@cyclonedx/cdxgen 10.6.2 → 10.7.0

package/README.md

@@ -512,14 +512,14 @@ Please check out our [contribute to CycloneDX/cdxgen documentation][github-contr
 Before raising a PR, please run the following commands.
 
 ```bash
-corepack enable
-corepack pnpm install
+corepack enable pnpm
+pnpm install
 # Generate types using jsdoc syntax
-corepack pnpm run gen-types
+pnpm run gen-types
 # Run biomejs formatter and linter with auto fix
-corepack pnpm run lint
+pnpm run lint
 # Run jest tests
-corepack pnpm test
+pnpm test
 ```
 
 <!-- LINK LABELS -->

package/analyzer.js

@@ -31,7 +31,7 @@ const IGNORE_DIRS = process.env.ASTGEN_IGNORE_DIRS
 
 const IGNORE_FILE_PATTERN = new RegExp(
   process.env.ASTGEN_IGNORE_FILE_PATTERN ||
-    "(conf|config|test|spec|mock|\\.d)\\.(js|ts|tsx)$",
+    "(conf|config|test|spec|mock|setup-jest|\\.d)\\.(js|ts|tsx)$",
   "i",
 );
 

package/bin/cdxgen.js

@@ -343,6 +343,10 @@ if (process.argv[1].includes("cbom")) {
 }
 if (options.standard) {
   options.specVersion = 1.6;
+  options.includeFormulation = true;
+}
+if (options.deep && options.specVersion >= 1.5) {
+  options.includeFormulation = true;
 }
 /**
  * Method to apply advanced options such as profile and lifecycles

package/bin/repl.js

@@ -154,15 +154,31 @@ cdxgenRepl.defineCommand("search", {
     if (sbom) {
       if (searchStr) {
         try {
+          const originalSearchString = searchStr;
+          let dependenciesSearchStr = searchStr;
           if (!searchStr.includes("~>")) {
+            dependenciesSearchStr = `dependencies[ref ~> /${searchStr}/i or dependsOn ~> /${searchStr}/i or provides ~> /${searchStr}/i]`;
             searchStr = `components[group ~> /${searchStr}/i or name ~> /${searchStr}/i or description ~> /${searchStr}/i or publisher ~> /${searchStr}/i or purl ~> /${searchStr}/i]`;
           }
           const expression = jsonata(searchStr);
           const components = await expression.evaluate(sbom);
+          const dexpression = jsonata(dependenciesSearchStr);
+          const dependencies = await dexpression.evaluate(sbom);
           if (!components) {
             console.log("No results found!");
           } else {
-            printTable({ components, dependencies: [] });
+            printTable(
+              { components, dependencies },
+              undefined,
+              originalSearchString,
+            );
+            if (dependencies?.length) {
+              printDependencyTree(
+                { components, dependencies },
+                "dependsOn",
+                originalSearchString,
+              );
+            }
           }
         } catch (e) {
           console.log(e);

package/data/lic-mapping.json

@@ -38,7 +38,8 @@
       "BSD License",
       "BSD-like",
       "new BSD License",
-      "new BSD"
+      "new BSD",
+      "BSD, Public Domain"
     ]
   },
   {
@@ -197,7 +198,9 @@
       "GNU Lesser General Public License (LGPL), version 3",
       "GNU Lesser General Public License (LGPL), version 3.0",
       "GNU Lesser General Public License v3.0",
-      "GNU Lesser General Public License (LGPL), Version 3"
+      "GNU Lesser General Public License (LGPL), Version 3",
+      "GNU Lesser General Public License v3 (LGPLv3)",
+      "LGPL v3"
     ]
   },
   {

package/display.js

@@ -11,8 +11,17 @@ const SYMBOLS_ANSI = {
 };
 
 const MAX_TREE_DEPTH = 6;
-
-export const printTable = (bomJson, filterTypes = undefined) => {
+const highlightStr = (s, highlight) => {
+  if (highlight && s && s.includes(highlight)) {
+    s = s.replaceAll(highlight, `\x1b[1;33m${highlight}\x1b[0m`);
+  }
+  return s;
+};
+export const printTable = (
+  bomJson,
+  filterTypes = undefined,
+  highlight = undefined,
+) => {
   if (!bomJson || !bomJson.components) {
     return;
   }
@@ -56,8 +65,8 @@ export const printTable = (bomJson, filterTypes = undefined) => {
       ]);
     } else {
       stream.write([
-        comp.group || "",
-        comp.name,
+        highlightStr(comp.group || "", highlight),
+        highlightStr(comp.name, highlight),
         `\x1b[1;35m${comp.version || ""}\x1b[0m`,
         comp.scope || "",
       ]);
@@ -67,9 +76,9 @@ export const printTable = (bomJson, filterTypes = undefined) => {
   if (!filterTypes) {
     console.log(
       "BOM includes",
-      bomJson.components.length,
+      bomJson?.components?.length || 0,
       "components and",
-      bomJson.dependencies.length,
+      bomJson?.dependencies?.length || 0,
       "dependencies",
     );
   } else {
@@ -215,7 +224,11 @@ export const printCallStack = (bomJson) => {
     console.log(table(data, config));
   }
 };
-export const printDependencyTree = (bomJson, mode = "dependsOn") => {
+export const printDependencyTree = (
+  bomJson,
+  mode = "dependsOn",
+  highlight = undefined,
+) => {
   const dependencies = bomJson.dependencies || [];
   if (!dependencies.length) {
     return;
@@ -244,9 +257,11 @@ export const printDependencyTree = (bomJson, mode = "dependsOn") => {
         content: `${treeType} Tree\nGenerated with \u2665  by cdxgen`,
       },
     };
-    console.log(table([[treeGraphics.join("\n")]], config));
+    console.log(
+      table([[highlightStr(treeGraphics.join("\n"), highlight)]], config),
+    );
   } else {
-    console.log(treeGraphics.join("\n"));
+    console.log(highlightStr(treeGraphics.join("\n"), highlight));
   }
 };
 

package/index.js

@@ -36,6 +36,7 @@ import {
   LEIN_CMD,
   MAX_BUFFER,
   PREFER_MAVEN_DEPS_TREE,
+  PYTHON_EXCLUDED_COMPONENTS,
   SWIFT_CMD,
   TIMEOUT_MS,
   addEvidenceForDotnet,
@@ -381,9 +382,10 @@ const addLifecyclesSection = (options) => {
  * Method to generate the formulation section based on git metadata
  *
  * @param {Object} options
+ * @param {Object} context Context
  * @returns {Array} formulation array
  */
-const addFormulationSection = (options) => {
+const addFormulationSection = (options, context) => {
   const formulation = [];
   const provides = [];
   const gitBranch = getBranch();
@@ -393,6 +395,12 @@ const addFormulationSection = (options) => {
   let parentOmniborId;
   let treeOmniborId;
   let components = [];
+  const aformulation = {};
+  // Reuse any existing formulation components
+  // See: PR #1172
+  if (context?.formulationList?.length) {
+    components = components.concat(trimComponents(context.formulationList));
+  }
   if (options.specVersion >= 1.6 && Object.keys(treeHashes).length === 2) {
     parentOmniborId = `gitoid:blob:sha1:${treeHashes.parent}`;
     treeOmniborId = `gitoid:blob:sha1:${treeHashes.tree}`;
@@ -417,8 +425,8 @@ const addFormulationSection = (options) => {
       provides: [treeOmniborId],
     });
   }
+  // Collect git related components
   if (gitBranch && originUrl && gitFiles) {
-    const aformulation = {};
     const gitFileComponents = gitFiles.map((f) =>
       options.specVersion >= 1.6
         ? {
@@ -442,57 +450,65 @@ const addFormulationSection = (options) => {
         provides: gitFiles.map((f) => f.ref),
       });
     }
-    // Collect build environment details
-    const infoComponents = collectEnvInfo(options.path);
-    if (infoComponents?.length) {
-      components = components.concat(infoComponents);
-    }
-    // Should we include the OS crypto libraries
-    if (options.includeCrypto) {
-      const cryptoLibs = collectOSCryptoLibs(options);
-      if (cryptoLibs?.length) {
-        components = components.concat(cryptoLibs);
-      }
-    }
-    aformulation["bom-ref"] = uuidv4();
-    aformulation.components = components;
-    let environmentVars = [{ name: "GIT_BRANCH", value: gitBranch }];
-    for (const aevar of Object.keys(process.env)) {
-      if (
-        (aevar.startsWith("GIT") ||
-          aevar.startsWith("CI_") ||
-          aevar.startsWith("CARGO") ||
-          aevar.startsWith("RUST")) &&
-        !aevar.toLowerCase().includes("key") &&
-        !aevar.toLowerCase().includes("token") &&
-        !aevar.toLowerCase().includes("pass") &&
-        process.env[aevar] &&
-        process.env[aevar].length
-      ) {
-        environmentVars.push({
-          name: aevar,
-          value: process.env[aevar],
-        });
-      }
+  }
+  // Collect build environment details
+  const infoComponents = collectEnvInfo(options.path);
+  if (infoComponents?.length) {
+    components = components.concat(infoComponents);
+  }
+  // Should we include the OS crypto libraries
+  if (options.includeCrypto) {
+    const cryptoLibs = collectOSCryptoLibs(options);
+    if (cryptoLibs?.length) {
+      components = components.concat(cryptoLibs);
     }
-    if (!environmentVars.length) {
-      environmentVars = undefined;
+  }
+  aformulation["bom-ref"] = uuidv4();
+  aformulation.components = components;
+  let environmentVars = gitBranch?.length
+    ? [{ name: "GIT_BRANCH", value: gitBranch }]
+    : [];
+  for (const aevar of Object.keys(process.env)) {
+    if (
+      (aevar.startsWith("GIT") ||
+        aevar.startsWith("CI_") ||
+        aevar.startsWith("ANDROID") ||
+        aevar.startsWith("DENO") ||
+        aevar.startsWith("DOTNET") ||
+        aevar.startsWith("JAVA_") ||
+        aevar.startsWith("SDKMAN") ||
+        aevar.startsWith("CARGO") ||
+        aevar.startsWith("CONDA") ||
+        aevar.startsWith("RUST")) &&
+      !aevar.toLowerCase().includes("key") &&
+      !aevar.toLowerCase().includes("token") &&
+      !aevar.toLowerCase().includes("pass") &&
+      !aevar.toLowerCase().includes("secret") &&
+      process.env[aevar] &&
+      process.env[aevar].length
+    ) {
+      environmentVars.push({
+        name: aevar,
+        value: process.env[aevar],
+      });
     }
-    aformulation.workflows = [
-      {
-        "bom-ref": uuidv4(),
-        uid: uuidv4(),
-        inputs: [
-          {
-            source: { ref: originUrl },
-            environmentVars,
-          },
-        ],
-        taskTypes: ["build", "clone"],
-      },
-    ];
-    formulation.push(aformulation);
   }
+  if (!environmentVars.length) {
+    environmentVars = undefined;
+  }
+  const sourceInput = environmentVars ? { environmentVars } : {};
+  if (originUrl) {
+    sourceInput.source = { ref: originUrl };
+  }
+  aformulation.workflows = [
+    {
+      "bom-ref": uuidv4(),
+      uid: uuidv4(),
+      inputs: [sourceInput],
+      taskTypes: originUrl ? ["build", "clone"] : ["build"],
+    },
+  ];
+  formulation.push(aformulation);
   return { formulation, provides };
 };
 
@@ -782,7 +798,11 @@ function addComponent(
     if (!name) {
       return;
     }
-    if (!ptype && pkg.qualifiers && pkg.qualifiers.type === "jar") {
+    // Do we need this still?
+    if (
+      !ptype &&
+      ["jar", "war", "ear", "pom"].includes(pkg?.qualifiers?.type)
+    ) {
       ptype = "maven";
     }
     const version = pkg.version || "";
@@ -814,7 +834,7 @@ function addComponent(
         impPkgs.includes(`@${group}`)
       ) {
         compScope = "required";
-      } else if (impPkgs.length) {
+      } else if (impPkgs.length && compScope !== "excluded") {
         compScope = "optional";
       }
     }
@@ -1057,7 +1077,7 @@ const buildBomNSData = (options, pkgInfo, ptype, context) => {
     };
     const formulationData =
       options.includeFormulation && options.specVersion >= 1.5
-        ? addFormulationSection(options)
+        ? addFormulationSection(options, context)
         : undefined;
     if (formulationData) {
       jsonTpl.formulation = formulationData.formulation;
@@ -2643,6 +2663,7 @@ export async function createPythonBom(path, options) {
   let metadataFilename = "";
   let dependencies = [];
   let pkgList = [];
+  let formulationList = [];
   const tempDir = mkdtempSync(join(tmpdir(), "cdxgen-venv-"));
   let parentComponent = createDefaultParentComponent(path, "pypi", options);
   const pipenvMode = existsSync(join(path, "Pipfile"));
@@ -2737,6 +2758,9 @@ export async function createPythonBom(path, options) {
         if (retMap.pkgList?.length) {
           pkgList = pkgList.concat(retMap.pkgList);
         }
+        if (retMap.formulationList?.length) {
+          formulationList = formulationList.concat(retMap.formulationList);
+        }
         if (retMap.dependenciesList) {
           dependencies = mergeDependencies(
             dependencies,
@@ -2761,6 +2785,7 @@ export async function createPythonBom(path, options) {
       filename: poetryFiles.join(", "),
       dependencies,
       parentComponent,
+      formulationList,
     });
   }
   if (metadataFiles?.length) {
@@ -2831,6 +2856,9 @@ export async function createPythonBom(path, options) {
               pkgList = pkgList.concat(pkgMap.pkgList);
               frozen = pkgMap.frozen;
             }
+            if (pkgMap.formulationList?.length) {
+              formulationList = formulationList.concat(pkgMap.formulationList);
+            }
             if (pkgMap.dependenciesList) {
               dependencies = mergeDependencies(
                 dependencies,
@@ -2939,6 +2967,9 @@ export async function createPythonBom(path, options) {
       if (pkgMap.pkgList?.length) {
         pkgList = pkgList.concat(pkgMap.pkgList);
       }
+      if (pkgMap.formulationList?.length) {
+        formulationList = formulationList.concat(pkgMap.formulationList);
+      }
       if (pkgMap.dependenciesList) {
         dependencies = mergeDependencies(
           dependencies,
@@ -2986,6 +3017,7 @@ export async function createPythonBom(path, options) {
     filename: metadataFilename,
     dependencies,
     parentComponent,
+    formulationList,
   });
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "10.6.2",
+  "version": "10.7.0",
   "description": "Creates CycloneDX Software Bill of Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",
@@ -58,17 +58,17 @@
     "url": "https://github.com/cyclonedx/cdxgen/issues"
   },
   "dependencies": {
-    "@babel/parser": "^7.24.6",
-    "@babel/traverse": "^7.24.6",
-    "@npmcli/arborist": "7.5.2",
-    "ajv": "^8.14.0",
+    "@babel/parser": "^7.24.7",
+    "@babel/traverse": "^7.24.7",
+    "@npmcli/arborist": "7.5.3",
+    "ajv": "^8.16.0",
     "ajv-formats": "^3.0.1",
     "cheerio": "^1.0.0-rc.12",
-    "edn-data": "1.1.1",
+    "edn-data": "1.1.2",
     "find-up": "7.0.0",
     "glob": "^10.4.1",
     "global-agent": "^3.0.0",
-    "got": "14.3.0",
+    "got": "14.4.1",
     "iconv-lite": "^0.6.3",
     "js-yaml": "^4.1.0",
     "jws": "^4.0.0",
@@ -80,13 +80,13 @@
     "ssri": "^10.0.6",
     "table": "^6.8.2",
     "tar": "^6.2.1",
-    "uuid": "^9.0.1",
+    "uuid": "^10.0.0",
     "xml-js": "^1.6.11",
     "yargs": "^17.7.2",
     "validate-iri": "^1.0.1"
   },
   "optionalDependencies": {
-    "@appthreat/atom": "2.0.12",
+    "@appthreat/atom": "2.0.13",
     "@appthreat/cdx-proto": "1.0.1",
     "@cyclonedx/cdxgen-plugins-bin": "1.6.0",
     "@cyclonedx/cdxgen-plugins-bin-arm64": "1.6.0",

package/piptree.js

@@ -50,15 +50,16 @@ def get_installed_distributions():
     return [d._dist for d in dists]
 
 
-def find_deps(idx, visited, reqs, traverse_count):
+def find_deps(idx, path, reqs, traverse_count):
     freqs = []
     for r in reqs:
         d = idx.get(r.key)
         if not d:
             continue
         r.project_name = d.project_name if d is not None else r.project_name
-        if len(visited) > 100 or visited.get(r.project_name, 0) > 5:
-            return freqs
+        if r.key in path:
+            continue
+        current_path = path + [r.key]
         specs = sorted(r.specs, reverse=True)
         specs_str = ",".join(["".join(sp) for sp in specs]) if specs else ""
         dreqs = d.requires()
@@ -67,10 +68,9 @@ def find_deps(idx, visited, reqs, traverse_count):
                 "name": r.project_name,
                 "version": importlib_metadata.version(r.key),
                 "versionSpecifiers": specs_str,
-                "dependencies": find_deps(idx, visited, dreqs, traverse_count + 1) if dreqs and traverse_count < 200 else [],
+                "dependencies": find_deps(idx, current_path, dreqs, traverse_count + 1) if dreqs and traverse_count < 200 else [],
             }
         )
-        visited[r.project_name] = visited.get(r.project_name, 0) + 1
     return freqs
 
 
@@ -79,7 +79,6 @@ def main(argv):
     tree = []
     pkgs = get_installed_distributions()
     idx = {p.key: p for p in pkgs}
-    visited = {}
     traverse_count = 0
     for p in pkgs:
         fr = frozen_req_from_dist(p)
@@ -98,7 +97,7 @@ def main(argv):
             {
                 "name": name.split(" ")[0],
                 "version": version,
-                "dependencies": find_deps(idx, visited, p.requires(), traverse_count + 1),
+                "dependencies": find_deps(idx, [p.key], p.requires(), traverse_count + 1),
             }
         )
     all_deps = {}
@@ -117,7 +116,15 @@ if __name__ == "__main__":
 `;
 
 /**
- * Execute the piptree plugin and return the generated tree as json object
+ * Execute the piptree plugin and return the generated tree as json object.
+ * The resulting tree would also include dependencies belonging to pip.
+ * Usage analysis is performed at a later stage to mark many of these packages as optional.
+ *
+ * @param {Object} env Environment variables to use
+ * @param {String} python_cmd Python command to use
+ * @param {String} basePath Current working directory
+ *
+ * @returns {Object} Dependency tree
  */
 export const getTreeWithPlugin = (env, python_cmd, basePath) => {
   let tree = [];

package/types/display.d.ts

@@ -1,10 +1,10 @@
 export function printVulnerabilities(vulnerabilities: any): void;
 export function printSponsorBanner(options: any): void;
-export function printTable(bomJson: any, filterTypes?: any): void;
+export function printTable(bomJson: any, filterTypes?: any, highlight?: any): void;
 export function printOSTable(bomJson: any): void;
 export function printServices(bomJson: any): void;
 export function printOccurrences(bomJson: any): void;
 export function printCallStack(bomJson: any): void;
-export function printDependencyTree(bomJson: any, mode?: string): void;
+export function printDependencyTree(bomJson: any, mode?: string, highlight?: any): void;
 export function printReachables(sliceArtefacts: any): void;
 //# sourceMappingURL=display.d.ts.map

package/types/display.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../display.js"],"names":[],"mappings":"AAuVA,iEA0BC;AAED,uDAoBC;AAzXM,kEA+DN;AAQM,iDAkBN;AACM,kDAsBN;AAeM,qDA4BN;AACM,mDA8CN;AACM,uEAiCN;AA4DM,2DA+BN"}
+{"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../display.js"],"names":[],"mappings":"AAsWA,iEA0BC;AAED,uDAoBC;AAnYM,mFAmEN;AAQM,iDAkBN;AACM,kDAsBN;AAeM,qDA4BN;AACM,mDA8CN;AACM,wFAuCN;AA4DM,2DA+BN"}

package/types/evinser.d.ts

@@ -104,8 +104,8 @@ export function prepareDB(options: any): Promise<{
             count: number;
         }>;
         findAndCountAll<M_17 extends import("sequelize").Model<any, any>>(this: import("sequelize").ModelStatic<M_17>, options: {
-            attributes?: import("sequelize").FindAttributeOptions;
             type?: string;
+            attributes?: import("sequelize").FindAttributeOptions;
             plain?: boolean;
             logging?: boolean | ((sql: string, timing?: number) => void);
             where?: import("sequelize").WhereOptions<import("sequelize").Attributes<M_17>>;
@@ -333,8 +333,8 @@ export function prepareDB(options: any): Promise<{
             count: number;
         }>;
         findAndCountAll<M_17 extends import("sequelize").Model<any, any>>(this: import("sequelize").ModelStatic<M_17>, options: {
-            attributes?: import("sequelize").FindAttributeOptions;
             type?: string;
+            attributes?: import("sequelize").FindAttributeOptions;
             plain?: boolean;
             logging?: boolean | ((sql: string, timing?: number) => void);
             where?: import("sequelize").WhereOptions<import("sequelize").Attributes<M_17>>;
@@ -562,8 +562,8 @@ export function prepareDB(options: any): Promise<{
             count: number;
         }>;
         findAndCountAll<M_17 extends import("sequelize").Model<any, any>>(this: import("sequelize").ModelStatic<M_17>, options: {
-            attributes?: import("sequelize").FindAttributeOptions;
             type?: string;
+            attributes?: import("sequelize").FindAttributeOptions;
             plain?: boolean;
             logging?: boolean | ((sql: string, timing?: number) => void);
             where?: import("sequelize").WhereOptions<import("sequelize").Attributes<M_17>>;

package/types/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"AA+tBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AA4TD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAq+BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAochB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAgWhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA8ThB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBA8ThB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyWhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,8BAoZhB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAuQhB;AAED;;;;;;GAMG;AACH,wDAFY,QAAQ;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CA2FxE"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../index.js"],"names":[],"mappings":"AA+uBA;;;;;;;;GAQG;AACH,gFAFW,MAAM,SAchB;AAgUD;;;;;;;GAOG;AACH,mCALW,MAAM,qBAiEhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;EAKhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;EAkBhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAq+BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAochB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BA4WhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BA8ThB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAqIhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAiDhB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBA+KhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBAsHhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,qBAuBhB;AAED;;;;;GAKG;AACH,kCAHW,MAAM,8BAqDhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM,8BA4ChB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,qBA2BhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,8BAwFhB;AAED;;;;;GAKG;AACH,iDAHW,MAAM,qBA8ThB;AAED;;;;;GAKG;AACH,mCAHW,MAAM,qBAwJhB;AAED;;;;;GAKG;AACH,oCAHW,MAAM,8BAmFhB;AAED;;;;;GAKG;AACH,sCAHW,MAAM,8BAyWhB;AAED;;;;;GAKG;AACH,2CAHW,MAAM;;;;;;;;;;;;;;;;;;;;GAoChB;AAED;;;;;;;;KA+DC;AAED;;;;;;GAMG;AACH,yDA2CC;AAED;;;;;;;;;GASG;AACH,2GA6BC;AAED;;;;;GAKG;AACH,0CAHW,MAAM,8BAoZhB;AAED;;;;;GAKG;AACH,iCAHW,MAAM,8BAkUhB;AAED;;;;;GAKG;AACH,gCAHW,MAAM,qBAuQhB;AAED;;;;;;GAMG;AACH,wDAFY,QAAQ;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG;IAAE,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,GAAG,SAAS,CAAC,CA2FxE"}

package/types/piptree.d.ts

@@ -1,2 +1,2 @@
-export function getTreeWithPlugin(env: any, python_cmd: any, basePath: any): any;
+export function getTreeWithPlugin(env: any, python_cmd: string, basePath: string): any;
 //# sourceMappingURL=piptree.d.ts.map

package/types/piptree.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"piptree.d.ts","sourceRoot":"","sources":["../piptree.js"],"names":[],"mappings":"AAyHO,iFA0BN"}
+{"version":3,"file":"piptree.d.ts","sourceRoot":"","sources":["../piptree.js"],"names":[],"mappings":"AAgIO,uFA0BN"}

package/types/utils.d.ts

@@ -126,7 +126,7 @@ export function parsePnpmLock(pnpmLock: string, parentComponent?: object): Promi
     pkgList: any[];
     dependenciesList: {
         ref: string;
-        dependsOn: string[];
+        dependsOn: any;
     }[];
 }>;
 /**
@@ -397,7 +397,7 @@ export function parsePoetrylockData(lockData: any, lockFile: string): Promise<an
     }[];
 }>;
 /**
- * Method to parse requirements.txt data
+ * Method to parse requirements.txt data. This must be replaced with atom parsedeps.
  *
  * @param {Object} reqData Requirements.txt data
  * @param {Boolean} fetchDepsInfo Fetch dependencies info from pypi
@@ -1019,7 +1019,9 @@ export function getPipFrozenTree(basePath: string, reqOrSetupFile: string, tempV
         name: any;
         version: any;
         purl: string;
+        type: string;
         "bom-ref": string;
+        scope: string;
         evidence: {
             identity: {
                 field: string;
@@ -1031,6 +1033,33 @@ export function getPipFrozenTree(basePath: string, reqOrSetupFile: string, tempV
                 }[];
             };
         };
+        properties: {
+            name: string;
+            value: string;
+        }[];
+    }[];
+    formulationList: {
+        name: any;
+        version: any;
+        purl: string;
+        type: string;
+        "bom-ref": string;
+        scope: string;
+        evidence: {
+            identity: {
+                field: string;
+                confidence: number;
+                methods: {
+                    technique: string;
+                    confidence: number;
+                    value: any;
+                }[];
+            };
+        };
+        properties: {
+            name: string;
+            value: string;
+        }[];
     }[];
     rootList: {
         name: any;
@@ -1151,6 +1180,7 @@ export let CARGO_CMD: string;
 export let CLJ_CMD: string;
 export let LEIN_CMD: string;
 export let SWIFT_CMD: string;
+export const PYTHON_EXCLUDED_COMPONENTS: string[];
 export const cdxgenAgent: any;
 export const RUBY_PLATFORM_PREFIXES: string[];
 //# sourceMappingURL=utils.d.ts.map