@cyclonedx/cdxgen 12.1.1 → 12.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -9
- package/bin/cdxgen.js +1 -1
- package/data/spdx.schema.json +35 -2
- package/data/templates/asvs-5.0.cdx.json +1727 -3471
- package/lib/cli/index.js +32 -4
- package/lib/evinser/evinser.js +2 -8
- package/lib/helpers/display.js +1 -1
- package/lib/helpers/envcontext.js +10 -2
- package/lib/helpers/utils.js +487 -115
- package/lib/helpers/utils.poku.js +200 -3
- package/lib/helpers/validator.js +37 -3
- package/lib/managers/binary.js +34 -12
- package/lib/managers/containerutils.js +68 -0
- package/lib/managers/docker.getConnection.poku.js +61 -0
- package/lib/managers/docker.js +72 -119
- package/lib/parsers/iri.js +1 -2
- package/lib/server/server.js +164 -34
- package/lib/server/server.poku.js +232 -10
- package/lib/stages/postgen/annotator.js +281 -3
- package/lib/stages/postgen/postgen.js +4 -7
- package/lib/third-party/arborist/lib/diff.js +1 -1
- package/lib/third-party/arborist/lib/node.js +1 -1
- package/lib/third-party/arborist/lib/yarn-lock.js +1 -1
- package/package.json +22 -326
- package/types/bin/dependencies.d.ts.map +1 -1
- package/types/bin/licenses.d.ts +3 -0
- package/types/bin/licenses.d.ts.map +1 -0
- package/types/lib/cli/index.d.ts.map +1 -1
- package/types/lib/evinser/evinser.d.ts.map +1 -1
- package/types/lib/helpers/envcontext.d.ts.map +1 -1
- package/types/lib/helpers/utils.d.ts +1 -1
- package/types/lib/helpers/utils.d.ts.map +1 -1
- package/types/lib/helpers/validator.d.ts.map +1 -1
- package/types/lib/managers/binary.d.ts.map +1 -1
- package/types/lib/managers/containerutils.d.ts +3 -0
- package/types/lib/managers/containerutils.d.ts.map +1 -0
- package/types/lib/managers/docker.d.ts +0 -2
- package/types/lib/managers/docker.d.ts.map +1 -1
- package/types/lib/parsers/iri.d.ts.map +1 -1
- package/types/lib/server/server.d.ts +14 -0
- package/types/lib/server/server.d.ts.map +1 -1
- package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
- package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
- package/bin/dependencies.js +0 -131
- package/lib/helpers/dependencies.poku.js +0 -11
package/bin/dependencies.js
DELETED
|
@@ -1,131 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env node
|
|
2
|
-
|
|
3
|
-
import { readFileSync } from "node:fs";
|
|
4
|
-
|
|
5
|
-
import { parse as yaml } from "yaml";
|
|
6
|
-
|
|
7
|
-
const pkgJson = JSON.parse(readFileSync("./package.json", "utf8"));
|
|
8
|
-
const pnpmLockYaml = yaml(readFileSync("./pnpm-lock.yaml", "utf8"));
|
|
9
|
-
|
|
10
|
-
const installedPackages = [];
|
|
11
|
-
|
|
12
|
-
const incorrectNpmOverridesVersions = [];
|
|
13
|
-
const incorrectPnpmOverridesVersions = [];
|
|
14
|
-
const missingNpmOverrides = [];
|
|
15
|
-
const missingPnpmOverrides = [];
|
|
16
|
-
|
|
17
|
-
const obsoleteNpmOverrides = [];
|
|
18
|
-
const obsoletePnpmOverrides = [];
|
|
19
|
-
|
|
20
|
-
for (const _package in pkgJson.dependencies) {
|
|
21
|
-
checkOverride(_package, pkgJson.dependencies[_package]);
|
|
22
|
-
}
|
|
23
|
-
for (const _package in pkgJson.devDependencies) {
|
|
24
|
-
checkOverride(_package, pkgJson.devDependencies[_package]);
|
|
25
|
-
}
|
|
26
|
-
for (const _package in pkgJson.optionalDependencies) {
|
|
27
|
-
checkOverride(_package, pkgJson.optionalDependencies[_package]);
|
|
28
|
-
}
|
|
29
|
-
for (const _package in pnpmLockYaml.snapshots) {
|
|
30
|
-
const indexOfSeparator = _package.split("(")[0].lastIndexOf("@");
|
|
31
|
-
const packageName = _package.substring(0, indexOfSeparator);
|
|
32
|
-
const packageVersion = _package.substring(indexOfSeparator + 1);
|
|
33
|
-
if (!installedPackages.includes(packageName)) {
|
|
34
|
-
installedPackages.push(packageName);
|
|
35
|
-
checkOverride(packageName, packageVersion);
|
|
36
|
-
}
|
|
37
|
-
for (const dependency in pnpmLockYaml.snapshots[_package].dependencies) {
|
|
38
|
-
if (!installedPackages.includes(dependency)) {
|
|
39
|
-
installedPackages.push(dependency);
|
|
40
|
-
checkOverride(
|
|
41
|
-
dependency,
|
|
42
|
-
pnpmLockYaml.snapshots[_package].dependencies[dependency],
|
|
43
|
-
);
|
|
44
|
-
}
|
|
45
|
-
}
|
|
46
|
-
for (const dependency in pnpmLockYaml.snapshots[_package]
|
|
47
|
-
.optionalDependencies) {
|
|
48
|
-
if (!installedPackages.includes(dependency)) {
|
|
49
|
-
installedPackages.push(dependency);
|
|
50
|
-
checkOverride(
|
|
51
|
-
dependency,
|
|
52
|
-
pnpmLockYaml.snapshots[_package].optionalDependencies[dependency],
|
|
53
|
-
);
|
|
54
|
-
}
|
|
55
|
-
}
|
|
56
|
-
}
|
|
57
|
-
for (const override in pkgJson.overrides) {
|
|
58
|
-
checkObsolescence(override, obsoleteNpmOverrides);
|
|
59
|
-
}
|
|
60
|
-
for (const override in pkgJson.pnpm.overrides) {
|
|
61
|
-
checkObsolescence(override, obsoletePnpmOverrides);
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
export function checkDependencies() {
|
|
65
|
-
return (
|
|
66
|
-
incorrectNpmOverridesVersions.length +
|
|
67
|
-
incorrectPnpmOverridesVersions.length +
|
|
68
|
-
missingNpmOverrides.length +
|
|
69
|
-
missingPnpmOverrides.length +
|
|
70
|
-
obsoleteNpmOverrides.length +
|
|
71
|
-
obsoletePnpmOverrides.length
|
|
72
|
-
);
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
function checkOverride(packageName, packageVersion) {
|
|
76
|
-
packageVersion = packageVersion.split("(")[0];
|
|
77
|
-
if (packageVersion.includes("@")) {
|
|
78
|
-
packageVersion = `npm:${packageVersion}`;
|
|
79
|
-
}
|
|
80
|
-
if (!Object.hasOwn(pkgJson.overrides, packageName)) {
|
|
81
|
-
missingNpmOverrides.push(` "${packageName}": "${packageVersion}"`);
|
|
82
|
-
} else if (pkgJson.overrides[packageName] !== packageVersion) {
|
|
83
|
-
incorrectNpmOverridesVersions.push(
|
|
84
|
-
` - ${packageName} (${pkgJson.overrides[packageName]} instead of ${packageVersion})`,
|
|
85
|
-
);
|
|
86
|
-
}
|
|
87
|
-
if (!Object.hasOwn(pkgJson.pnpm.overrides, packageName)) {
|
|
88
|
-
missingPnpmOverrides.push(` "${packageName}": "${packageVersion}"`);
|
|
89
|
-
} else if (pkgJson.pnpm.overrides[packageName] !== packageVersion) {
|
|
90
|
-
incorrectPnpmOverridesVersions.push(
|
|
91
|
-
` - ${packageName} (${pkgJson.pnpm.overrides[packageName]} instead of ${packageVersion})`,
|
|
92
|
-
);
|
|
93
|
-
}
|
|
94
|
-
}
|
|
95
|
-
|
|
96
|
-
function checkObsolescence(override, obsoletionArray) {
|
|
97
|
-
if (!installedPackages.includes(override)) {
|
|
98
|
-
obsoletionArray.push(override);
|
|
99
|
-
}
|
|
100
|
-
}
|
|
101
|
-
|
|
102
|
-
if (missingNpmOverrides.length) {
|
|
103
|
-
console.log("The following dependencies are not in the 'overrides'-block:");
|
|
104
|
-
console.log(missingNpmOverrides.join(",\n"));
|
|
105
|
-
}
|
|
106
|
-
if (incorrectNpmOverridesVersions.length) {
|
|
107
|
-
console.log(
|
|
108
|
-
"The following dependencies have a different version in the 'overrides'-block:",
|
|
109
|
-
);
|
|
110
|
-
console.log(incorrectNpmOverridesVersions.join("\n"));
|
|
111
|
-
}
|
|
112
|
-
if (missingPnpmOverrides.length) {
|
|
113
|
-
console.log(
|
|
114
|
-
"The following dependencies are not in the 'pnpm.overrides'-block:",
|
|
115
|
-
);
|
|
116
|
-
console.log(missingPnpmOverrides.join(",\n"));
|
|
117
|
-
}
|
|
118
|
-
if (incorrectPnpmOverridesVersions.length) {
|
|
119
|
-
console.log(
|
|
120
|
-
"The following dependencies have a different version in the 'pnpm.overrides'-block:",
|
|
121
|
-
);
|
|
122
|
-
console.log(incorrectPnpmOverridesVersions.join("\n"));
|
|
123
|
-
}
|
|
124
|
-
if (obsoleteNpmOverrides.length) {
|
|
125
|
-
console.log("The following entries in 'overrides' are not used:");
|
|
126
|
-
console.log(obsoleteNpmOverrides.join("\n"));
|
|
127
|
-
}
|
|
128
|
-
if (obsoletePnpmOverrides.length) {
|
|
129
|
-
console.log("The following entries in 'pnpm.overrides' are not used:");
|
|
130
|
-
console.log(obsoletePnpmOverrides.join("\n"));
|
|
131
|
-
}
|
|
@@ -1,11 +0,0 @@
|
|
|
1
|
-
import { assert, it } from "poku";
|
|
2
|
-
|
|
3
|
-
import { checkDependencies } from "../../bin/dependencies.js";
|
|
4
|
-
|
|
5
|
-
it("checks dependency overrides in package.json vs installed in pnpm-lock.yaml", async () => {
|
|
6
|
-
assert.equal(
|
|
7
|
-
checkDependencies(),
|
|
8
|
-
0,
|
|
9
|
-
"There shouldn't have been dependency discrepancies",
|
|
10
|
-
);
|
|
11
|
-
});
|