@cyclonedx/cdxgen 10.6.1 → 10.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -0
- package/bin/cdxgen.js +10 -2
- package/display.js +22 -0
- package/index.js +3 -2
- package/package.json +2 -2
- package/server.js +18 -6
- package/types/display.d.ts +1 -0
- package/types/display.d.ts.map +1 -1
- package/types/index.d.ts +6 -1
- package/types/index.d.ts.map +1 -1
- package/types/server.d.ts.map +1 -1
- package/types/utils.d.ts.map +1 -1
- package/utils.js +38 -11
- package/utils.test.js +11 -0
package/README.md
CHANGED
|
@@ -5,6 +5,8 @@
|
|
|
5
5
|
[![GitHub License][badge-github-license]][github-license]
|
|
6
6
|
[![GitHub Contributors][badge-github-contributors]][github-contributors]
|
|
7
7
|
[![SWH][badge-swh]][swh-cdxgen]
|
|
8
|
+
[![Libraries.io dependency status][badge-libraries]][librariesio]
|
|
9
|
+
|
|
8
10
|
|
|
9
11
|
# CycloneDX Generator (cdxgen)
|
|
10
12
|
|
|
@@ -527,6 +529,7 @@ corepack pnpm test
|
|
|
527
529
|
[badge-github-license]: https://img.shields.io/github/license/cyclonedx/cdxgen
|
|
528
530
|
[badge-github-releases]: https://img.shields.io/github/v/release/cyclonedx/cdxgen
|
|
529
531
|
[badge-jsr]: https://img.shields.io/jsr/v/%40cyclonedx/cdxgen
|
|
532
|
+
[badge-libraries]: https://img.shields.io/librariesio/github/cyclonedx/cdxgen
|
|
530
533
|
[badge-npm]: https://img.shields.io/npm/v/%40cyclonedx%2Fcdxgen
|
|
531
534
|
[badge-npm-downloads]: https://img.shields.io/npm/dy/%40cyclonedx%2Fcdxgen
|
|
532
535
|
[badge-swh]: https://archive.softwareheritage.org/badge/origin/https://github.com/CycloneDX/cdxgen/
|
|
@@ -562,6 +565,7 @@ corepack pnpm test
|
|
|
562
565
|
[jsr-cdxgen]: https://jsr.io/@cyclonedx/cdxgen
|
|
563
566
|
[jwt-homepage]: https://jwt.io
|
|
564
567
|
[jwt-libraries]: https://jwt.io/libraries
|
|
568
|
+
[librariesio]: https://libraries.io/npm/@cyclonedx%2Fcdxgen
|
|
565
569
|
[npmjs-cdxgen]: https://www.npmjs.com/package/@cyclonedx/cdxgen
|
|
566
570
|
[podman-github-rootless]: https://github.com/containers/podman/blob/master/docs/tutorials/rootless_tutorial.md
|
|
567
571
|
[podman-github-remote]: https://github.com/containers/podman/blob/master/docs/tutorials/mac_win_client.md
|
package/bin/cdxgen.js
CHANGED
|
@@ -16,6 +16,7 @@ import {
|
|
|
16
16
|
printOccurrences,
|
|
17
17
|
printReachables,
|
|
18
18
|
printServices,
|
|
19
|
+
printSponsorBanner,
|
|
19
20
|
printTable,
|
|
20
21
|
} from "../display.js";
|
|
21
22
|
import { createBom, submitBom } from "../index.js";
|
|
@@ -258,6 +259,12 @@ const args = yargs(hideBin(process.argv))
|
|
|
258
259
|
"ssaf-DRAFT-2023-11",
|
|
259
260
|
],
|
|
260
261
|
})
|
|
262
|
+
.option("no-banner", {
|
|
263
|
+
type: "boolean",
|
|
264
|
+
default: false,
|
|
265
|
+
description:
|
|
266
|
+
"Do not show the donation banner. Set this attribute if you are an active sponsor for OWASP CycloneDX.",
|
|
267
|
+
})
|
|
261
268
|
.completion("completion", "Generate bash/zsh completion")
|
|
262
269
|
.array("filter")
|
|
263
270
|
.array("only")
|
|
@@ -446,6 +453,8 @@ const checkPermissions = (filePath) => {
|
|
|
446
453
|
* Method to start the bom creation process
|
|
447
454
|
*/
|
|
448
455
|
(async () => {
|
|
456
|
+
// Display the sponsor banner
|
|
457
|
+
printSponsorBanner(options);
|
|
449
458
|
// Start SBOM server
|
|
450
459
|
if (options.server) {
|
|
451
460
|
const serverModule = await import("../server.js");
|
|
@@ -675,8 +684,7 @@ const checkPermissions = (filePath) => {
|
|
|
675
684
|
// biome-ignore lint/suspicious/noDoubleEquals: yargs passes true for empty values
|
|
676
685
|
if (options.serverUrl && options.serverUrl != true && options.apiKey) {
|
|
677
686
|
try {
|
|
678
|
-
|
|
679
|
-
console.log("Response from server", dbody);
|
|
687
|
+
await submitBom(options, bomNSData.bomJson);
|
|
680
688
|
} catch (err) {
|
|
681
689
|
console.log(err);
|
|
682
690
|
}
|
package/display.js
CHANGED
|
@@ -368,3 +368,25 @@ export function printVulnerabilities(vulnerabilities) {
|
|
|
368
368
|
}
|
|
369
369
|
console.log(`${vulnerabilities.length} vulnerabilities found.`);
|
|
370
370
|
}
|
|
371
|
+
|
|
372
|
+
export function printSponsorBanner(options) {
|
|
373
|
+
if (
|
|
374
|
+
process?.env?.CI &&
|
|
375
|
+
!options.noBanner &&
|
|
376
|
+
!process.env?.GITHUB_REPOSITORY?.toLowerCase().startsWith("cyclonedx")
|
|
377
|
+
) {
|
|
378
|
+
const config = {
|
|
379
|
+
header: {
|
|
380
|
+
alignment: "center",
|
|
381
|
+
content: "\u00A4 Donate to the OWASP Foundation",
|
|
382
|
+
},
|
|
383
|
+
};
|
|
384
|
+
let message =
|
|
385
|
+
"OWASP foundation relies on donations to fund our projects.\nDonation link: https://owasp.org/donate/?reponame=www-project-cyclonedx&title=OWASP+CycloneDX";
|
|
386
|
+
if (options.serverUrl && options.apiKey) {
|
|
387
|
+
message = `${message}\nDependency Track: https://owasp.org/donate/?reponame=www-project-dependency-track&title=OWASP+Dependency-Track`;
|
|
388
|
+
}
|
|
389
|
+
const data = [[message]];
|
|
390
|
+
console.log(table(data, config));
|
|
391
|
+
}
|
|
392
|
+
}
|
package/index.js
CHANGED
|
@@ -6305,6 +6305,7 @@ export async function createBom(path, options) {
|
|
|
6305
6305
|
*
|
|
6306
6306
|
* @param {Object} args CLI args
|
|
6307
6307
|
* @param {Object} bomContents BOM Json
|
|
6308
|
+
* @return {Promise<{ token: string } | { errors: string[] } | undefined>} a promise with a token (if request was successful), a body with errors (if request failed) or undefined (in case of invalid arguments)
|
|
6308
6309
|
*/
|
|
6309
6310
|
export async function submitBom(args, bomContents) {
|
|
6310
6311
|
const serverUrl = `${args.serverUrl.replace(/\/$/, "")}/api/v1/bom`;
|
|
@@ -6388,11 +6389,11 @@ export async function submitBom(args, bomContents) {
|
|
|
6388
6389
|
console.log(
|
|
6389
6390
|
"Unable to submit the SBOM to the Dependency-Track server using POST method",
|
|
6390
6391
|
);
|
|
6391
|
-
console.log(error);
|
|
6392
6392
|
}
|
|
6393
6393
|
} else {
|
|
6394
6394
|
console.log("Unable to submit the SBOM to the Dependency-Track server");
|
|
6395
|
-
console.log(error);
|
|
6396
6395
|
}
|
|
6396
|
+
console.log(error.response?.body);
|
|
6397
|
+
return error.response?.body;
|
|
6397
6398
|
}
|
|
6398
6399
|
}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "10.6.
|
|
3
|
+
"version": "10.6.2",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
|
@@ -109,7 +109,7 @@
|
|
|
109
109
|
"types/"
|
|
110
110
|
],
|
|
111
111
|
"devDependencies": {
|
|
112
|
-
"@biomejs/biome": "1.8.
|
|
112
|
+
"@biomejs/biome": "1.8.1",
|
|
113
113
|
"jest": "^29.7.0",
|
|
114
114
|
"typescript": "^5.4.5"
|
|
115
115
|
},
|
package/server.js
CHANGED
|
@@ -131,10 +131,11 @@ const start = (options) => {
|
|
|
131
131
|
if (!filePath) {
|
|
132
132
|
res.writeHead(500, { "Content-Type": "application/json" });
|
|
133
133
|
return res.end(
|
|
134
|
-
|
|
134
|
+
JSON.stringify({
|
|
135
|
+
error: "path or url is required.",
|
|
136
|
+
}),
|
|
135
137
|
);
|
|
136
138
|
}
|
|
137
|
-
res.writeHead(200, { "Content-Type": "application/json" });
|
|
138
139
|
let srcDir = filePath;
|
|
139
140
|
if (filePath.startsWith("http") || filePath.startsWith("git")) {
|
|
140
141
|
srcDir = gitClone(filePath, reqOptions.gitBranch);
|
|
@@ -145,6 +146,21 @@ const start = (options) => {
|
|
|
145
146
|
if (reqOptions.requiredOnly || reqOptions["filter"] || reqOptions["only"]) {
|
|
146
147
|
bomNSData = postProcess(bomNSData, reqOptions);
|
|
147
148
|
}
|
|
149
|
+
if (reqOptions.serverUrl && reqOptions.apiKey) {
|
|
150
|
+
console.log("Publishing SBOM to Dependency Track");
|
|
151
|
+
const response = await submitBom(reqOptions, bomNSData.bomJson);
|
|
152
|
+
const errorMessages = response?.errors;
|
|
153
|
+
if (errorMessages) {
|
|
154
|
+
res.writeHead(500, { "Content-Type": "application/json" });
|
|
155
|
+
return res.end(
|
|
156
|
+
JSON.stringify({
|
|
157
|
+
error: "Unable to submit the SBOM to the Dependency-Track server",
|
|
158
|
+
details: errorMessages,
|
|
159
|
+
}),
|
|
160
|
+
);
|
|
161
|
+
}
|
|
162
|
+
}
|
|
163
|
+
res.writeHead(200, { "Content-Type": "application/json" });
|
|
148
164
|
if (bomNSData.bomJson) {
|
|
149
165
|
if (
|
|
150
166
|
typeof bomNSData.bomJson === "string" ||
|
|
@@ -155,10 +171,6 @@ const start = (options) => {
|
|
|
155
171
|
res.write(JSON.stringify(bomNSData.bomJson, null, null));
|
|
156
172
|
}
|
|
157
173
|
}
|
|
158
|
-
if (reqOptions.serverUrl && reqOptions.apiKey) {
|
|
159
|
-
console.log("Publishing SBOM to Dependency Track");
|
|
160
|
-
submitBom(reqOptions, bomNSData.bomJson);
|
|
161
|
-
}
|
|
162
174
|
res.end("\n");
|
|
163
175
|
if (cleanup && srcDir && srcDir.startsWith(os.tmpdir()) && fs.rmSync) {
|
|
164
176
|
console.log(`Cleaning up ${srcDir}`);
|
package/types/display.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
export function printVulnerabilities(vulnerabilities: any): void;
|
|
2
|
+
export function printSponsorBanner(options: any): void;
|
|
2
3
|
export function printTable(bomJson: any, filterTypes?: any): void;
|
|
3
4
|
export function printOSTable(bomJson: any): void;
|
|
4
5
|
export function printServices(bomJson: any): void;
|
package/types/display.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../display.js"],"names":[],"mappings":"AAuVA,iEA0BC;
|
|
1
|
+
{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../display.js"],"names":[],"mappings":"AAuVA,iEA0BC;AAED,uDAoBC;AAzXM,kEA+DN;AAQM,iDAkBN;AACM,kDAsBN;AAeM,qDA4BN;AACM,mDA8CN;AACM,uEAiCN;AA4DM,2DA+BN"}
|
package/types/index.d.ts
CHANGED
|
@@ -260,6 +260,11 @@ export function createBom(path: string, options: any): any;
|
|
|
260
260
|
*
|
|
261
261
|
* @param {Object} args CLI args
|
|
262
262
|
* @param {Object} bomContents BOM Json
|
|
263
|
+
* @return {Promise<{ token: string } | { errors: string[] } | undefined>} a promise with a token (if request was successful), a body with errors (if request failed) or undefined (in case of invalid arguments)
|
|
263
264
|
*/
|
|
264
|
-
export function submitBom(args: any, bomContents: any): Promise<
|
|
265
|
+
export function submitBom(args: any, bomContents: any): Promise<{
|
|
266
|
+
token: string;
|
|
267
|
+
} | {
|
|
268
|
+
errors: string[];
|
|
269
|
+
} | undefined>;
|
|
265
270
|
//# sourceMappingURL=index.d.ts.map
|
package/types/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"AA+tBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AA4TD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAq+BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAochB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAgWhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA8ThB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBA8ThB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyWhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,8BAoZhB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAuQhB;AAED
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"AA+tBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AA4TD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAq+BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAochB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAgWhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA8ThB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBA8ThB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyWhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,8BAoZhB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAuQhB;AAED;;;;;;GAMG;AACH,wDAFY,QAAQ;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CA2FxE"}
|
package/types/server.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../server.js"],"names":[],"mappings":"AAsGA,yDAKC;AAED,
|
|
1
|
+
{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../server.js"],"names":[],"mappings":"AAsGA,yDAKC;AAED,0CAsEC"}
|
package/types/utils.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../utils.js"],"names":[],"mappings":"AAoOA;;;;;GAKG;AACH,qCAHW,MAAM,WACN,MAAM,0BAqBhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BAoBhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAiBnB;AAED;;;;;;;;GAQG;AACH,iEAoBC;AAED;;;;;GAKG;AACH,6CAmDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBAkFjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAqVhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MAwDhB;AAwBD;;;;GAIG;AACH,4CAFW,MAAM;;;
|
|
1
|
+
{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../utils.js"],"names":[],"mappings":"AAoOA;;;;;GAKG;AACH,qCAHW,MAAM,WACN,MAAM,0BAqBhB;AAED;;;;;;GAMG;AACH,+CAJW,MAAM,WACN,MAAM,+BAoBhB;AAYD;;;;GAIG;AACH,gCAFa,MAAM,CAIlB;AAED;;;;;;IAMI;AACJ,iDAJW,MAAM,GACJ,OAAO,CAiBnB;AAED;;;;;;;;GAQG;AACH,iEAoBC;AAED;;;;;GAKG;AACH,6CAmDC;AAED;;;;;;GAMG;AACH,sEA0DC;AAED;;;;GAIG;AACH,4EAoCC;AAED;;;GAGG;AACH;;EAUC;AAED,sEA0BC;AAED;;;;GAIG;AACH,+DA4CC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,WACN,OAAO,kBAkFjB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM;;;GAqVhB;AAED;;;;;;;GAOG;AACH,6CAFW,MAAM,MAwDhB;AAwBD;;;;GAIG;AACH,4CAFW,MAAM;;;GAqNhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,kBAiEhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,oBACN,MAAM;;;;;;;;;GAqOhB;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBA+ChB;AAED;;;;GAIG;AACH,sCAFW,MAAM,kBAgFhB;AAED;;;;GAIG;AACH;;;;;;;;;;;;;;;;;;;;;;IAqDC;AAED;;;;;;GAMG;AACH,0CALW,MAAM,WACN,MAAM,OAgJhB;AAED;;;;;;GAMG;AACH,0CALW,MAAM,qBACN,MAAM,oBACN,MAAM,uBACN,MAAM;;;;;;;;;;;;;;;;EAkNhB;AAED;;;GAGG;AACH,uCAFW,MAAM,SAoChB;AAED;;;GAGG;AACH,wCAFW,MAAM,OAahB;AAED,yEAwBC;AAED;;;;GAIG;AACH,+CAFW,MAAM;;;EA6ChB;AAED;;;;GAIG;AACH,iDAFW,MAAM;;;;;;;;EAsChB;AAED;;;;;;;;GAQG;AACH,qDANW,MAAM,YACN,MAAM,0BAGJ,MAAM,CAgElB;AAED;;;;;;GAMG;AACH,6CAJW,MAAM,YACN,MAAM,cACN,MAAM,MAsEhB;AAED;;;GAGG;AACH,iDAFW,MAAM,SA4ChB;AAED;;;GAGG;AACH,8CAFW,MAAM,SAsDhB;AAED;;;GAGG;AACH,2CAFW,MAAM,SAiBhB;AAED;;GAEG;AACH,kDAoCC;AAED;;;;GAIG;AACH,oCAFW,MAAM,OAchB;AAED;;;;GAIG;AACH,kDAUC;AAED;;;;;GAKG;AACH,mFAiGC;AAED;;;;;;;;;GASG;AACH,sFAMC;AAED;;;;;;;;;GASG;AACH,gFAFY,MAAO,SAAS,CAwB3B;AAED;;;;;;;;;GASG;AACH,0EAFY,eAAe,CAU1B;AAED;;;;GAIG;AACH,4DAFW,WAAY,SAYtB;AAED;;;;;;;;;GASG;AACH,+FAFY,eAAe,CAc1B;AAED;;;;GAIG;AACH;;;EAqBC;AAED;;;;;GAKG;AACH,2FAkBC;AAED;;;;;GAKG;AACH,sFAgNC;AAED;;;;GAIG;AACH,qDAmBC;AAED;;;;GAIG;AACH,gEAeC;AAED;;;;GAIG;AACH,6CAFW,MAAM,MA+ChB;AAED;;;;;GAKG;AACH,6DAFW,MAAM;;;;;;;GAqHhB;AAED;;;;;GAKG;AACH,mFA+IC;AAED;;;;;;GAMG;AACH,kCAJW,MAAM;;;;;;;;GA2EhB;AAED;;;;GAIG;AACH,mEAqBC;AAED;;;;GAIG;AACH,+DAFY,SAAO,SAAS,CAc3B;AAED;;;;GAIG;AACH,oDAFY,QAAQ,CASnB;AAED;;;;;GAKG;AACH,oEAFY,SAAO,SAAS,CAc3B;AAED;;;;;;GAMG;AACH,oEAFY,eAAe,CA8D1B;AAED;;;;GAIG;AACH,iEAgDC;AAED,+FA4BC;AAED,8EA2EC;AAED;;;;;GAKG;AACH,0CAHW,MAAM;;;GA0DhB;AA0BD;;;;;;;;;GASG;AACH,2CAPW,MAAM,aACN,MAAM;;;;;;GA6FhB;AAED;;;;GAIG;AACH,yCAHW,MAAM,OAehB;AAED;;;;GAIG;AACH,0CAHW,MAAM,kBAuChB;AAED,+DA+CC;AAED,uEAwBC;AA6BD;;;;GAIG;AACH,oEAmGC;AAED;;;;GAIG;AACH,8CAFW,MAAM,kBAgChB;AAED;;;;;GAKG;AACH,kDAHW,MAAM,YACN,MAAM;;;;;;;;;;;;;;GAuPhB;AAED;;;;GAIG;AACH,kEAoEC;AAED;;;;GAIG;AACH,gEA0DC;AA0BD;;;;;;;;;;;;;;;;;GAiBG;AACH,mEALW,OAAO,4BAiLjB;AAED;;;;;;;;GAQG;AACH,+DALW,OAAO,4BAsIjB;AAED;;;IAwIC;AAED,wEA0BC;AAED,mEAqCC;AAED,0DAkBC;AAED,wDA+DC;AAED,0FAkEC;AAED;;IAqCC;AAED;;IA2DC;AAED,2DAiEC;AAED,yDAaC;AAaD,gDA+EC;AAED,yDAkDC;AAED,sDA0BC;AAED,sDAyBC;AAED,6DAwCC;AAED,yDAmCC;AAED,8DAsCC;AAED,sDAqDC;AAED,yDAgCC;AAED,qDAkDC;AAED;;;;;GAKG;AACH,mDASC;AAED;;;;;;GAMG;AACH,4EA4EC;AAED,kEAgDC;AAED;;;;;;;;GAQG;AACH,kGA0MC;AAED;;;EAiNC;AAED;;;;EAsHC;AAED;;;EA+GC;AAED;;;;;GAKG;AACH,+CAHW,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EA2IhB;AAED;;;;;;EA+HC;AAED;;;;GAIG;AACH,0CAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAqDhB;AAmBD;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAchB;AAED;;;;;GAKG;AACH,wCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,yCAHW,MAAM,YAQhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM,YAQhB;AAED;;;;;;;GAOG;AACH;;;;;;;;;;IA2IC;AA2CD;;;;GAIG;AACH,0FAHW,MAAM,WACN,MAAM,UAuDhB;AAED;;;;GAIG;AACH,8CAHW,MAAM,WACN,MAAM;;;;;;EAqBhB;AAED;;;GAGG;AACH,iDAFW,MAAM;;;;;;;;;;;;;;;;;;;;;IAwDhB;AAED;;;;;;;GAOG;AACH,iDALW,MAAM,YACN,MAAM,YACN,OAAO,oBACP,OAAO,eA6DjB;AAED,oIAgCC;AAED;;;;;;;GAOG;AACH,sCALW,MAAM,eACN,MAAM,eA6JhB;AAED;;;;;;;;;;;;;;;;;;;;;;IA6DC;AAED;;;;;;;EA8BC;AAED,uDAeC;AAED,2DAeC;AAED,2CAIC;AAED;;;;;;GAMG;AACH,uDAJW,MAAM,MAgBhB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,QACN,MAAM,GACJ,eAAe,CAU3B;AAED;;;;;;;;GAQG;AACH,2CANW,MAAM,WACN,MAAM,iBACN,MAAM,kBAmThB;AAED;;;;;;;GAOG;AACH,iDAFW,MAAM,OAehB;AAED;;;;;;;;;;;GAWG;AACH,uCAHW,MAAM,UACN,MAAM,UAYhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,uBACN,MAAM,WAgBhB;AAED;;;;GAIG;AACH,4CAFW,MAAM,UAIhB;AAED;;;;;;;;GAQG;AACH,sCANW,MAAM,eACN,MAAM,oBACN,MAAM,gBAgChB;AAED;;;;;;GAMG;AACH,uCAJW,MAAM,kBA4EhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,YACN,MAAM,UAiChB;AACD;;;;;GAKG;AAEH,uDAJW,MAAM,OAmChB;AACD;;;;;GAKG;AACH,yCAHW,MAAM,YACN,MAAM,UAsEhB;AAED;;GAEG;AACH,sCAmBC;AAED,0DAyEC;AAED;;;;;;;;GAQG;AACH,oCANW,MAAM,YACN,MAAM,gBACN,MAAM,eACN,MAAM,OAgDhB;AA0DD;;;;;;;GAOG;AACH,2CALW,MAAM,kBACN,MAAM,eACN,MAAM;;;;;;;;;;;;;;;;;;;;;;;;;;;EAyShB;AAGD;;;;;EAmBC;AAED;;;;;;GAMG;AACH,kEAHW,MAAM,cACN,MAAM,6BA0IhB;AAED,qDASC;AAED;;;;;;;EA2GC;AAED;;;EA6PC;AAED,sEA6BC;AAED;;;;;;;GAOG;AACH,mCALW,MAAM,WACN,MAAM;;;;;;;EAgQhB;AAED;;;;;;GAMG;AACH,2CAHW,MAAM,OAKhB;AAED,qDA0CC;AAgHD;;;;GAIG;AACH;;;GAkHC;AAED,yEA+FC;AAED;;;;;;GAMG;AACH,mDAkBC;AAED;;;;;;;;;;GAUG;AACH,0DAuBC;AAj6UD,gCAAgF;AAChF,4BAA4C;AAC5C,4BAA6C;AAC7C,2BAAmE;AAsBnE,iCAEE;AAiBF,iCAIyC;AAGzC,gCACmE;AAGnE,gCACsE;AAGtE,8BAA+B;AAK/B,4CAEmE;AAGnE,6CAE6D;AAG7D,oCAEoD;AAGpD,uCAEuD;AAYvD,4BAA6B;AAU7B,8BAAiC;AAMjC,8BAAiC;AAIjC,4BAA6B;AAI7B,2BAA2B;AAI3B,4BAA6B;AAI7B,2BAA2B;AAI3B,6BAA+B;AAI/B,0BAAyB;AAIzB,6BAA+B;AAM/B,2BAA2B;AAK3B,4BAA6B;AAK7B,6BAA+B;AAS/B,8BAQG;AA0gIH,8CAUE"}
|
package/utils.js
CHANGED
|
@@ -1154,6 +1154,7 @@ export async function parseYarnLock(yarnLockFile) {
|
|
|
1154
1154
|
let version = "";
|
|
1155
1155
|
let integrity = "";
|
|
1156
1156
|
let depsMode = false;
|
|
1157
|
+
let optionalDepsMode = false;
|
|
1157
1158
|
let purlString = "";
|
|
1158
1159
|
let deplist = [];
|
|
1159
1160
|
const pkgAddedMap = {};
|
|
@@ -1236,6 +1237,7 @@ export async function parseYarnLock(yarnLockFile) {
|
|
|
1236
1237
|
deplist = [];
|
|
1237
1238
|
purlString = "";
|
|
1238
1239
|
depsMode = false;
|
|
1240
|
+
optionalDepsMode = false;
|
|
1239
1241
|
}
|
|
1240
1242
|
// Collect the group and the name
|
|
1241
1243
|
l = l.replace(/["']/g, "");
|
|
@@ -1264,18 +1266,30 @@ export async function parseYarnLock(yarnLockFile) {
|
|
|
1264
1266
|
}
|
|
1265
1267
|
}
|
|
1266
1268
|
}
|
|
1267
|
-
} else if (
|
|
1268
|
-
|
|
1269
|
-
|
|
1269
|
+
} else if (
|
|
1270
|
+
name !== "" &&
|
|
1271
|
+
(l.startsWith(" dependencies:") ||
|
|
1272
|
+
l.startsWith(" optionalDependencies:"))
|
|
1273
|
+
) {
|
|
1274
|
+
if (l.startsWith(" dependencies:")) {
|
|
1275
|
+
depsMode = true;
|
|
1276
|
+
optionalDepsMode = false;
|
|
1277
|
+
} else {
|
|
1278
|
+
depsMode = false;
|
|
1279
|
+
optionalDepsMode = true;
|
|
1280
|
+
}
|
|
1281
|
+
} else if ((depsMode || optionalDepsMode) && l.startsWith(" ")) {
|
|
1270
1282
|
// Given "@actions/http-client" "^1.0.11"
|
|
1271
1283
|
// We need the resolved version from identMap
|
|
1272
|
-
|
|
1284
|
+
// Deal with values with space within the quotes. Eg: minimatch "2 || 3"
|
|
1285
|
+
// vinyl-sourcemaps-apply ">=0.1.1 <0.2.0-0"
|
|
1286
|
+
const tmpA = l.trim().split(' "');
|
|
1273
1287
|
if (tmpA && tmpA.length === 2) {
|
|
1274
1288
|
let dgroupname = tmpA[0];
|
|
1275
1289
|
if (dgroupname.endsWith(":")) {
|
|
1276
1290
|
dgroupname = dgroupname.substring(0, dgroupname.length - 1);
|
|
1277
1291
|
}
|
|
1278
|
-
let range = tmpA[1];
|
|
1292
|
+
let range = tmpA[1].replace(/["']/g, "");
|
|
1279
1293
|
// Deal with range with npm: prefix such as npm:string-width@^4.2.0, npm:@types/ioredis@^4.28.10
|
|
1280
1294
|
if (range.startsWith("npm:")) {
|
|
1281
1295
|
range = range.split("@").splice(-1)[0];
|
|
@@ -1294,6 +1308,7 @@ export async function parseYarnLock(yarnLockFile) {
|
|
|
1294
1308
|
} else if (name !== "") {
|
|
1295
1309
|
if (!l.startsWith(" ")) {
|
|
1296
1310
|
depsMode = false;
|
|
1311
|
+
optionalDepsMode = false;
|
|
1297
1312
|
}
|
|
1298
1313
|
l = l.trim();
|
|
1299
1314
|
const parts = l.split(" ");
|
|
@@ -10674,14 +10689,26 @@ export function parseMakeDFile(dfile) {
|
|
|
10674
10689
|
*
|
|
10675
10690
|
*/
|
|
10676
10691
|
export function isValidIriReference(iri) {
|
|
10677
|
-
|
|
10692
|
+
let iriIsValid = true;
|
|
10693
|
+
const validateIriResult = validateIri(iri, IriValidationStrategy.Strict);
|
|
10678
10694
|
|
|
10679
|
-
if (
|
|
10680
|
-
|
|
10681
|
-
|
|
10695
|
+
if (validateIriResult instanceof Error) {
|
|
10696
|
+
iriIsValid = false;
|
|
10697
|
+
} else if (iri.toLocaleLowerCase().startsWith("http")) {
|
|
10698
|
+
try {
|
|
10699
|
+
new URL(iri);
|
|
10700
|
+
} catch (error) {
|
|
10701
|
+
iriIsValid = false;
|
|
10682
10702
|
}
|
|
10683
|
-
return false;
|
|
10684
10703
|
}
|
|
10685
10704
|
|
|
10686
|
-
|
|
10705
|
+
if (iriIsValid) {
|
|
10706
|
+
return true;
|
|
10707
|
+
}
|
|
10708
|
+
|
|
10709
|
+
if (DEBUG_MODE) {
|
|
10710
|
+
console.log(`IRI failed validation ${iri}`);
|
|
10711
|
+
}
|
|
10712
|
+
|
|
10713
|
+
return false;
|
|
10687
10714
|
}
|
package/utils.test.js
CHANGED
|
@@ -3024,6 +3024,11 @@ test("parseYarnLock", async () => {
|
|
|
3024
3024
|
expect(parsedList.pkgList[0]._integrity).toEqual(
|
|
3025
3025
|
"sha512-U8KyMaYaRnkrOaDUO8T093a7RUKqV+4EkwZ2gC5VASgsL8iqwU5M0fESD/i1Jha2/1q1Oa0wqiJ31yZES3Fhnw==",
|
|
3026
3026
|
);
|
|
3027
|
+
|
|
3028
|
+
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv1-fs.lock");
|
|
3029
|
+
expect(parsedList.pkgList.length).toEqual(882);
|
|
3030
|
+
expect(parsedList.dependenciesList.length).toEqual(882);
|
|
3031
|
+
expect(parsedList.pkgList[0].purl).toEqual("pkg:npm/abbrev@1.0.9");
|
|
3027
3032
|
});
|
|
3028
3033
|
|
|
3029
3034
|
test("parseComposerLock", () => {
|
|
@@ -4102,6 +4107,12 @@ test.each([
|
|
|
4102
4107
|
["http://gitlab.com/behat-chrome/chrome-mink-driver.git", true],
|
|
4103
4108
|
["git+https://github.com/Alex-D/check-disk-space.git", true],
|
|
4104
4109
|
["UNKNOWN", false],
|
|
4110
|
+
["http://", false],
|
|
4111
|
+
["http", false],
|
|
4112
|
+
["https", false],
|
|
4113
|
+
["https://", false],
|
|
4114
|
+
["http://www", true],
|
|
4115
|
+
["http://www.", true],
|
|
4105
4116
|
])("isValidIriReference tests: %s", (url, isValid) => {
|
|
4106
4117
|
expect(isValidIriReference(url)).toBe(isValid);
|
|
4107
4118
|
});
|