync("./test/data/deps.edn.1", { encoding: "utf-8" }),
1465
1467
  );
1466
1468
  expect(dep_list.length).toEqual(11);
1467
1469
  expect(dep_list[0]).toEqual({
1468
1470
  group: "org.clojure",
1469
1471
  name: "clojure",
1470
- version: "1.11.0-beta1"
1472
+ version: "1.11.0-beta1",
1471
1473
  });
1472
1474
  dep_list = parseEdnData(
1473
- readFileSync("./test/data/deps.edn.2", { encoding: "utf-8" })
1475
+ readFileSync("./test/data/deps.edn.2", { encoding: "utf-8" }),
1474
1476
  );
1475
1477
  expect(dep_list.length).toEqual(5);
1476
1478
  expect(dep_list[0]).toEqual({
1477
1479
  group: "clj-commons",
1478
1480
  name: "pomegranate",
1479
- version: "1.2.1"
1481
+ version: "1.2.1",
1480
1482
  });
1481
1483
  dep_list = parseCljDep(
1482
- readFileSync("./test/data/clj-tree.txt", { encoding: "utf-8" })
1484
+ readFileSync("./test/data/clj-tree.txt", { encoding: "utf-8" }),
1483
1485
  );
1484
1486
  expect(dep_list.length).toEqual(253);
1485
1487
  expect(dep_list[0]).toEqual({
1486
1488
  group: "org.bouncycastle",
1487
1489
  name: "bcprov-jdk15on",
1488
- version: "1.70"
1490
+ version: "1.70",
1489
1491
  });
1490
1492
 
1491
1493
  dep_list = parseLeinDep(
1492
- readFileSync("./test/data/lein-tree.txt", { encoding: "utf-8" })
1494
+ readFileSync("./test/data/lein-tree.txt", { encoding: "utf-8" }),
1493
1495
  );
1494
1496
  expect(dep_list.length).toEqual(47);
1495
1497
  expect(dep_list[0]).toEqual({
1496
1498
  group: "javax.xml.bind",
1497
1499
  name: "jaxb-api",
1498
- version: "2.4.0-b180830.0359"
1500
+ version: "2.4.0-b180830.0359",
1499
1501
  });
1500
1502
  });
1501
1503
 
1502
1504
  test("parse mix lock data", () => {
1503
1505
  expect(parseMixLockData(null)).toEqual([]);
1504
1506
  let dep_list = parseMixLockData(
1505
- readFileSync("./test/data/mix.lock", { encoding: "utf-8" })
1507
+ readFileSync("./test/data/mix.lock", { encoding: "utf-8" }),
1506
1508
  );
1507
1509
  expect(dep_list.length).toEqual(16);
1508
1510
  expect(dep_list[0]).toEqual({
1509
1511
  name: "absinthe",
1510
- version: "1.7.0"
1512
+ version: "1.7.0",
1511
1513
  });
1512
1514
  dep_list = parseMixLockData(
1513
- readFileSync("./test/data/mix.lock.1", { encoding: "utf-8" })
1515
+ readFileSync("./test/data/mix.lock.1", { encoding: "utf-8" }),
1514
1516
  );
1515
1517
  expect(dep_list.length).toEqual(23);
1516
1518
  expect(dep_list[0]).toEqual({
1517
1519
  name: "bunt",
1518
- version: "0.2.0"
1520
+ version: "0.2.0",
1519
1521
  });
1520
1522
  });
1521
1523
 
1522
1524
  test("parse github actions workflow data", () => {
1523
1525
  expect(parseGitHubWorkflowData(null)).toEqual([]);
1524
1526
  let dep_list = parseGitHubWorkflowData(
1525
- readFileSync("./.github/workflows/nodejs.yml", { encoding: "utf-8" })
1527
+ readFileSync("./.github/workflows/nodejs.yml", { encoding: "utf-8" }),
1526
1528
  );
1527
1529
  expect(dep_list.length).toEqual(3);
1528
1530
  expect(dep_list[0]).toEqual({
1529
1531
  group: "actions",
1530
1532
  name: "checkout",
1531
- version: "v4"
1533
+ version: "v4",
1532
1534
  });
1533
1535
  dep_list = parseGitHubWorkflowData(
1534
- readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" })
1536
+ readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" }),
1535
1537
  );
1536
1538
  expect(dep_list.length).toEqual(9);
1537
1539
  expect(dep_list[0]).toEqual({
1538
1540
  group: "actions",
1539
1541
  name: "checkout",
1540
- version: "v4"
1542
+ version: "v4",
1541
1543
  });
1542
1544
  dep_list = parseGitHubWorkflowData(
1543
1545
  readFileSync("./.github/workflows/app-release.yml", {
1544
- encoding: "utf-8"
1545
- })
1546
+ encoding: "utf-8",
1547
+ }),
1546
1548
  );
1547
1549
  expect(dep_list.length).toEqual(3);
1548
1550
  });
@@ -1550,50 +1552,50 @@ test("parse github actions workflow data", () => {
1550
1552
  test("parse cs pkg data", () => {
1551
1553
  expect(parseCsPkgData(null)).toEqual([]);
1552
1554
  const dep_list = parseCsPkgData(
1553
- readFileSync("./test/data/packages.config", { encoding: "utf-8" })
1555
+ readFileSync("./test/data/packages.config", { encoding: "utf-8" }),
1554
1556
  );
1555
1557
  expect(dep_list.length).toEqual(21);
1556
1558
  expect(dep_list[0]).toEqual({
1557
1559
  group: "",
1558
1560
  name: "Antlr",
1559
- version: "3.5.0.2"
1561
+ version: "3.5.0.2",
1560
1562
  });
1561
1563
  });
1562
1564
 
1563
1565
  test("parse cs pkg data 2", () => {
1564
1566
  expect(parseCsPkgData(null)).toEqual([]);
1565
1567
  const dep_list = parseCsPkgData(
1566
- readFileSync("./test/data/packages2.config", { encoding: "utf-8" })
1568
+ readFileSync("./test/data/packages2.config", { encoding: "utf-8" }),
1567
1569
  );
1568
1570
  expect(dep_list.length).toEqual(1);
1569
1571
  expect(dep_list[0]).toEqual({
1570
1572
  group: "",
1571
1573
  name: "EntityFramework",
1572
- version: "6.2.0"
1574
+ version: "6.2.0",
1573
1575
  });
1574
1576
  });
1575
1577
 
1576
1578
  test("parse cs proj", () => {
1577
1579
  expect(parseCsProjData(null)).toEqual([]);
1578
1580
  const dep_list = parseCsProjData(
1579
- readFileSync("./test/sample.csproj", { encoding: "utf-8" })
1581
+ readFileSync("./test/sample.csproj", { encoding: "utf-8" }),
1580
1582
  );
1581
1583
  expect(dep_list.length).toEqual(5);
1582
1584
  expect(dep_list[0]).toEqual({
1583
1585
  group: "",
1584
1586
  name: "Microsoft.AspNetCore.Mvc.NewtonsoftJson",
1585
- version: "3.1.1"
1587
+ version: "3.1.1",
1586
1588
  });
1587
1589
  });
1588
1590
 
1589
1591
  test("parse project.assets.json", () => {
1590
1592
  expect(parseCsProjAssetsData(null)).toEqual({
1591
1593
  dependenciesList: [],
1592
- pkgList: []
1594
+ pkgList: [],
1593
1595
  });
1594
1596
  let dep_list = parseCsProjAssetsData(
1595
1597
  readFileSync("./test/data/project.assets.json", { encoding: "utf-8" }),
1596
- "./test/data/project.assets.json"
1598
+ "./test/data/project.assets.json",
1597
1599
  );
1598
1600
  expect(dep_list["pkgList"].length).toEqual(302);
1599
1601
  expect(dep_list["pkgList"][0]).toEqual({
@@ -1602,7 +1604,7 @@ test("parse project.assets.json", () => {
1602
1604
  group: "",
1603
1605
  name: "Castle.Core.Tests",
1604
1606
  type: "application",
1605
- version: "0.0.0"
1607
+ version: "0.0.0",
1606
1608
  });
1607
1609
  expect(dep_list["dependenciesList"].length).toEqual(302);
1608
1610
  expect(dep_list["dependenciesList"][0]).toEqual({
@@ -1625,13 +1627,13 @@ test("parse project.assets.json", () => {
1625
1627
  "pkg:nuget/System.Net.NameResolution@4.3.0",
1626
1628
  "pkg:nuget/System.Net.Primitives@4.3.0",
1627
1629
  "pkg:nuget/PublicApiGenerator@10.1.2",
1628
- "pkg:nuget/System.Security.Permissions@6.0.0"
1630
+ "pkg:nuget/System.Security.Permissions@6.0.0",
1629
1631
  ],
1630
- ref: "pkg:nuget/Castle.Core.Tests@0.0.0"
1632
+ ref: "pkg:nuget/Castle.Core.Tests@0.0.0",
1631
1633
  });
1632
1634
  dep_list = parseCsProjAssetsData(
1633
1635
  readFileSync("./test/data/project.assets1.json", { encoding: "utf-8" }),
1634
- "./test/data/project.assets1.json"
1636
+ "./test/data/project.assets1.json",
1635
1637
  );
1636
1638
  expect(dep_list["pkgList"].length).toEqual(43);
1637
1639
  expect(dep_list["pkgList"][0]).toEqual({
@@ -1640,7 +1642,7 @@ test("parse project.assets.json", () => {
1640
1642
  group: "",
1641
1643
  name: "Podcast.Server",
1642
1644
  type: "application",
1643
- version: "1.0.0"
1645
+ version: "1.0.0",
1644
1646
  });
1645
1647
  /*
1646
1648
  const pkgList = addEvidenceForDotnet(
@@ -1655,11 +1657,11 @@ test("parse packages.lock.json", () => {
1655
1657
  expect(parseCsPkgLockData(null)).toEqual({
1656
1658
  dependenciesList: [],
1657
1659
  pkgList: [],
1658
- rootList: []
1660
+ rootList: [],
1659
1661
  });
1660
1662
  let dep_list = parseCsPkgLockData(
1661
1663
  readFileSync("./test/data/packages.lock.json", { encoding: "utf-8" }),
1662
- "./test/data/packages.lock.json"
1664
+ "./test/data/packages.lock.json",
1663
1665
  );
1664
1666
  expect(dep_list["pkgList"].length).toEqual(14);
1665
1667
  expect(dep_list["pkgList"][0]).toEqual({
@@ -1679,15 +1681,15 @@ test("parse packages.lock.json", () => {
1679
1681
  {
1680
1682
  technique: "manifest-analysis",
1681
1683
  confidence: 1,
1682
- value: "./test/data/packages.lock.json"
1683
- }
1684
- ]
1685
- }
1686
- }
1684
+ value: "./test/data/packages.lock.json",
1685
+ },
1686
+ ],
1687
+ },
1688
+ },
1687
1689
  });
1688
1690
  dep_list = parseCsPkgLockData(
1689
1691
  readFileSync("./test/data/packages2.lock.json", { encoding: "utf-8" }),
1690
- "./test/data/packages2.lock.json"
1692
+ "./test/data/packages2.lock.json",
1691
1693
  );
1692
1694
  expect(dep_list["pkgList"].length).toEqual(34);
1693
1695
  expect(dep_list["dependenciesList"].length).toEqual(34);
@@ -1708,23 +1710,23 @@ test("parse packages.lock.json", () => {
1708
1710
  {
1709
1711
  technique: "manifest-analysis",
1710
1712
  confidence: 1,
1711
- value: "./test/data/packages2.lock.json"
1712
- }
1713
- ]
1714
- }
1715
- }
1713
+ value: "./test/data/packages2.lock.json",
1714
+ },
1715
+ ],
1716
+ },
1717
+ },
1716
1718
  });
1717
1719
  expect(dep_list["dependenciesList"][0]).toEqual({
1718
1720
  ref: "pkg:nuget/McMaster.Extensions.Hosting.CommandLine@4.0.1",
1719
1721
  dependsOn: [
1720
1722
  "pkg:nuget/McMaster.Extensions.CommandLineUtils@4.0.1",
1721
1723
  "pkg:nuget/Microsoft.Extensions.Hosting.Abstractions@6.0.0",
1722
- "pkg:nuget/Microsoft.Extensions.Logging.Abstractions@6.0.0"
1723
- ]
1724
+ "pkg:nuget/Microsoft.Extensions.Logging.Abstractions@6.0.0",
1725
+ ],
1724
1726
  });
1725
1727
  dep_list = parseCsPkgLockData(
1726
1728
  readFileSync("./test/data/packages3.lock.json", { encoding: "utf-8" }),
1727
- "./test/data/packages3.lock.json"
1729
+ "./test/data/packages3.lock.json",
1728
1730
  );
1729
1731
  expect(dep_list["pkgList"].length).toEqual(15);
1730
1732
  expect(dep_list["pkgList"][1]).toEqual({
@@ -1744,11 +1746,11 @@ test("parse packages.lock.json", () => {
1744
1746
  {
1745
1747
  technique: "manifest-analysis",
1746
1748
  confidence: 1,
1747
- value: "./test/data/packages3.lock.json"
1748
- }
1749
- ]
1750
- }
1751
- }
1749
+ value: "./test/data/packages3.lock.json",
1750
+ },
1751
+ ],
1752
+ },
1753
+ },
1752
1754
  });
1753
1755
  expect(dep_list["dependenciesList"].length).toEqual(15);
1754
1756
  });
@@ -1756,11 +1758,11 @@ test("parse packages.lock.json", () => {
1756
1758
  test("parse paket.lock", () => {
1757
1759
  expect(parsePaketLockData(null)).toEqual({
1758
1760
  pkgList: [],
1759
- dependenciesList: []
1761
+ dependenciesList: [],
1760
1762
  });
1761
1763
  const dep_list = parsePaketLockData(
1762
1764
  readFileSync("./test/data/paket.lock", { encoding: "utf-8" }),
1763
- "./test/data/paket.lock"
1765
+ "./test/data/paket.lock",
1764
1766
  );
1765
1767
  expect(dep_list.pkgList.length).toEqual(13);
1766
1768
  expect(dep_list.pkgList[0]).toEqual({
@@ -1778,32 +1780,32 @@ test("parse paket.lock", () => {
1778
1780
  {
1779
1781
  technique: "manifest-analysis",
1780
1782
  confidence: 1,
1781
- value: "./test/data/paket.lock"
1782
- }
1783
- ]
1784
- }
1785
- }
1783
+ value: "./test/data/paket.lock",
1784
+ },
1785
+ ],
1786
+ },
1787
+ },
1786
1788
  });
1787
1789
  expect(dep_list.dependenciesList.length).toEqual(13);
1788
1790
  expect(dep_list.dependenciesList[2]).toEqual({
1789
1791
  ref: "pkg:nuget/FSharp.Compiler.Service@17.0.1",
1790
1792
  dependsOn: [
1791
1793
  "pkg:nuget/System.Collections.Immutable@1.4",
1792
- "pkg:nuget/System.Reflection.Metadata@1.5"
1793
- ]
1794
+ "pkg:nuget/System.Reflection.Metadata@1.5",
1795
+ ],
1794
1796
  });
1795
1797
  });
1796
1798
 
1797
1799
  test("parse .net cs proj", () => {
1798
1800
  expect(parseCsProjData(null)).toEqual([]);
1799
1801
  const dep_list = parseCsProjData(
1800
- readFileSync("./test/data/sample-dotnet.csproj", { encoding: "utf-8" })
1802
+ readFileSync("./test/data/sample-dotnet.csproj", { encoding: "utf-8" }),
1801
1803
  );
1802
1804
  expect(dep_list.length).toEqual(19);
1803
1805
  expect(dep_list[0]).toEqual({
1804
1806
  group: "",
1805
1807
  name: "Antlr3.Runtime",
1806
- version: "3.5.0.2"
1808
+ version: "3.5.0.2",
1807
1809
  });
1808
1810
  });
1809
1811
 
@@ -1825,9 +1827,9 @@ test("get nget metadata", async () => {
1825
1827
  "pkg:nuget/System.Net.NameResolution@4.3.0",
1826
1828
  "pkg:nuget/System.Net.Primitives@4.3.0",
1827
1829
  "pkg:nuget/PublicApiGenerator@10.1.2",
1828
- "pkg:nuget/System.Security.Permissions@6.0.0"
1830
+ "pkg:nuget/System.Security.Permissions@6.0.0",
1829
1831
  ],
1830
- ref: "pkg:nuget/Castle.Core@4.4.0"
1832
+ ref: "pkg:nuget/Castle.Core@4.4.0",
1831
1833
  },
1832
1834
  {
1833
1835
  dependsOn: [
@@ -1841,24 +1843,24 @@ test("get nget metadata", async () => {
1841
1843
  "pkg:nuget/System.Runtime.Extensions@4.1.0",
1842
1844
  "pkg:nuget/System.Runtime@4.1.0",
1843
1845
  "pkg:nuget/System.Text.RegularExpressions@4.1.0",
1844
- "pkg:nuget/System.Threading@4.0.11"
1846
+ "pkg:nuget/System.Threading@4.0.11",
1845
1847
  ],
1846
- ref: "pkg:nuget/Serilog@3.0.1"
1847
- }
1848
+ ref: "pkg:nuget/Serilog@3.0.1",
1849
+ },
1848
1850
  ];
1849
1851
  const pkg_list = [
1850
1852
  {
1851
1853
  group: "",
1852
1854
  name: "Castle.Core",
1853
1855
  version: "4.4.0",
1854
- "bom-ref": "pkg:nuget/Castle.Core@4.4.0"
1856
+ "bom-ref": "pkg:nuget/Castle.Core@4.4.0",
1855
1857
  },
1856
1858
  {
1857
1859
  group: "",
1858
1860
  name: "Serilog",
1859
1861
  version: "3.0.1",
1860
- "bom-ref": "pkg:nuget/Serilog@3.0.1"
1861
- }
1862
+ "bom-ref": "pkg:nuget/Serilog@3.0.1",
1863
+ },
1862
1864
  ];
1863
1865
  const { pkgList, dependencies } = await getNugetMetadata(pkg_list, dep_list);
1864
1866
  // This data will need to be updated periodically as it tests that missing versions are set to the latest rc
@@ -1870,14 +1872,14 @@ test("get nget metadata", async () => {
1870
1872
  "Castle Core, including DynamicProxy, Logging Abstractions and DictionaryAdapter",
1871
1873
  group: "",
1872
1874
  homepage: {
1873
- url: "https://www.nuget.org/packages/Castle.Core/4.4.0/"
1875
+ url: "https://www.nuget.org/packages/Castle.Core/4.4.0/",
1874
1876
  },
1875
1877
  license: "Apache-2.0",
1876
1878
  name: "Castle.Core",
1877
1879
  repository: {
1878
- url: "http://www.castleproject.org/"
1880
+ url: "http://www.castleproject.org/",
1879
1881
  },
1880
- version: "4.4.0"
1882
+ version: "4.4.0",
1881
1883
  },
1882
1884
  {
1883
1885
  author: "Serilog Contributors",
@@ -1885,15 +1887,15 @@ test("get nget metadata", async () => {
1885
1887
  description: "Simple .NET logging with fully-structured events",
1886
1888
  group: "",
1887
1889
  homepage: {
1888
- url: "https://www.nuget.org/packages/Serilog/3.0.1/"
1890
+ url: "https://www.nuget.org/packages/Serilog/3.0.1/",
1889
1891
  },
1890
1892
  license: "Apache-2.0",
1891
1893
  name: "Serilog",
1892
1894
  repository: {
1893
- url: "https://serilog.net/"
1895
+ url: "https://serilog.net/",
1894
1896
  },
1895
- version: "3.0.1"
1896
- }
1897
+ version: "3.0.1",
1898
+ },
1897
1899
  ]);
1898
1900
  expect(pkgList.length).toEqual(2);
1899
1901
  expect(dependencies).toEqual([
@@ -1913,9 +1915,9 @@ test("get nget metadata", async () => {
1913
1915
  "pkg:nuget/System.Net.NameResolution@4.3.0",
1914
1916
  "pkg:nuget/System.Net.Primitives@4.3.0",
1915
1917
  "pkg:nuget/PublicApiGenerator@10.1.2",
1916
- "pkg:nuget/System.Security.Permissions@6.0.0"
1918
+ "pkg:nuget/System.Security.Permissions@6.0.0",
1917
1919
  ],
1918
- ref: "pkg:nuget/Castle.Core@4.4.0"
1920
+ ref: "pkg:nuget/Castle.Core@4.4.0",
1919
1921
  },
1920
1922
  {
1921
1923
  dependsOn: [
@@ -1929,10 +1931,10 @@ test("get nget metadata", async () => {
1929
1931
  "pkg:nuget/System.Runtime.Extensions@4.1.0",
1930
1932
  "pkg:nuget/System.Runtime@4.1.0",
1931
1933
  "pkg:nuget/System.Text.RegularExpressions@4.1.0",
1932
- "pkg:nuget/System.Threading@4.0.11"
1934
+ "pkg:nuget/System.Threading@4.0.11",
1933
1935
  ],
1934
- ref: "pkg:nuget/Serilog@3.0.1"
1935
- }
1936
+ ref: "pkg:nuget/Serilog@3.0.1",
1937
+ },
1936
1938
  ]);
1937
1939
  }, 240000);
1938
1940
 
@@ -2023,9 +2025,9 @@ test("get licenses", () => {
2023
2025
  {
2024
2026
  license: {
2025
2027
  id: "MIT",
2026
- url: "https://opensource.org/licenses/MIT"
2027
- }
2028
- }
2028
+ url: "https://opensource.org/licenses/MIT",
2029
+ },
2030
+ },
2029
2031
  ]);
2030
2032
 
2031
2033
  licenses = getLicenses({ license: ["MIT", "GPL-3.0-or-later"] });
@@ -2033,30 +2035,70 @@ test("get licenses", () => {
2033
2035
  {
2034
2036
  license: {
2035
2037
  id: "MIT",
2036
- url: "https://opensource.org/licenses/MIT"
2037
- }
2038
+ url: "https://opensource.org/licenses/MIT",
2039
+ },
2038
2040
  },
2039
2041
  {
2040
2042
  license: {
2041
2043
  id: "GPL-3.0-or-later",
2042
- url: "https://opensource.org/licenses/GPL-3.0-or-later"
2043
- }
2044
- }
2044
+ url: "https://opensource.org/licenses/GPL-3.0-or-later",
2045
+ },
2046
+ },
2045
2047
  ]);
2046
2048
 
2047
2049
  licenses = getLicenses({
2048
2050
  license: {
2049
2051
  id: "MIT",
2050
- url: "https://opensource.org/licenses/MIT"
2051
- }
2052
+ url: "https://opensource.org/licenses/MIT",
2053
+ },
2052
2054
  });
2053
2055
  expect(licenses).toEqual([
2054
2056
  {
2055
2057
  license: {
2056
2058
  id: "MIT",
2057
- url: "https://opensource.org/licenses/MIT"
2058
- }
2059
- }
2059
+ url: "https://opensource.org/licenses/MIT",
2060
+ },
2061
+ },
2062
+ ]);
2063
+
2064
+ licenses = getLicenses({
2065
+ license: "GPL-2.0+",
2066
+ });
2067
+ expect(licenses).toEqual([
2068
+ {
2069
+ license: {
2070
+ id: "GPL-2.0+",
2071
+ url: "https://opensource.org/licenses/GPL-2.0+",
2072
+ },
2073
+ },
2074
+ ]);
2075
+
2076
+ licenses = getLicenses({
2077
+ license: "(MIT or Apache-2.0)",
2078
+ });
2079
+ expect(licenses).toEqual([
2080
+ {
2081
+ expression: "(MIT or Apache-2.0)",
2082
+ },
2083
+ ]);
2084
+
2085
+ // In case this is not a known license in the current build but it is a valid SPDX license expression
2086
+ licenses = getLicenses({
2087
+ license: "NOT-GPL-2.1+",
2088
+ });
2089
+ expect(licenses).toEqual([
2090
+ {
2091
+ expression: "NOT-GPL-2.1+",
2092
+ },
2093
+ ]);
2094
+
2095
+ licenses = getLicenses({
2096
+ license: "GPL-3.0-only WITH Classpath-exception-2.0",
2097
+ });
2098
+ expect(licenses).toEqual([
2099
+ {
2100
+ expression: "GPL-3.0-only WITH Classpath-exception-2.0",
2101
+ },
2060
2102
  ]);
2061
2103
  });
2062
2104
 
@@ -2067,24 +2109,24 @@ test("parsePkgJson", async () => {
2067
2109
 
2068
2110
  test("parsePkgLock v1", async () => {
2069
2111
  const parsedList = await parsePkgLock(
2070
- "./test/data/package-json/v1/package-lock.json"
2112
+ "./test/data/package-json/v1/package-lock.json",
2071
2113
  );
2072
2114
  const deps = parsedList.pkgList;
2073
2115
  expect(deps.length).toEqual(910);
2074
2116
  expect(deps[1]._integrity).toEqual(
2075
- "sha512-ZmIomM7EE1DvPEnSFAHZn9Vs9zJl5A9H7el0EGTE6ZbW9FKe/14IYAlPbC8iH25YarEQxZL+E8VW7Mi7kfQrDQ=="
2117
+ "sha512-ZmIomM7EE1DvPEnSFAHZn9Vs9zJl5A9H7el0EGTE6ZbW9FKe/14IYAlPbC8iH25YarEQxZL+E8VW7Mi7kfQrDQ==",
2076
2118
  );
2077
2119
  expect(parsedList.dependenciesList.length).toEqual(910);
2078
2120
  });
2079
2121
 
2080
2122
  test("parsePkgLock v2", async () => {
2081
2123
  const parsedList = await parsePkgLock(
2082
- "./test/data/package-json/v2/package-lock.json"
2124
+ "./test/data/package-json/v2/package-lock.json",
2083
2125
  );
2084
2126
  const deps = parsedList.pkgList;
2085
2127
  expect(deps.length).toEqual(134);
2086
2128
  expect(deps[1]._integrity).toEqual(
2087
- "sha512-x9yaMvEh5BEaZKeVQC4vp3l+QoFj3BXcd4aYfuKSzIIyihjdVARAadYy3SMNIz0WCCdS2vB9JL/U6GQk5PaxQw=="
2129
+ "sha512-x9yaMvEh5BEaZKeVQC4vp3l+QoFj3BXcd4aYfuKSzIIyihjdVARAadYy3SMNIz0WCCdS2vB9JL/U6GQk5PaxQw==",
2088
2130
  );
2089
2131
  expect(deps[1].license).toEqual("Apache-2.0");
2090
2132
  expect(deps[0]).toEqual({
@@ -2095,11 +2137,11 @@ test("parsePkgLock v2", async () => {
2095
2137
  name: "shopify-theme-tailwindcss",
2096
2138
  license: "MIT",
2097
2139
  type: "application",
2098
- version: "2.2.1"
2140
+ version: "2.2.1",
2099
2141
  });
2100
2142
  expect(deps[deps.length - 1].name).toEqual("rollup");
2101
2143
  const pkgFilePath = path.resolve(
2102
- path.join("test", "data", "package-json", "v2", "package-lock.json")
2144
+ path.join("test", "data", "package-json", "v2", "package-lock.json"),
2103
2145
  );
2104
2146
  expect(deps[deps.length - 1].evidence).toEqual({
2105
2147
  identity: {
@@ -2109,41 +2151,41 @@ test("parsePkgLock v2", async () => {
2109
2151
  {
2110
2152
  technique: "manifest-analysis",
2111
2153
  confidence: 1,
2112
- value: pkgFilePath
2113
- }
2114
- ]
2115
- }
2154
+ value: pkgFilePath,
2155
+ },
2156
+ ],
2157
+ },
2116
2158
  });
2117
2159
  expect(parsedList.dependenciesList.length).toEqual(134);
2118
2160
  });
2119
2161
 
2120
2162
  test("parsePkgLock v2 workspace", async () => {
2121
2163
  const parsedList = await parsePkgLock(
2122
- "./test/data/package-json/v2-workspace/package-lock.json"
2164
+ "./test/data/package-json/v2-workspace/package-lock.json",
2123
2165
  );
2124
2166
  const pkgs = parsedList.pkgList;
2125
2167
  const deps = parsedList.dependenciesList;
2126
2168
  expect(pkgs.length).toEqual(1034);
2127
2169
  expect(pkgs[0].license).toEqual("MIT");
2128
2170
  const hasAppWorkspacePkg = pkgs.some(
2129
- (obj) => obj["bom-ref"] === "pkg:npm/app@0.0.0"
2171
+ (obj) => obj["bom-ref"] === "pkg:npm/app@0.0.0",
2130
2172
  );
2131
2173
  const hasAppWorkspaceDeps = deps.some(
2132
- (obj) => obj.ref === "pkg:npm/app@0.0.0"
2174
+ (obj) => obj.ref === "pkg:npm/app@0.0.0",
2133
2175
  );
2134
2176
  expect(hasAppWorkspacePkg).toEqual(true);
2135
2177
  expect(hasAppWorkspaceDeps).toEqual(true);
2136
2178
  const hasRootPkg = pkgs.some(
2137
- (obj) => obj["bom-ref"] === "pkg:npm/root@0.0.0"
2179
+ (obj) => obj["bom-ref"] === "pkg:npm/root@0.0.0",
2138
2180
  );
2139
2181
  const hasRootDeps = deps.some((obj) => obj.ref === "pkg:npm/root@0.0.0");
2140
2182
  expect(hasRootPkg).toEqual(true);
2141
2183
  expect(hasRootDeps).toEqual(true);
2142
2184
  const hasScriptsWorkspacePkg = pkgs.some(
2143
- (obj) => obj["bom-ref"] === "pkg:npm/scripts@0.0.0"
2185
+ (obj) => obj["bom-ref"] === "pkg:npm/scripts@0.0.0",
2144
2186
  );
2145
2187
  const hasScriptsWorkspaceDeps = deps.some(
2146
- (obj) => obj.ref === "pkg:npm/scripts@0.0.0"
2188
+ (obj) => obj.ref === "pkg:npm/scripts@0.0.0",
2147
2189
  );
2148
2190
  expect(hasScriptsWorkspacePkg).toEqual(true);
2149
2191
  expect(hasScriptsWorkspaceDeps).toEqual(true);
@@ -2154,13 +2196,13 @@ test("parsePkgLock v3", async () => {
2154
2196
  "./test/data/package-json/v3/package-lock.json",
2155
2197
  {
2156
2198
  projectVersion: "latest",
2157
- projectName: "cdxgen"
2158
- }
2199
+ projectName: "cdxgen",
2200
+ },
2159
2201
  );
2160
2202
  let deps = parsedList.pkgList;
2161
2203
  expect(deps.length).toEqual(161);
2162
2204
  expect(deps[1]._integrity).toEqual(
2163
- "sha512-s93jiP6GkRApn5duComx6RLwtP23YrulPxShz+8peX7svd6Q+MS8nKLhKCCazbP92C13eTVaIOxgeLt0ezIiCg=="
2205
+ "sha512-s93jiP6GkRApn5duComx6RLwtP23YrulPxShz+8peX7svd6Q+MS8nKLhKCCazbP92C13eTVaIOxgeLt0ezIiCg==",
2164
2206
  );
2165
2207
  expect(deps[0]).toEqual({
2166
2208
  "bom-ref": "pkg:npm/cdxgen@latest",
@@ -2170,17 +2212,17 @@ test("parsePkgLock v3", async () => {
2170
2212
  license: "ISC",
2171
2213
  name: "cdxgen",
2172
2214
  type: "application",
2173
- version: "latest"
2215
+ version: "latest",
2174
2216
  });
2175
2217
  expect(deps[deps.length - 1].name).toEqual("uid2");
2176
2218
  expect(parsedList.dependenciesList.length).toEqual(161);
2177
2219
  parsedList = await parsePkgLock("./package-lock.json", {
2178
2220
  projectVersion: "latest",
2179
- projectName: "cdxgen"
2221
+ projectName: "cdxgen",
2180
2222
  });
2181
2223
  deps = parsedList.pkgList;
2182
- expect(deps.length).toEqual(1164);
2183
- expect(parsedList.dependenciesList.length).toEqual(1164);
2224
+ expect(deps.length).toEqual(1071);
2225
+ expect(parsedList.dependenciesList.length).toEqual(1071);
2184
2226
  });
2185
2227
 
2186
2228
  test("parseBowerJson", async () => {
@@ -2193,7 +2235,7 @@ test("parseNodeShrinkwrap", async () => {
2193
2235
  const deps = await parseNodeShrinkwrap("./test/shrinkwrap-deps.json");
2194
2236
  expect(deps.length).toEqual(496);
2195
2237
  expect(deps[0]._integrity).toEqual(
2196
- "sha512-a9gxpmdXtZEInkCSHUJDLHZVBgb1QS0jhss4cPP93EW7s+uC5bikET2twEF3KV+7rDblJcmNvTR7VJejqd2C2g=="
2238
+ "sha512-a9gxpmdXtZEInkCSHUJDLHZVBgb1QS0jhss4cPP93EW7s+uC5bikET2twEF3KV+7rDblJcmNvTR7VJejqd2C2g==",
2197
2239
  );
2198
2240
  });
2199
2241
 
@@ -2206,19 +2248,19 @@ test("parseSetupPyFile", async () => {
2206
2248
  expect(deps[0].name).toEqual("colorama");
2207
2249
 
2208
2250
  deps = await parseSetupPyFile(
2209
- `install_requires=['colorama>=0.4.3','libsast>=1.0.3',],`
2251
+ `install_requires=['colorama>=0.4.3','libsast>=1.0.3',],`,
2210
2252
  );
2211
2253
  expect(deps.length).toEqual(2);
2212
2254
  expect(deps[0].name).toEqual("colorama");
2213
2255
 
2214
2256
  deps = await parseSetupPyFile(
2215
- `install_requires=['colorama>=0.4.3','libsast>=1.0.3']`
2257
+ `install_requires=['colorama>=0.4.3','libsast>=1.0.3']`,
2216
2258
  );
2217
2259
  expect(deps.length).toEqual(2);
2218
2260
  expect(deps[0].name).toEqual("colorama");
2219
2261
 
2220
2262
  deps = await parseSetupPyFile(
2221
- `install_requires=['colorama>=0.4.3', 'libsast>=1.0.3']`
2263
+ `install_requires=['colorama>=0.4.3', 'libsast>=1.0.3']`,
2222
2264
  );
2223
2265
  expect(deps.length).toEqual(2);
2224
2266
  expect(deps[0].name).toEqual("colorama");
@@ -2247,8 +2289,8 @@ test("parsePnpmLock", async () => {
2247
2289
  properties: [
2248
2290
  {
2249
2291
  name: "SrcFile",
2250
- value: "./test/pnpm-lock.yaml"
2251
- }
2292
+ value: "./test/pnpm-lock.yaml",
2293
+ },
2252
2294
  ],
2253
2295
  evidence: {
2254
2296
  identity: {
@@ -2258,11 +2300,11 @@ test("parsePnpmLock", async () => {
2258
2300
  {
2259
2301
  technique: "manifest-analysis",
2260
2302
  confidence: 1,
2261
- value: "./test/pnpm-lock.yaml"
2262
- }
2263
- ]
2264
- }
2265
- }
2303
+ value: "./test/pnpm-lock.yaml",
2304
+ },
2305
+ ],
2306
+ },
2307
+ },
2266
2308
  });
2267
2309
  parsedList = await parsePnpmLock("./test/data/pnpm-lock.yaml");
2268
2310
  expect(parsedList.pkgList.length).toEqual(318);
@@ -2279,8 +2321,8 @@ test("parsePnpmLock", async () => {
2279
2321
  properties: [
2280
2322
  {
2281
2323
  name: "SrcFile",
2282
- value: "./test/data/pnpm-lock.yaml"
2283
- }
2324
+ value: "./test/data/pnpm-lock.yaml",
2325
+ },
2284
2326
  ],
2285
2327
  evidence: {
2286
2328
  identity: {
@@ -2290,11 +2332,11 @@ test("parsePnpmLock", async () => {
2290
2332
  {
2291
2333
  technique: "manifest-analysis",
2292
2334
  confidence: 1,
2293
- value: "./test/data/pnpm-lock.yaml"
2294
- }
2295
- ]
2296
- }
2297
- }
2335
+ value: "./test/data/pnpm-lock.yaml",
2336
+ },
2337
+ ],
2338
+ },
2339
+ },
2298
2340
  });
2299
2341
  parsedList = await parsePnpmLock("./test/data/pnpm-lock2.yaml");
2300
2342
  expect(parsedList.pkgList.length).toEqual(7);
@@ -2316,11 +2358,11 @@ test("parsePnpmLock", async () => {
2316
2358
  {
2317
2359
  technique: "manifest-analysis",
2318
2360
  confidence: 1,
2319
- value: "./test/data/pnpm-lock2.yaml"
2320
- }
2321
- ]
2322
- }
2323
- }
2361
+ value: "./test/data/pnpm-lock2.yaml",
2362
+ },
2363
+ ],
2364
+ },
2365
+ },
2324
2366
  });
2325
2367
  expect(parsedList.dependenciesList[2]).toEqual({
2326
2368
  ref: "pkg:npm/chalk@1.1.3",
@@ -2329,8 +2371,8 @@ test("parsePnpmLock", async () => {
2329
2371
  "pkg:npm/escape-string-regexp@1.0.5",
2330
2372
  "pkg:npm/has-ansi@2.0.0",
2331
2373
  "pkg:npm/strip-ansi@3.0.1",
2332
- "pkg:npm/supports-color@2.0.0"
2333
- ]
2374
+ "pkg:npm/supports-color@2.0.0",
2375
+ ],
2334
2376
  });
2335
2377
  parsedList = await parsePnpmLock("./test/data/pnpm-lock3.yaml");
2336
2378
  expect(parsedList.pkgList.length).toEqual(449);
@@ -2353,15 +2395,15 @@ test("parsePnpmLock", async () => {
2353
2395
  {
2354
2396
  technique: "manifest-analysis",
2355
2397
  confidence: 1,
2356
- value: "./test/data/pnpm-lock3.yaml"
2357
- }
2358
- ]
2359
- }
2360
- }
2398
+ value: "./test/data/pnpm-lock3.yaml",
2399
+ },
2400
+ ],
2401
+ },
2402
+ },
2361
2403
  });
2362
2404
  expect(parsedList.dependenciesList[2]).toEqual({
2363
2405
  ref: "pkg:npm/@nodelib/fs.walk@1.2.8",
2364
- dependsOn: ["pkg:npm/@nodelib/fs.scandir@2.1.5", "pkg:npm/fastq@1.13.0"]
2406
+ dependsOn: ["pkg:npm/@nodelib/fs.scandir@2.1.5", "pkg:npm/fastq@1.13.0"],
2365
2407
  });
2366
2408
 
2367
2409
  parsedList = await parsePnpmLock("./test/data/pnpm-lock4.yaml");
@@ -2388,11 +2430,11 @@ test("parsePnpmLock", async () => {
2388
2430
  {
2389
2431
  technique: "manifest-analysis",
2390
2432
  confidence: 1,
2391
- value: "./test/data/pnpm-lock6.yaml"
2392
- }
2393
- ]
2394
- }
2395
- }
2433
+ value: "./test/data/pnpm-lock6.yaml",
2434
+ },
2435
+ ],
2436
+ },
2437
+ },
2396
2438
  });
2397
2439
  expect(parsedList.pkgList[parsedList.pkgList.length - 1]).toEqual({
2398
2440
  group: "",
@@ -2412,11 +2454,11 @@ test("parsePnpmLock", async () => {
2412
2454
  {
2413
2455
  technique: "manifest-analysis",
2414
2456
  confidence: 1,
2415
- value: "./test/data/pnpm-lock6.yaml"
2416
- }
2417
- ]
2418
- }
2419
- }
2457
+ value: "./test/data/pnpm-lock6.yaml",
2458
+ },
2459
+ ],
2460
+ },
2461
+ },
2420
2462
  });
2421
2463
  parsedList = await parsePnpmLock("./test/data/pnpm-lock6a.yaml");
2422
2464
  expect(parsedList.pkgList.length).toEqual(234);
@@ -2439,11 +2481,11 @@ test("parsePnpmLock", async () => {
2439
2481
  {
2440
2482
  technique: "manifest-analysis",
2441
2483
  confidence: 1,
2442
- value: "./test/data/pnpm-lock6a.yaml"
2443
- }
2444
- ]
2445
- }
2446
- }
2484
+ value: "./test/data/pnpm-lock6a.yaml",
2485
+ },
2486
+ ],
2487
+ },
2488
+ },
2447
2489
  });
2448
2490
  });
2449
2491
 
@@ -2462,8 +2504,8 @@ test("parseYarnLock", async () => {
2462
2504
  properties: [
2463
2505
  {
2464
2506
  name: "SrcFile",
2465
- value: "./test/yarn.lock"
2466
- }
2507
+ value: "./test/yarn.lock",
2508
+ },
2467
2509
  ],
2468
2510
  evidence: {
2469
2511
  identity: {
@@ -2473,15 +2515,15 @@ test("parseYarnLock", async () => {
2473
2515
  {
2474
2516
  technique: "manifest-analysis",
2475
2517
  confidence: 1,
2476
- value: "./test/yarn.lock"
2477
- }
2478
- ]
2479
- }
2480
- }
2518
+ value: "./test/yarn.lock",
2519
+ },
2520
+ ],
2521
+ },
2522
+ },
2481
2523
  });
2482
2524
  expect(parsedList.dependenciesList.length).toEqual(56);
2483
2525
  identMap = yarnLockToIdentMap(
2484
- readFileSync("./test/data/yarn_locks/yarn.lock", "utf8")
2526
+ readFileSync("./test/data/yarn_locks/yarn.lock", "utf8"),
2485
2527
  );
2486
2528
  expect(Object.keys(identMap).length).toEqual(2566);
2487
2529
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarn.lock");
@@ -2498,8 +2540,8 @@ test("parseYarnLock", async () => {
2498
2540
  properties: [
2499
2541
  {
2500
2542
  name: "SrcFile",
2501
- value: "./test/data/yarn_locks/yarn.lock"
2502
- }
2543
+ value: "./test/data/yarn_locks/yarn.lock",
2544
+ },
2503
2545
  ],
2504
2546
  evidence: {
2505
2547
  identity: {
@@ -2509,11 +2551,11 @@ test("parseYarnLock", async () => {
2509
2551
  {
2510
2552
  technique: "manifest-analysis",
2511
2553
  confidence: 1,
2512
- value: "./test/data/yarn_locks/yarn.lock"
2513
- }
2514
- ]
2515
- }
2516
- }
2554
+ value: "./test/data/yarn_locks/yarn.lock",
2555
+ },
2556
+ ],
2557
+ },
2558
+ },
2517
2559
  });
2518
2560
  parsedList.pkgList.forEach((d) => {
2519
2561
  expect(d.name).toBeDefined();
@@ -2534,8 +2576,8 @@ test("parseYarnLock", async () => {
2534
2576
  properties: [
2535
2577
  {
2536
2578
  name: "SrcFile",
2537
- value: "./test/data/yarn_locks/yarn-multi.lock"
2538
- }
2579
+ value: "./test/data/yarn_locks/yarn-multi.lock",
2580
+ },
2539
2581
  ],
2540
2582
  evidence: {
2541
2583
  identity: {
@@ -2545,11 +2587,11 @@ test("parseYarnLock", async () => {
2545
2587
  {
2546
2588
  technique: "manifest-analysis",
2547
2589
  confidence: 1,
2548
- value: "./test/data/yarn_locks/yarn-multi.lock"
2549
- }
2550
- ]
2551
- }
2552
- }
2590
+ value: "./test/data/yarn_locks/yarn-multi.lock",
2591
+ },
2592
+ ],
2593
+ },
2594
+ },
2553
2595
  });
2554
2596
 
2555
2597
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarn-light.lock");
@@ -2566,8 +2608,8 @@ test("parseYarnLock", async () => {
2566
2608
  properties: [
2567
2609
  {
2568
2610
  name: "SrcFile",
2569
- value: "./test/data/yarn_locks/yarn-light.lock"
2570
- }
2611
+ value: "./test/data/yarn_locks/yarn-light.lock",
2612
+ },
2571
2613
  ],
2572
2614
  evidence: {
2573
2615
  identity: {
@@ -2577,11 +2619,11 @@ test("parseYarnLock", async () => {
2577
2619
  {
2578
2620
  technique: "manifest-analysis",
2579
2621
  confidence: 1,
2580
- value: "./test/data/yarn_locks/yarn-light.lock"
2581
- }
2582
- ]
2583
- }
2584
- }
2622
+ value: "./test/data/yarn_locks/yarn-light.lock",
2623
+ },
2624
+ ],
2625
+ },
2626
+ },
2585
2627
  });
2586
2628
 
2587
2629
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarn3.lock");
@@ -2598,8 +2640,8 @@ test("parseYarnLock", async () => {
2598
2640
  properties: [
2599
2641
  {
2600
2642
  name: "SrcFile",
2601
- value: "./test/data/yarn_locks/yarn3.lock"
2602
- }
2643
+ value: "./test/data/yarn_locks/yarn3.lock",
2644
+ },
2603
2645
  ],
2604
2646
  evidence: {
2605
2647
  identity: {
@@ -2609,11 +2651,11 @@ test("parseYarnLock", async () => {
2609
2651
  {
2610
2652
  technique: "manifest-analysis",
2611
2653
  confidence: 1,
2612
- value: "./test/data/yarn_locks/yarn3.lock"
2613
- }
2614
- ]
2615
- }
2616
- }
2654
+ value: "./test/data/yarn_locks/yarn3.lock",
2655
+ },
2656
+ ],
2657
+ },
2658
+ },
2617
2659
  });
2618
2660
 
2619
2661
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv2.lock");
@@ -2630,8 +2672,8 @@ test("parseYarnLock", async () => {
2630
2672
  properties: [
2631
2673
  {
2632
2674
  name: "SrcFile",
2633
- value: "./test/data/yarn_locks/yarnv2.lock"
2634
- }
2675
+ value: "./test/data/yarn_locks/yarnv2.lock",
2676
+ },
2635
2677
  ],
2636
2678
  evidence: {
2637
2679
  identity: {
@@ -2641,11 +2683,11 @@ test("parseYarnLock", async () => {
2641
2683
  {
2642
2684
  technique: "manifest-analysis",
2643
2685
  confidence: 1,
2644
- value: "./test/data/yarn_locks/yarnv2.lock"
2645
- }
2646
- ]
2647
- }
2648
- }
2686
+ value: "./test/data/yarn_locks/yarnv2.lock",
2687
+ },
2688
+ ],
2689
+ },
2690
+ },
2649
2691
  });
2650
2692
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv3.lock");
2651
2693
  expect(parsedList.pkgList.length).toEqual(363);
@@ -2661,8 +2703,8 @@ test("parseYarnLock", async () => {
2661
2703
  properties: [
2662
2704
  {
2663
2705
  name: "SrcFile",
2664
- value: "./test/data/yarn_locks/yarnv3.lock"
2665
- }
2706
+ value: "./test/data/yarn_locks/yarnv3.lock",
2707
+ },
2666
2708
  ],
2667
2709
  evidence: {
2668
2710
  identity: {
@@ -2672,11 +2714,11 @@ test("parseYarnLock", async () => {
2672
2714
  {
2673
2715
  technique: "manifest-analysis",
2674
2716
  confidence: 1,
2675
- value: "./test/data/yarn_locks/yarnv3.lock"
2676
- }
2677
- ]
2678
- }
2679
- }
2717
+ value: "./test/data/yarn_locks/yarnv3.lock",
2718
+ },
2719
+ ],
2720
+ },
2721
+ },
2680
2722
  });
2681
2723
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarn4.lock");
2682
2724
  expect(parsedList.pkgList.length).toEqual(1);
@@ -2693,7 +2735,7 @@ test("parseYarnLock", async () => {
2693
2735
  _integrity:
2694
2736
  "sha512-JE93VWVyVa07xkK1wJ5ogjSZ30Nn4ptUuUXdPnu8MsKme1xFHLFFD3UtnHxnxnNDSnGx+WLlhuyHdIFfSCYqYg==",
2695
2737
  properties: [
2696
- { name: "SrcFile", value: "./test/data/yarn_locks/yarn-at.lock" }
2738
+ { name: "SrcFile", value: "./test/data/yarn_locks/yarn-at.lock" },
2697
2739
  ],
2698
2740
  evidence: {
2699
2741
  identity: {
@@ -2703,59 +2745,59 @@ test("parseYarnLock", async () => {
2703
2745
  {
2704
2746
  technique: "manifest-analysis",
2705
2747
  confidence: 1,
2706
- value: "./test/data/yarn_locks/yarn-at.lock"
2707
- }
2708
- ]
2709
- }
2710
- }
2748
+ value: "./test/data/yarn_locks/yarn-at.lock",
2749
+ },
2750
+ ],
2751
+ },
2752
+ },
2711
2753
  });
2712
2754
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarn5.lock");
2713
2755
  expect(parsedList.pkgList.length).toEqual(1962);
2714
2756
  expect(parsedList.dependenciesList.length).toEqual(1962);
2715
2757
  expect(parsedList.pkgList[0].purl).toEqual(
2716
- "pkg:npm/%40ampproject/remapping@2.2.0"
2758
+ "pkg:npm/%40ampproject/remapping@2.2.0",
2717
2759
  );
2718
2760
  expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
2719
- "pkg:npm/@ampproject/remapping@2.2.0"
2761
+ "pkg:npm/@ampproject/remapping@2.2.0",
2720
2762
  );
2721
2763
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarn6.lock");
2722
2764
  expect(parsedList.pkgList.length).toEqual(1472);
2723
2765
  expect(parsedList.dependenciesList.length).toEqual(1472);
2724
2766
  expect(parsedList.pkgList[0].purl).toEqual(
2725
- "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
2767
+ "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6",
2726
2768
  );
2727
2769
  expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
2728
- "pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
2770
+ "pkg:npm/@aashutoshrathi/word-wrap@1.2.6",
2729
2771
  );
2730
2772
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarn7.lock");
2731
2773
  expect(parsedList.pkgList.length).toEqual(1350);
2732
2774
  expect(parsedList.dependenciesList.length).toEqual(1347);
2733
2775
  expect(parsedList.pkgList[0].purl).toEqual(
2734
- "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
2776
+ "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6",
2735
2777
  );
2736
2778
  expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
2737
- "pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
2779
+ "pkg:npm/@aashutoshrathi/word-wrap@1.2.6",
2738
2780
  );
2739
2781
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv4.lock");
2740
2782
  expect(parsedList.pkgList.length).toEqual(1851);
2741
2783
  expect(parsedList.dependenciesList.length).toEqual(1851);
2742
2784
  expect(parsedList.pkgList[0].purl).toEqual(
2743
- "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
2785
+ "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6",
2744
2786
  );
2745
2787
  expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
2746
- "pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
2788
+ "pkg:npm/@aashutoshrathi/word-wrap@1.2.6",
2747
2789
  );
2748
2790
  parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv4.1.lock");
2749
2791
  expect(parsedList.pkgList.length).toEqual(861);
2750
2792
  expect(parsedList.dependenciesList.length).toEqual(858);
2751
2793
  expect(parsedList.pkgList[0].purl).toEqual(
2752
- "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
2794
+ "pkg:npm/%40aashutoshrathi/word-wrap@1.2.6",
2753
2795
  );
2754
2796
  expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
2755
- "pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
2797
+ "pkg:npm/@aashutoshrathi/word-wrap@1.2.6",
2756
2798
  );
2757
2799
  expect(parsedList.pkgList[0]._integrity).toEqual(
2758
- "sha512-U8KyMaYaRnkrOaDUO8T093a7RUKqV+4EkwZ2gC5VASgsL8iqwU5M0fESD/i1Jha2/1q1Oa0wqiJ31yZES3Fhnw=="
2800
+ "sha512-U8KyMaYaRnkrOaDUO8T093a7RUKqV+4EkwZ2gC5VASgsL8iqwU5M0fESD/i1Jha2/1q1Oa0wqiJ31yZES3Fhnw==",
2759
2801
  );
2760
2802
  });
2761
2803
 
@@ -2773,19 +2815,19 @@ test("parseComposerLock", () => {
2773
2815
  repository: {
2774
2816
  type: "git",
2775
2817
  url: "https://github.com/intuit/QuickBooks-V3-PHP-SDK.git",
2776
- reference: "fe42e409bcdc431614f1cfc80cfc4191b926f3ed"
2818
+ reference: "fe42e409bcdc431614f1cfc80cfc4191b926f3ed",
2777
2819
  },
2778
2820
  license: ["Apache-2.0"],
2779
2821
  description: "The Official PHP SDK for QuickBooks Online Accounting API",
2780
2822
  properties: [
2781
2823
  {
2782
2824
  name: "SrcFile",
2783
- value: "./test/data/composer.lock"
2825
+ value: "./test/data/composer.lock",
2784
2826
  },
2785
2827
  {
2786
2828
  name: "Namespaces",
2787
- value: "QuickBooksOnline\\API\\"
2788
- }
2829
+ value: "QuickBooksOnline\\API\\",
2830
+ },
2789
2831
  ],
2790
2832
  evidence: {
2791
2833
  identity: {
@@ -2795,11 +2837,11 @@ test("parseComposerLock", () => {
2795
2837
  {
2796
2838
  technique: "manifest-analysis",
2797
2839
  confidence: 1,
2798
- value: "./test/data/composer.lock"
2799
- }
2800
- ]
2801
- }
2802
- }
2840
+ value: "./test/data/composer.lock",
2841
+ },
2842
+ ],
2843
+ },
2844
+ },
2803
2845
  });
2804
2846
 
2805
2847
  retMap = parseComposerLock("./test/data/composer-2.lock");
@@ -2815,19 +2857,19 @@ test("parseComposerLock", () => {
2815
2857
  repository: {
2816
2858
  type: "git",
2817
2859
  url: "https://github.com/amphp/amp.git",
2818
- reference: "1e58d53e4af390efc7813e36cd215bd82cba4b06"
2860
+ reference: "1e58d53e4af390efc7813e36cd215bd82cba4b06",
2819
2861
  },
2820
2862
  license: ["MIT"],
2821
2863
  description: "A non-blocking concurrency framework for PHP applications.",
2822
2864
  properties: [
2823
2865
  {
2824
2866
  name: "SrcFile",
2825
- value: "./test/data/composer-2.lock"
2867
+ value: "./test/data/composer-2.lock",
2826
2868
  },
2827
2869
  {
2828
2870
  name: "Namespaces",
2829
- value: "Amp\\"
2830
- }
2871
+ value: "Amp\\",
2872
+ },
2831
2873
  ],
2832
2874
  evidence: {
2833
2875
  identity: {
@@ -2837,11 +2879,11 @@ test("parseComposerLock", () => {
2837
2879
  {
2838
2880
  technique: "manifest-analysis",
2839
2881
  confidence: 1,
2840
- value: "./test/data/composer-2.lock"
2841
- }
2842
- ]
2843
- }
2844
- }
2882
+ value: "./test/data/composer-2.lock",
2883
+ },
2884
+ ],
2885
+ },
2886
+ },
2845
2887
  });
2846
2888
 
2847
2889
  retMap = parseComposerLock("./test/data/composer-3.lock");
@@ -2856,7 +2898,7 @@ test("parseComposerLock", () => {
2856
2898
  repository: {
2857
2899
  type: "git",
2858
2900
  url: "https://github.com/amphp/amp.git",
2859
- reference: "9d5100cebffa729aaffecd3ad25dc5aeea4f13bb"
2901
+ reference: "9d5100cebffa729aaffecd3ad25dc5aeea4f13bb",
2860
2902
  },
2861
2903
  license: ["MIT"],
2862
2904
  description: "A non-blocking concurrency framework for PHP applications.",
@@ -2865,8 +2907,8 @@ test("parseComposerLock", () => {
2865
2907
  { name: "SrcFile", value: "./test/data/composer-3.lock" },
2866
2908
  {
2867
2909
  name: "Namespaces",
2868
- value: "Amp\\"
2869
- }
2910
+ value: "Amp\\",
2911
+ },
2870
2912
  ],
2871
2913
  evidence: {
2872
2914
  identity: {
@@ -2876,11 +2918,11 @@ test("parseComposerLock", () => {
2876
2918
  {
2877
2919
  technique: "manifest-analysis",
2878
2920
  confidence: 1,
2879
- value: "./test/data/composer-3.lock"
2880
- }
2881
- ]
2882
- }
2883
- }
2921
+ value: "./test/data/composer-3.lock",
2922
+ },
2923
+ ],
2924
+ },
2925
+ },
2884
2926
  });
2885
2927
  retMap = parseComposerLock("./test/data/composer-4.lock");
2886
2928
  expect(retMap.pkgList.length).toEqual(50);
@@ -2894,7 +2936,7 @@ test("parseComposerLock", () => {
2894
2936
  repository: {
2895
2937
  type: "git",
2896
2938
  url: "https://git-wip-us.apache.org/repos/asf/logging-log4php.git",
2897
- reference: "8c6df2481cd68d0d211d38f700406c5f0a9de0c2"
2939
+ reference: "8c6df2481cd68d0d211d38f700406c5f0a9de0c2",
2898
2940
  },
2899
2941
  license: ["Apache-2.0"],
2900
2942
  description: "A versatile logging framework for PHP",
@@ -2908,22 +2950,22 @@ test("parseComposerLock", () => {
2908
2950
  {
2909
2951
  confidence: 1,
2910
2952
  technique: "manifest-analysis",
2911
- value: "./test/data/composer-4.lock"
2912
- }
2913
- ]
2914
- }
2915
- }
2953
+ value: "./test/data/composer-4.lock",
2954
+ },
2955
+ ],
2956
+ },
2957
+ },
2916
2958
  });
2917
2959
  expect(retMap.dependenciesList[1]).toEqual({
2918
2960
  ref: "pkg:composer/doctrine/annotations@v1.2.1",
2919
- dependsOn: ["pkg:composer/doctrine/lexer@v1.0"]
2961
+ dependsOn: ["pkg:composer/doctrine/lexer@v1.0"],
2920
2962
  });
2921
2963
  });
2922
2964
 
2923
2965
  test("parseGemfileLockData", async () => {
2924
2966
  let retMap = await parseGemfileLockData(
2925
2967
  readFileSync("./test/data/Gemfile.lock", { encoding: "utf-8" }),
2926
- "./test/data/Gemfile.lock"
2968
+ "./test/data/Gemfile.lock",
2927
2969
  );
2928
2970
  expect(retMap.pkgList.length).toEqual(140);
2929
2971
  expect(retMap.dependenciesList.length).toEqual(140);
@@ -2936,8 +2978,8 @@ test("parseGemfileLockData", async () => {
2936
2978
  { name: "SrcFile", value: "./test/data/Gemfile.lock" },
2937
2979
  {
2938
2980
  name: "cdx:gem:remote",
2939
- value: "https://rubygems.org/"
2940
- }
2981
+ value: "https://rubygems.org/",
2982
+ },
2941
2983
  ],
2942
2984
  evidence: {
2943
2985
  identity: {
@@ -2947,39 +2989,39 @@ test("parseGemfileLockData", async () => {
2947
2989
  {
2948
2990
  technique: "manifest-analysis",
2949
2991
  confidence: 0.8,
2950
- value: "./test/data/Gemfile.lock"
2951
- }
2952
- ]
2953
- }
2954
- }
2992
+ value: "./test/data/Gemfile.lock",
2993
+ },
2994
+ ],
2995
+ },
2996
+ },
2955
2997
  });
2956
2998
  retMap = await parseGemfileLockData(
2957
2999
  readFileSync("./test/data/Gemfile1.lock", { encoding: "utf-8" }),
2958
- "./test/data/Gemfile1.lock"
3000
+ "./test/data/Gemfile1.lock",
2959
3001
  );
2960
3002
  expect(retMap.pkgList.length).toEqual(36);
2961
3003
  expect(retMap.dependenciesList.length).toEqual(36);
2962
3004
  retMap = await parseGemfileLockData(
2963
3005
  readFileSync("./test/data/Gemfile2.lock", { encoding: "utf-8" }),
2964
- "./test/data/Gemfile2.lock"
3006
+ "./test/data/Gemfile2.lock",
2965
3007
  );
2966
3008
  expect(retMap.pkgList.length).toEqual(89);
2967
3009
  expect(retMap.dependenciesList.length).toEqual(89);
2968
3010
  retMap = await parseGemfileLockData(
2969
3011
  readFileSync("./test/data/Gemfile4.lock", { encoding: "utf-8" }),
2970
- "./test/data/Gemfile4.lock"
3012
+ "./test/data/Gemfile4.lock",
2971
3013
  );
2972
3014
  expect(retMap.pkgList.length).toEqual(182);
2973
3015
  expect(retMap.dependenciesList.length).toEqual(182);
2974
3016
  retMap = await parseGemfileLockData(
2975
3017
  readFileSync("./test/data/Gemfile5.lock", { encoding: "utf-8" }),
2976
- "./test/data/Gemfile5.lock"
3018
+ "./test/data/Gemfile5.lock",
2977
3019
  );
2978
3020
  expect(retMap.pkgList.length).toEqual(43);
2979
3021
  expect(retMap.dependenciesList.length).toEqual(43);
2980
3022
  retMap = await parseGemfileLockData(
2981
3023
  readFileSync("./test/data/Gemfile6.lock", { encoding: "utf-8" }),
2982
- "./test/data/Gemfile6.lock"
3024
+ "./test/data/Gemfile6.lock",
2983
3025
  );
2984
3026
  expect(retMap.pkgList.length).toEqual(139);
2985
3027
  expect(retMap.dependenciesList.length).toEqual(139);
@@ -2987,42 +3029,42 @@ test("parseGemfileLockData", async () => {
2987
3029
 
2988
3030
  test("parseGemspecData", async () => {
2989
3031
  const deps = await parseGemspecData(
2990
- readFileSync("./test/data/xmlrpc.gemspec", { encoding: "utf-8" })
3032
+ readFileSync("./test/data/xmlrpc.gemspec", { encoding: "utf-8" }),
2991
3033
  );
2992
3034
  expect(deps.length).toEqual(1);
2993
3035
  expect(deps[0]).toEqual({
2994
3036
  name: "xmlrpc",
2995
3037
  version: "0.3.0",
2996
3038
  description:
2997
- "XMLRPC is a lightweight protocol that enables remote procedure calls over HTTP."
3039
+ "XMLRPC is a lightweight protocol that enables remote procedure calls over HTTP.",
2998
3040
  });
2999
3041
  });
3000
3042
 
3001
3043
  test("parse requirements.txt", async () => {
3002
3044
  let deps = await parseReqFile(
3003
3045
  readFileSync("./test/data/requirements.comments.txt", {
3004
- encoding: "utf-8"
3046
+ encoding: "utf-8",
3005
3047
  }),
3006
- false
3048
+ false,
3007
3049
  );
3008
3050
  expect(deps.length).toEqual(31);
3009
3051
  deps = await parseReqFile(
3010
3052
  readFileSync("./test/data/requirements.freeze.txt", {
3011
- encoding: "utf-8"
3053
+ encoding: "utf-8",
3012
3054
  }),
3013
- false
3055
+ false,
3014
3056
  );
3015
3057
  expect(deps.length).toEqual(113);
3016
3058
  expect(deps[0]).toEqual({
3017
3059
  name: "elasticsearch",
3018
3060
  version: "8.6.2",
3019
- scope: "required"
3061
+ scope: "required",
3020
3062
  });
3021
3063
  deps = await parseReqFile(
3022
3064
  readFileSync("./test/data/chen-science-requirements.txt", {
3023
- encoding: "utf-8"
3065
+ encoding: "utf-8",
3024
3066
  }),
3025
- false
3067
+ false,
3026
3068
  );
3027
3069
  expect(deps.length).toEqual(87);
3028
3070
  expect(deps[0]).toEqual({
@@ -3033,9 +3075,9 @@ test("parse requirements.txt", async () => {
3033
3075
  {
3034
3076
  name: "cdx:pip:markers",
3035
3077
  value:
3036
- 'python_full_version >= "3.8.1" and python_version < "3.12" --hash=sha256:19297512c647d4b27a2cf7c34caa7e405c0d60b5560618a29a9fe027b18b0107 --hash=sha256:84ec2218d8419404abcb9f0c02df3f34c6e0a68ed41072acfb1cef5cbc29051a'
3037
- }
3038
- ]
3078
+ 'python_full_version >= "3.8.1" and python_version < "3.12" --hash=sha256:19297512c647d4b27a2cf7c34caa7e405c0d60b5560618a29a9fe027b18b0107 --hash=sha256:84ec2218d8419404abcb9f0c02df3f34c6e0a68ed41072acfb1cef5cbc29051a',
3079
+ },
3080
+ ],
3039
3081
  });
3040
3082
  });
3041
3083
 
@@ -3048,13 +3090,13 @@ test("parse pyproject.toml", () => {
3048
3090
  "Generate CPG for multiple languages for code and threat analysis",
3049
3091
  author: "Team AppThreat <cloud@appthreat.com>",
3050
3092
  homepage: { url: "https://github.com/AppThreat/cpggen" },
3051
- repository: { url: "https://github.com/AppThreat/cpggen" }
3093
+ repository: { url: "https://github.com/AppThreat/cpggen" },
3052
3094
  });
3053
3095
  });
3054
3096
 
3055
3097
  test("parse pyproject.toml with custom poetry source", () => {
3056
3098
  const pkg = parsePyProjectToml(
3057
- "./test/data/pyproject_with_custom_poetry_source.toml"
3099
+ "./test/data/pyproject_with_custom_poetry_source.toml",
3058
3100
  );
3059
3101
  expect(pkg).toEqual({
3060
3102
  name: "cpggen",
@@ -3063,32 +3105,32 @@ test("parse pyproject.toml with custom poetry source", () => {
3063
3105
  "Generate CPG for multiple languages for code and threat analysis",
3064
3106
  author: "Team AppThreat <cloud@appthreat.com>",
3065
3107
  homepage: { url: "https://github.com/AppThreat/cpggen" },
3066
- repository: { url: "https://github.com/AppThreat/cpggen" }
3108
+ repository: { url: "https://github.com/AppThreat/cpggen" },
3067
3109
  });
3068
3110
  });
3069
3111
 
3070
3112
  test("parse poetry.lock", async () => {
3071
3113
  let retMap = await parsePoetrylockData(
3072
3114
  readFileSync("./test/data/poetry.lock", { encoding: "utf-8" }),
3073
- "./test/data/poetry.lock"
3115
+ "./test/data/poetry.lock",
3074
3116
  );
3075
3117
  expect(retMap.pkgList.length).toEqual(32);
3076
3118
  expect(retMap.dependenciesList.length).toEqual(32);
3077
3119
  retMap = await parsePoetrylockData(
3078
3120
  readFileSync("./test/data/poetry1.lock", { encoding: "utf-8" }),
3079
- "./test/data/poetry1.lock"
3121
+ "./test/data/poetry1.lock",
3080
3122
  );
3081
3123
  expect(retMap.pkgList.length).toEqual(68);
3082
3124
  expect(retMap.dependenciesList.length).toEqual(68);
3083
3125
  retMap = await parsePoetrylockData(
3084
3126
  readFileSync("./test/data/poetry-cpggen.lock", { encoding: "utf-8" }),
3085
- "./test/data/poetry-cpggen.lock"
3127
+ "./test/data/poetry-cpggen.lock",
3086
3128
  );
3087
3129
  expect(retMap.pkgList.length).toEqual(69);
3088
3130
  expect(retMap.dependenciesList.length).toEqual(69);
3089
3131
  retMap = await parsePoetrylockData(
3090
3132
  readFileSync("./test/data/pdm.lock", { encoding: "utf-8" }),
3091
- "./test/data/pdm.lock"
3133
+ "./test/data/pdm.lock",
3092
3134
  );
3093
3135
  expect(retMap.pkgList.length).toEqual(37);
3094
3136
  expect(retMap.dependenciesList.length).toEqual(37);
@@ -3096,7 +3138,7 @@ test("parse poetry.lock", async () => {
3096
3138
 
3097
3139
  test("parse wheel metadata", () => {
3098
3140
  let deps = parseBdistMetadata(
3099
- readFileSync("./test/data/METADATA", { encoding: "utf-8" })
3141
+ readFileSync("./test/data/METADATA", { encoding: "utf-8" }),
3100
3142
  );
3101
3143
  expect(deps.length).toEqual(1);
3102
3144
  expect(deps[0]).toEqual({
@@ -3105,12 +3147,12 @@ test("parse wheel metadata", () => {
3105
3147
  publisher: "Adrien Vergé",
3106
3148
  description: "A linter for YAML files.",
3107
3149
  homepage: { url: "https://github.com/adrienverge/yamllint" },
3108
- repository: { url: "https://github.com/adrienverge/yamllint" }
3150
+ repository: { url: "https://github.com/adrienverge/yamllint" },
3109
3151
  });
3110
3152
  deps = parseBdistMetadata(
3111
3153
  readFileSync("./test/data/mercurial-5.5.2-py3.8.egg-info", {
3112
- encoding: "utf-8"
3113
- })
3154
+ encoding: "utf-8",
3155
+ }),
3114
3156
  );
3115
3157
  expect(deps.length).toEqual(1);
3116
3158
  expect(deps[0]).toEqual({
@@ -3119,14 +3161,14 @@ test("parse wheel metadata", () => {
3119
3161
  publisher: "Matt Mackall and many others",
3120
3162
  description:
3121
3163
  "Fast scalable distributed SCM (revision control, version control) system",
3122
- homepage: { url: "https://mercurial-scm.org/" }
3164
+ homepage: { url: "https://mercurial-scm.org/" },
3123
3165
  });
3124
3166
  });
3125
3167
 
3126
3168
  test("parse wheel", async () => {
3127
3169
  const metadata = await readZipEntry(
3128
3170
  "./test/data/appthreat_depscan-2.0.2-py3-none-any.whl",
3129
- "METADATA"
3171
+ "METADATA",
3130
3172
  );
3131
3173
  expect(metadata);
3132
3174
  const parsed = parseBdistMetadata(metadata);
@@ -3136,24 +3178,24 @@ test("parse wheel", async () => {
3136
3178
  description:
3137
3179
  "Fully open-source security audit for project dependencies based on known vulnerabilities and advisories.",
3138
3180
  homepage: { url: "https://github.com/appthreat/dep-scan" },
3139
- publisher: "Team AppThreat"
3181
+ publisher: "Team AppThreat",
3140
3182
  });
3141
3183
  });
3142
3184
 
3143
3185
  test("parse pipfile.lock with hashes", async () => {
3144
3186
  const deps = await parsePiplockData(
3145
- JSON.parse(readFileSync("./test/data/Pipfile.lock", { encoding: "utf-8" }))
3187
+ JSON.parse(readFileSync("./test/data/Pipfile.lock", { encoding: "utf-8" })),
3146
3188
  );
3147
3189
  expect(deps.length).toEqual(46);
3148
3190
  }, 120000);
3149
3191
 
3150
3192
  test("parse scala sbt list", () => {
3151
3193
  let deps = parseKVDep(
3152
- readFileSync("./test/data/sbt-dl.list", { encoding: "utf-8" })
3194
+ readFileSync("./test/data/sbt-dl.list", { encoding: "utf-8" }),
3153
3195
  );
3154
3196
  expect(deps.length).toEqual(57);
3155
3197
  deps = parseKVDep(
3156
- readFileSync("./test/data/atom-sbt-list.txt", { encoding: "utf-8" })
3198
+ readFileSync("./test/data/atom-sbt-list.txt", { encoding: "utf-8" }),
3157
3199
  );
3158
3200
  expect(deps.length).toEqual(153);
3159
3201
  });
@@ -3171,7 +3213,7 @@ test("parse scala sbt lock", () => {
3171
3213
 
3172
3214
  test("parse nupkg file", async () => {
3173
3215
  let deps = await parseNupkg(
3174
- "./test/data/Microsoft.Web.Infrastructure.1.0.0.0.nupkg"
3216
+ "./test/data/Microsoft.Web.Infrastructure.1.0.0.0.nupkg",
3175
3217
  );
3176
3218
  expect(deps.length).toEqual(1);
3177
3219
  expect(deps[0].name).toEqual("Microsoft.Web.Infrastructure");
@@ -3179,8 +3221,8 @@ test("parse nupkg file", async () => {
3179
3221
  "./test/data/Microsoft.Web.Infrastructure.1.0.0.0.nuspec",
3180
3222
  readFileSync(
3181
3223
  "./test/data/Microsoft.Web.Infrastructure.1.0.0.0.nuspec",
3182
- "ascii"
3183
- )
3224
+ "ascii",
3225
+ ),
3184
3226
  );
3185
3227
  expect(deps.length).toEqual(1);
3186
3228
  expect(deps[0].name).toEqual("Microsoft.Web.Infrastructure");
@@ -3191,7 +3233,7 @@ test("parse nupkg file", async () => {
3191
3233
 
3192
3234
  test("parse bazel skyframe", () => {
3193
3235
  const deps = parseBazelSkyframe(
3194
- readFileSync("./test/data/bazel/bazel-state.txt", { encoding: "utf-8" })
3236
+ readFileSync("./test/data/bazel/bazel-state.txt", { encoding: "utf-8" }),
3195
3237
  );
3196
3238
  expect(deps.length).toEqual(16);
3197
3239
  expect(deps[0].name).toEqual("guava");
@@ -3200,8 +3242,8 @@ test("parse bazel skyframe", () => {
3200
3242
  test("parse bazel action graph", () => {
3201
3243
  const deps = parseBazelActionGraph(
3202
3244
  readFileSync("./test/data/bazel/bazel-action-graph.txt", {
3203
- encoding: "utf-8"
3204
- })
3245
+ encoding: "utf-8",
3246
+ }),
3205
3247
  );
3206
3248
  expect(deps.length).toEqual(10);
3207
3249
  expect(deps[0].group).toEqual("org.scala-lang");
@@ -3214,7 +3256,7 @@ test("parse bazel action graph", () => {
3214
3256
 
3215
3257
  test("parse bazel build", () => {
3216
3258
  const projs = parseBazelBuild(
3217
- readFileSync("./test/data/bazel/BUILD", { encoding: "utf-8" })
3259
+ readFileSync("./test/data/bazel/BUILD", { encoding: "utf-8" }),
3218
3260
  );
3219
3261
  expect(projs.length).toEqual(2);
3220
3262
  expect(projs[0]).toEqual("java-maven-lib");
@@ -3222,7 +3264,7 @@ test("parse bazel build", () => {
3222
3264
 
3223
3265
  test("parse helm charts", () => {
3224
3266
  let dep_list = parseHelmYamlData(
3225
- readFileSync("./test/data/Chart.yaml", { encoding: "utf-8" })
3267
+ readFileSync("./test/data/Chart.yaml", { encoding: "utf-8" }),
3226
3268
  );
3227
3269
  expect(dep_list.length).toEqual(3);
3228
3270
  expect(dep_list[0]).toEqual({
@@ -3230,13 +3272,13 @@ test("parse helm charts", () => {
3230
3272
  version: "16.0.0",
3231
3273
  description: "Prometheus is a monitoring system and time series database.",
3232
3274
  homepage: {
3233
- url: "https://prometheus.io/"
3234
- }
3275
+ url: "https://prometheus.io/",
3276
+ },
3235
3277
  });
3236
3278
  dep_list = parseHelmYamlData(
3237
3279
  readFileSync("./test/data/prometheus-community-index.yaml", {
3238
- encoding: "utf-8"
3239
- })
3280
+ encoding: "utf-8",
3281
+ }),
3240
3282
  );
3241
3283
  expect(dep_list.length).toEqual(1836);
3242
3284
  expect(dep_list[0]).toEqual({
@@ -3247,153 +3289,153 @@ test("parse helm charts", () => {
3247
3289
  homepage: { url: "https://prometheus.io/" },
3248
3290
  _integrity:
3249
3291
  "sha256-c8ece226669d90fa56a3424fa789b80a10de2cd458cd93141b8e445e26c6054d",
3250
- repository: { url: "https://github.com/prometheus/alertmanager" }
3292
+ repository: { url: "https://github.com/prometheus/alertmanager" },
3251
3293
  });
3252
3294
  });
3253
3295
 
3254
3296
  test("parse container spec like files", () => {
3255
3297
  let dep_list = parseContainerSpecData(
3256
- readFileSync("./test/data/docker-compose.yml", { encoding: "utf-8" })
3298
+ readFileSync("./test/data/docker-compose.yml", { encoding: "utf-8" }),
3257
3299
  );
3258
3300
  expect(dep_list.length).toEqual(4);
3259
3301
  dep_list = parseContainerSpecData(
3260
- readFileSync("./test/data/docker-compose-ng.yml", { encoding: "utf-8" })
3302
+ readFileSync("./test/data/docker-compose-ng.yml", { encoding: "utf-8" }),
3261
3303
  );
3262
3304
  expect(dep_list.length).toEqual(8);
3263
3305
  expect(dep_list[0]).toEqual({
3264
- service: "frontend"
3306
+ service: "frontend",
3265
3307
  });
3266
3308
  dep_list = parseContainerSpecData(
3267
- readFileSync("./test/data/docker-compose-cr.yml", { encoding: "utf-8" })
3309
+ readFileSync("./test/data/docker-compose-cr.yml", { encoding: "utf-8" }),
3268
3310
  );
3269
3311
  expect(dep_list.length).toEqual(14);
3270
3312
  expect(dep_list[0]).toEqual({
3271
- service: "crapi-identity"
3313
+ service: "crapi-identity",
3272
3314
  });
3273
3315
  dep_list = parseContainerSpecData(
3274
- readFileSync("./test/data/tekton-task.yml", { encoding: "utf-8" })
3316
+ readFileSync("./test/data/tekton-task.yml", { encoding: "utf-8" }),
3275
3317
  );
3276
3318
  expect(dep_list.length).toEqual(2);
3277
3319
  expect(dep_list[0]).toEqual({
3278
3320
  image:
3279
- "docker.io/amazon/aws-cli:2.0.52@sha256:1506cec98a7101c935176d440a14302ea528b8f92fcaf4a6f1ea2d7ecef7edc4"
3321
+ "docker.io/amazon/aws-cli:2.0.52@sha256:1506cec98a7101c935176d440a14302ea528b8f92fcaf4a6f1ea2d7ecef7edc4",
3280
3322
  });
3281
3323
  dep_list = parseContainerSpecData(
3282
- readFileSync("./test/data/postgrescluster.yaml", { encoding: "utf-8" })
3324
+ readFileSync("./test/data/postgrescluster.yaml", { encoding: "utf-8" }),
3283
3325
  );
3284
3326
  expect(dep_list.length).toEqual(6);
3285
3327
  expect(dep_list[0]).toEqual({
3286
3328
  image:
3287
- "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.5-1"
3329
+ "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.5-1",
3288
3330
  });
3289
3331
  dep_list = parseContainerSpecData(
3290
- readFileSync("./test/data/deployment.yaml", { encoding: "utf-8" })
3332
+ readFileSync("./test/data/deployment.yaml", { encoding: "utf-8" }),
3291
3333
  );
3292
3334
  expect(dep_list.length).toEqual(2);
3293
3335
  expect(dep_list[0]).toEqual({
3294
- image: "node-typescript-example"
3336
+ image: "node-typescript-example",
3295
3337
  });
3296
3338
  dep_list = parseContainerSpecData(
3297
- readFileSync("./test/data/skaffold.yaml", { encoding: "utf-8" })
3339
+ readFileSync("./test/data/skaffold.yaml", { encoding: "utf-8" }),
3298
3340
  );
3299
3341
  expect(dep_list.length).toEqual(6);
3300
3342
  expect(dep_list[0]).toEqual({
3301
- image: "leeroy-web"
3343
+ image: "leeroy-web",
3302
3344
  });
3303
3345
  dep_list = parseContainerSpecData(
3304
- readFileSync("./test/data/skaffold-ms.yaml", { encoding: "utf-8" })
3346
+ readFileSync("./test/data/skaffold-ms.yaml", { encoding: "utf-8" }),
3305
3347
  );
3306
3348
  expect(dep_list.length).toEqual(22);
3307
3349
  expect(dep_list[0]).toEqual({
3308
- image: "emailservice"
3350
+ image: "emailservice",
3309
3351
  });
3310
3352
  dep_list = parseContainerSpecData(
3311
- readFileSync("./test/data/emailservice.yaml", { encoding: "utf-8" })
3353
+ readFileSync("./test/data/emailservice.yaml", { encoding: "utf-8" }),
3312
3354
  );
3313
3355
  expect(dep_list.length).toEqual(2);
3314
3356
  expect(dep_list[0]).toEqual({
3315
- image: "emailservice"
3357
+ image: "emailservice",
3316
3358
  });
3317
3359
  dep_list = parseContainerSpecData(
3318
- readFileSync("./test/data/redis.yaml", { encoding: "utf-8" })
3360
+ readFileSync("./test/data/redis.yaml", { encoding: "utf-8" }),
3319
3361
  );
3320
3362
  expect(dep_list.length).toEqual(2);
3321
3363
  expect(dep_list[0]).toEqual({
3322
- image: "redis:alpine"
3364
+ image: "redis:alpine",
3323
3365
  });
3324
3366
  dep_list = parseContainerSpecData(
3325
- readFileSync("./test/data/adservice.yaml", { encoding: "utf-8" })
3367
+ readFileSync("./test/data/adservice.yaml", { encoding: "utf-8" }),
3326
3368
  );
3327
3369
  expect(dep_list.length).toEqual(2);
3328
3370
  expect(dep_list[0]).toEqual({
3329
- image: "gcr.io/google-samples/microservices-demo/adservice:v0.4.1"
3371
+ image: "gcr.io/google-samples/microservices-demo/adservice:v0.4.1",
3330
3372
  });
3331
3373
  dep_list = parseContainerSpecData(
3332
- readFileSync("./test/data/kustomization.yaml", { encoding: "utf-8" })
3374
+ readFileSync("./test/data/kustomization.yaml", { encoding: "utf-8" }),
3333
3375
  );
3334
3376
  expect(dep_list.length).toEqual(22);
3335
3377
  expect(dep_list[0]).toEqual({
3336
- image: "gcr.io/google-samples/microservices-demo/adservice"
3378
+ image: "gcr.io/google-samples/microservices-demo/adservice",
3337
3379
  });
3338
3380
  });
3339
3381
 
3340
3382
  test("parse containerfiles / dockerfiles", () => {
3341
3383
  const dep_list = parseContainerFile(
3342
- readFileSync("./test/data/Dockerfile", { encoding: "utf-8" })
3384
+ readFileSync("./test/data/Dockerfile", { encoding: "utf-8" }),
3343
3385
  );
3344
3386
  expect(dep_list.length).toEqual(5);
3345
3387
  expect(dep_list[0]).toEqual({
3346
- image: "hello-world"
3388
+ image: "hello-world",
3347
3389
  });
3348
3390
  expect(dep_list[0]).toEqual({
3349
- image: "hello-world"
3391
+ image: "hello-world",
3350
3392
  });
3351
3393
  expect(dep_list[1]).toEqual({
3352
- image: "hello-world"
3394
+ image: "hello-world",
3353
3395
  });
3354
3396
  expect(dep_list[2]).toEqual({
3355
- image: "hello-world:latest"
3397
+ image: "hello-world:latest",
3356
3398
  });
3357
3399
  expect(dep_list[3]).toEqual({
3358
- image: "hello-world@sha256:1234567890abcdef"
3400
+ image: "hello-world@sha256:1234567890abcdef",
3359
3401
  });
3360
3402
  expect(dep_list[4]).toEqual({
3361
- image: "hello-world:latest@sha256:1234567890abcdef"
3403
+ image: "hello-world:latest@sha256:1234567890abcdef",
3362
3404
  });
3363
3405
  });
3364
3406
 
3365
3407
  test("parse bitbucket-pipelines", () => {
3366
3408
  const dep_list = parseBitbucketPipelinesFile(
3367
- readFileSync("./test/data/bitbucket-pipelines.yml", { encoding: "utf-8" })
3409
+ readFileSync("./test/data/bitbucket-pipelines.yml", { encoding: "utf-8" }),
3368
3410
  );
3369
3411
  expect(dep_list.length).toEqual(5);
3370
3412
  expect(dep_list[0]).toEqual({
3371
- image: "node:16"
3413
+ image: "node:16",
3372
3414
  });
3373
3415
  expect(dep_list[1]).toEqual({
3374
- image: "node:18"
3416
+ image: "node:18",
3375
3417
  });
3376
3418
  expect(dep_list[2]).toEqual({
3377
- image: "some.private.org/docker/library/node:20"
3419
+ image: "some.private.org/docker/library/node:20",
3378
3420
  });
3379
3421
  expect(dep_list[3]).toEqual({
3380
- image: "atlassian/aws/s3-deploy:0.2.2"
3422
+ image: "atlassian/aws/s3-deploy:0.2.2",
3381
3423
  });
3382
3424
  expect(dep_list[4]).toEqual({
3383
- image: "some.private.org/docker/library/some-pipe:1.0.0"
3425
+ image: "some.private.org/docker/library/some-pipe:1.0.0",
3384
3426
  });
3385
3427
  });
3386
3428
 
3387
3429
  test("parse cloudbuild data", () => {
3388
3430
  expect(parseCloudBuildData(null)).toEqual([]);
3389
3431
  const dep_list = parseCloudBuildData(
3390
- readFileSync("./test/data/cloudbuild.yaml", { encoding: "utf-8" })
3432
+ readFileSync("./test/data/cloudbuild.yaml", { encoding: "utf-8" }),
3391
3433
  );
3392
3434
  expect(dep_list.length).toEqual(1);
3393
3435
  expect(dep_list[0]).toEqual({
3394
3436
  group: "gcr.io/k8s-skaffold",
3395
3437
  name: "skaffold",
3396
- version: "v2.0.1"
3438
+ version: "v2.0.1",
3397
3439
  });
3398
3440
  });
3399
3441
 
@@ -3408,8 +3450,8 @@ test("parse privado files", () => {
3408
3450
  test("parse openapi spec files", () => {
3409
3451
  let aservice = parseOpenapiSpecData(
3410
3452
  readFileSync("./test/data/openapi/openapi-spec.json", {
3411
- encoding: "utf-8"
3412
- })
3453
+ encoding: "utf-8",
3454
+ }),
3413
3455
  );
3414
3456
  expect(aservice.length).toEqual(1);
3415
3457
  expect(aservice[0]).toEqual({
@@ -3456,14 +3498,14 @@ test("parse openapi spec files", () => {
3456
3498
  "http://localhost:8888/workshop/api/mechanic/receive_report",
3457
3499
  "http://localhost:8888/workshop/api/mechanic/mechanic_report",
3458
3500
  "http://localhost:8888/workshop/api/mechanic/service_requests",
3459
- "http://localhost:8888/workshop/api/mechanic/signup"
3501
+ "http://localhost:8888/workshop/api/mechanic/signup",
3460
3502
  ],
3461
- authenticated: true
3503
+ authenticated: true,
3462
3504
  });
3463
3505
  aservice = parseOpenapiSpecData(
3464
3506
  readFileSync("./test/data/openapi/openapi-oai.yaml", {
3465
- encoding: "utf-8"
3466
- })
3507
+ encoding: "utf-8",
3508
+ }),
3467
3509
  );
3468
3510
  expect(aservice.length).toEqual(1);
3469
3511
  expect(aservice[0]).toEqual({
@@ -3492,9 +3534,9 @@ test("parse openapi spec files", () => {
3492
3534
  "https://api.openai.com/v1/fine-tunes/{fine_tune_id}/events",
3493
3535
  "https://api.openai.com/v1/models",
3494
3536
  "https://api.openai.com/v1/models/{model}",
3495
- "https://api.openai.com/v1/moderations"
3537
+ "https://api.openai.com/v1/moderations",
3496
3538
  ],
3497
- authenticated: false
3539
+ authenticated: false,
3498
3540
  });
3499
3541
  });
3500
3542
 
@@ -3502,7 +3544,7 @@ test("parse swift deps files", () => {
3502
3544
  expect(parseSwiftJsonTree(null, "./test/data/swift-deps.json")).toEqual({});
3503
3545
  let retData = parseSwiftJsonTree(
3504
3546
  readFileSync("./test/data/swift-deps.json", { encoding: "utf-8" }),
3505
- "./test/data/swift-deps.json"
3547
+ "./test/data/swift-deps.json",
3506
3548
  );
3507
3549
  expect(retData.pkgList.length).toEqual(5);
3508
3550
  expect(retData.pkgList[0]).toEqual({
@@ -3512,14 +3554,14 @@ test("parse swift deps files", () => {
3512
3554
  version: "unspecified",
3513
3555
  properties: [
3514
3556
  { name: "SrcPath", value: "/Volumes/Work/sandbox/swift-markdown" },
3515
- { name: "SrcFile", value: "./test/data/swift-deps.json" }
3557
+ { name: "SrcFile", value: "./test/data/swift-deps.json" },
3516
3558
  ],
3517
- "bom-ref": "pkg:swift/swift-markdown@unspecified"
3559
+ "bom-ref": "pkg:swift/swift-markdown@unspecified",
3518
3560
  });
3519
3561
  expect(retData.dependenciesList.length).toEqual(5);
3520
3562
  expect(retData.dependenciesList[0]).toEqual({
3521
3563
  ref: "pkg:swift/github.com/apple/swift-cmark@unspecified",
3522
- dependsOn: []
3564
+ dependsOn: [],
3523
3565
  });
3524
3566
  expect(retData.dependenciesList[retData.dependenciesList.length - 1]).toEqual(
3525
3567
  {
@@ -3527,13 +3569,13 @@ test("parse swift deps files", () => {
3527
3569
  dependsOn: [
3528
3570
  "pkg:swift/github.com/apple/swift-cmark@unspecified",
3529
3571
  "pkg:swift/github.com/apple/swift-argument-parser@1.0.3",
3530
- "pkg:swift/github.com/apple/swift-docc-plugin@1.1.0"
3531
- ]
3532
- }
3572
+ "pkg:swift/github.com/apple/swift-docc-plugin@1.1.0",
3573
+ ],
3574
+ },
3533
3575
  );
3534
3576
  retData = parseSwiftJsonTree(
3535
3577
  readFileSync("./test/data/swift-deps1.json", { encoding: "utf-8" }),
3536
- "./test/data/swift-deps.json"
3578
+ "./test/data/swift-deps.json",
3537
3579
  );
3538
3580
  expect(retData.pkgList.length).toEqual(5);
3539
3581
  expect(retData.pkgList[0]).toEqual({
@@ -3544,33 +3586,33 @@ test("parse swift deps files", () => {
3544
3586
  properties: [
3545
3587
  {
3546
3588
  name: "SrcPath",
3547
- value: "/Volumes/Work/sandbox/swift-certificates"
3589
+ value: "/Volumes/Work/sandbox/swift-certificates",
3548
3590
  },
3549
- { name: "SrcFile", value: "./test/data/swift-deps.json" }
3591
+ { name: "SrcFile", value: "./test/data/swift-deps.json" },
3550
3592
  ],
3551
- "bom-ref": "pkg:swift/swift-certificates@unspecified"
3593
+ "bom-ref": "pkg:swift/swift-certificates@unspecified",
3552
3594
  });
3553
3595
  expect(retData.dependenciesList).toEqual([
3554
3596
  {
3555
3597
  ref: "pkg:swift/github.com/apple/swift-docc-symbolkit@1.0.0",
3556
- dependsOn: []
3598
+ dependsOn: [],
3557
3599
  },
3558
3600
  {
3559
3601
  ref: "pkg:swift/github.com/apple/swift-docc-plugin@1.1.0",
3560
- dependsOn: ["pkg:swift/github.com/apple/swift-docc-symbolkit@1.0.0"]
3602
+ dependsOn: ["pkg:swift/github.com/apple/swift-docc-symbolkit@1.0.0"],
3561
3603
  },
3562
3604
  {
3563
3605
  ref: "pkg:swift/github.com/apple/swift-asn1@0.7.0",
3564
- dependsOn: ["pkg:swift/github.com/apple/swift-docc-plugin@1.1.0"]
3606
+ dependsOn: ["pkg:swift/github.com/apple/swift-docc-plugin@1.1.0"],
3565
3607
  },
3566
3608
  {
3567
3609
  ref: "pkg:swift/github.com/apple/swift-crypto@2.4.0",
3568
- dependsOn: ["pkg:swift/github.com/apple/swift-asn1@0.7.0"]
3610
+ dependsOn: ["pkg:swift/github.com/apple/swift-asn1@0.7.0"],
3569
3611
  },
3570
3612
  {
3571
3613
  ref: "pkg:swift/swift-certificates@unspecified",
3572
- dependsOn: ["pkg:swift/github.com/apple/swift-crypto@2.4.0"]
3573
- }
3614
+ dependsOn: ["pkg:swift/github.com/apple/swift-crypto@2.4.0"],
3615
+ },
3574
3616
  ]);
3575
3617
  let pkgList = parseSwiftResolved("./test/data/Package.resolved");
3576
3618
  expect(pkgList.length).toEqual(6);
@@ -3588,13 +3630,13 @@ test("parse swift deps files", () => {
3588
3630
  {
3589
3631
  technique: "manifest-analysis",
3590
3632
  confidence: 1,
3591
- value: "./test/data/Package.resolved"
3592
- }
3593
- ]
3594
- }
3633
+ value: "./test/data/Package.resolved",
3634
+ },
3635
+ ],
3636
+ },
3595
3637
  },
3596
3638
  "bom-ref": "pkg:swift/github.com/apple/swift-argument-parser@1.0.3",
3597
- repository: { url: "https://github.com/apple/swift-argument-parser" }
3639
+ repository: { url: "https://github.com/apple/swift-argument-parser" },
3598
3640
  });
3599
3641
  pkgList = parseSwiftResolved("./test/data/Package2.resolved");
3600
3642
  expect(pkgList.length).toEqual(7);
@@ -3612,13 +3654,13 @@ test("parse swift deps files", () => {
3612
3654
  {
3613
3655
  technique: "manifest-analysis",
3614
3656
  confidence: 1,
3615
- value: "./test/data/Package2.resolved"
3616
- }
3617
- ]
3618
- }
3657
+ value: "./test/data/Package2.resolved",
3658
+ },
3659
+ ],
3660
+ },
3619
3661
  },
3620
3662
  "bom-ref": "pkg:swift/github.com/apple/swift-argument-parser@1.2.2",
3621
- repository: { url: "https://github.com/apple/swift-argument-parser.git" }
3663
+ repository: { url: "https://github.com/apple/swift-argument-parser.git" },
3622
3664
  });
3623
3665
  expect(pkgList[4]).toEqual({
3624
3666
  name: "swift-http-server",
@@ -3634,15 +3676,15 @@ test("parse swift deps files", () => {
3634
3676
  {
3635
3677
  technique: "manifest-analysis",
3636
3678
  confidence: 1,
3637
- value: "./test/data/Package2.resolved"
3638
- }
3639
- ]
3640
- }
3679
+ value: "./test/data/Package2.resolved",
3680
+ },
3681
+ ],
3682
+ },
3641
3683
  },
3642
3684
  "bom-ref": "pkg:swift/github.com/swift/swift-http-server@0.7.4",
3643
3685
  repository: {
3644
- url: "git@github.com:swift/swift-http-server.git"
3645
- }
3686
+ url: "git@github.com:swift/swift-http-server.git",
3687
+ },
3646
3688
  });
3647
3689
  expect(pkgList[5]).toEqual({
3648
3690
  name: "swift-http-server",
@@ -3658,15 +3700,15 @@ test("parse swift deps files", () => {
3658
3700
  {
3659
3701
  technique: "manifest-analysis",
3660
3702
  confidence: 1,
3661
- value: "./test/data/Package2.resolved"
3662
- }
3663
- ]
3664
- }
3703
+ value: "./test/data/Package2.resolved",
3704
+ },
3705
+ ],
3706
+ },
3665
3707
  },
3666
3708
  "bom-ref": "pkg:swift/bitbucket.org/swift/swift-http-server@0.7.4",
3667
3709
  repository: {
3668
- url: "ssh://git@bitbucket.org:7999/swift/swift-http-server.git"
3669
- }
3710
+ url: "ssh://git@bitbucket.org:7999/swift/swift-http-server.git",
3711
+ },
3670
3712
  });
3671
3713
  });
3672
3714
 
@@ -3681,36 +3723,36 @@ test("pypi version solver tests", () => {
3681
3723
  "3.0.12-alpha.13",
3682
3724
  "3.0.12-alpha.12",
3683
3725
  "3.0.12-alpha.14",
3684
- "4.0.0"
3726
+ "4.0.0",
3685
3727
  ];
3686
3728
  expect(guessPypiMatchingVersion(versionsList, "<4")).toEqual(
3687
- "3.0.12-alpha.14"
3729
+ "3.0.12-alpha.14",
3688
3730
  );
3689
3731
  expect(guessPypiMatchingVersion(versionsList, ">1.0.0 <3.0.0")).toEqual(
3690
- "2.0.3"
3732
+ "2.0.3",
3691
3733
  );
3692
3734
  expect(guessPypiMatchingVersion(versionsList, "== 1.0.1")).toEqual("1.0.1");
3693
3735
  expect(guessPypiMatchingVersion(versionsList, "~= 1.0.1")).toEqual("1.0.1");
3694
3736
  expect(guessPypiMatchingVersion(versionsList, ">= 2.0.1, == 2.8.*")).toEqual(
3695
- null
3737
+ null,
3696
3738
  );
3697
3739
  expect(
3698
3740
  guessPypiMatchingVersion(
3699
3741
  ["2.0.0", "2.0.1", "2.4.0", "2.8.4", "2.9.0", "3.0.1"],
3700
- ">= 2.0.1, == 2.8.*"
3701
- )
3742
+ ">= 2.0.1, == 2.8.*",
3743
+ ),
3702
3744
  ).toEqual("2.8.4");
3703
3745
  expect(
3704
- guessPypiMatchingVersion(versionsList, "== 1.1.0; python_version < '3.8'")
3746
+ guessPypiMatchingVersion(versionsList, "== 1.1.0; python_version < '3.8'"),
3705
3747
  ).toEqual("1.1.0");
3706
3748
  expect(
3707
- guessPypiMatchingVersion(versionsList, "<3.6,>1.9,!=1.9.6,<4.0a0")
3749
+ guessPypiMatchingVersion(versionsList, "<3.6,>1.9,!=1.9.6,<4.0a0"),
3708
3750
  ).toEqual("3.0.12-alpha.14");
3709
3751
  expect(
3710
- guessPypiMatchingVersion(versionsList, ">=1.4.2,<2.2,!=1.5.*,!=1.6.*")
3752
+ guessPypiMatchingVersion(versionsList, ">=1.4.2,<2.2,!=1.5.*,!=1.6.*"),
3711
3753
  ).toEqual("2.0.3");
3712
3754
  expect(guessPypiMatchingVersion(versionsList, ">=1.21.1,<3")).toEqual(
3713
- "2.0.3"
3755
+ "2.0.3",
3714
3756
  );
3715
3757
  });
3716
3758
 
@@ -3725,13 +3767,13 @@ test("parsePackageJsonName tests", () => {
3725
3767
  fullName: "foo",
3726
3768
  moduleName: "foo",
3727
3769
  projectName: null,
3728
- scope: null
3770
+ scope: null,
3729
3771
  });
3730
3772
  expect(parsePackageJsonName("@babel/code-frame")).toEqual({
3731
3773
  fullName: "code-frame",
3732
3774
  moduleName: "code-frame",
3733
3775
  projectName: null,
3734
- scope: "@babel"
3776
+ scope: "@babel",
3735
3777
  });
3736
3778
  });
3737
3779
 
@@ -3743,7 +3785,7 @@ test("parseDot tests", () => {
3743
3785
  name: "tensorflow-lite",
3744
3786
  purl: "pkg:conan/tensorflow-lite",
3745
3787
  type: "application",
3746
- version: ""
3788
+ version: "",
3747
3789
  });
3748
3790
  expect(retMap.pkgList.length).toEqual(283);
3749
3791
  expect(retMap.dependenciesList.length).toEqual(247);
@@ -3757,7 +3799,7 @@ test("parseCmakeLikeFile tests", () => {
3757
3799
  name: "tensorflow-lite",
3758
3800
  purl: "pkg:conan/tensorflow-lite",
3759
3801
  type: "application",
3760
- version: ""
3802
+ version: "",
3761
3803
  });
3762
3804
  retMap = parseCmakeLikeFile("./test/data/cmakes/CMakeLists.txt", "conan");
3763
3805
  expect(retMap.parentComponent).toEqual({
@@ -3766,11 +3808,11 @@ test("parseCmakeLikeFile tests", () => {
3766
3808
  name: "mongo-c-driver",
3767
3809
  purl: "pkg:conan/mongo-c-driver",
3768
3810
  type: "application",
3769
- version: ""
3811
+ version: "",
3770
3812
  });
3771
3813
  retMap = parseCmakeLikeFile(
3772
3814
  "./test/data/cmakes/CMakeLists-tpl.txt",
3773
- "generic"
3815
+ "generic",
3774
3816
  );
3775
3817
  expect(retMap.parentComponent).toEqual({
3776
3818
  "bom-ref": "pkg:generic/aurora-examples",
@@ -3778,11 +3820,11 @@ test("parseCmakeLikeFile tests", () => {
3778
3820
  name: "aurora-examples",
3779
3821
  purl: "pkg:generic/aurora-examples",
3780
3822
  type: "application",
3781
- version: ""
3823
+ version: "",
3782
3824
  });
3783
3825
  retMap = parseCmakeLikeFile(
3784
3826
  "./test/data/cmakes/mongoc-config.cmake",
3785
- "conan"
3827
+ "conan",
3786
3828
  );
3787
3829
  expect(retMap.pkgList.length).toEqual(2);
3788
3830
  retMap = parseCmakeLikeFile("./test/data/meson.build", "conan");
@@ -3792,7 +3834,7 @@ test("parseCmakeLikeFile tests", () => {
3792
3834
  name: "mtxclient",
3793
3835
  purl: "pkg:conan/mtxclient@0.9.2",
3794
3836
  type: "application",
3795
- version: "0.9.2"
3837
+ version: "0.9.2",
3796
3838
  });
3797
3839
  expect(retMap.pkgList.length).toEqual(7);
3798
3840
  retMap = parseCmakeLikeFile("./test/data/meson-1.build", "conan");
@@ -3802,7 +3844,7 @@ test("parseCmakeLikeFile tests", () => {
3802
3844
  name: "abseil-cpp",
3803
3845
  purl: "pkg:conan/abseil-cpp@20230125.1",
3804
3846
  type: "application",
3805
- version: "20230125.1"
3847
+ version: "20230125.1",
3806
3848
  });
3807
3849
  expect(retMap.pkgList.length).toEqual(2);
3808
3850
  });