@cyclonedx/cdxgen 12.1.2 → 12.1.4

package/types/lib/third-party/arborist/lib/place-dep.d.ts

@@ -15,9 +15,9 @@ declare class PlaceDep {
     updateNames: any;
     canPlace: any;
     canPlaceSelf: any;
-    checks: any;
+    checks: Map<any, any>;
     children: PlaceDep[];
-    needEvaluation: any;
+    needEvaluation: Set<any>;
     peerConflict: any;
     placed: any;
     target: any;
@@ -40,6 +40,6 @@ declare class PlaceDep {
         strictPeerDeps: any;
     };
     getStartNode(): any;
-    get allChildren(): any[];
+    get allChildren(): PlaceDep[];
 }
 //# sourceMappingURL=place-dep.d.ts.map

package/types/lib/third-party/arborist/lib/place-dep.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"place-dep.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/place-dep.js"],"names":[],"mappings":";AAqBA;IACE,0BA+SC;IA9SC,iBAAsC;IACtC,SAAsB;IACtB,UAAwB;IACxB,qBAA8C;IAC9C,WAA0B;IAC1B,kBAAwC;IACxC,qBAA8C;IAC9C,oBAA4C;IAC5C,YAAoC;IACpC,kBAAwC;IACxC,oBAA4C;IAC5C,iBAAsC;IAEtC,cAAoB;IACpB,kBAAwB;IAExB,YAAuB;IACvB,qBAAkB;IAClB,oBAA+B;IAC/B,kBAAwB;IACxB,YAAkB;IAClB,YAAkB;IAElB,aAA2B;IAC3B,UAA0B;IAC1B,SAAmC;IAuMnC,YAA4C;IAgF9C,sBAqEC;IAED,mDA2BC;IAMD,mDA6BC;IAED,sBAiCC;IAED,4CAMC;IAED,4CAKC;IAED;;;;;;;MA0CC;IAED,oBAKC;IAGD,yBAQC;CACF"}
+{"version":3,"file":"place-dep.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/place-dep.js"],"names":[],"mappings":";AAqBA;IACE,0BA+SC;IA9SC,iBAAsC;IACtC,SAAsB;IACtB,UAAwB;IACxB,qBAA8C;IAC9C,WAA0B;IAC1B,kBAAwC;IACxC,qBAA8C;IAC9C,oBAA4C;IAC5C,YAAoC;IACpC,kBAAwC;IACxC,oBAA4C;IAC5C,iBAAsC;IAEtC,cAAoB;IACpB,kBAAwB;IAExB,sBAAuB;IACvB,qBAAkB;IAClB,yBAA+B;IAC/B,kBAAwB;IACxB,YAAkB;IAClB,YAAkB;IAElB,aAA2B;IAC3B,UAA0B;IAC1B,SAAmC;IAuMnC,YAA4C;IAgF9C,sBAqEC;IAED,mDA2BC;IAMD,mDA6BC;IAED,sBAiCC;IAED,4CAMC;IAED,4CAKC;IAED;;;;;;;MA0CC;IAED,oBAKC;IAGD,8BAQC;CACF"}

package/types/lib/third-party/arborist/lib/shrinkwrap.d.ts

@@ -18,7 +18,7 @@ declare class Shrinkwrap {
         link: boolean;
     };
     constructor(options?: {});
-    lockfileVersion: any;
+    lockfileVersion: number | null;
     tree: any;
     path: any;
     filename: any;
@@ -27,19 +27,19 @@ declare class Shrinkwrap {
     newline: any;
     loadedFromDisk: boolean;
     type: any;
-    yarnLock: YarnLock;
+    yarnLock: YarnLock | null;
     hiddenLockfile: any;
-    loadingError: any;
+    loadingError: unknown;
     resolveOptions: any;
     shrinkwrapOnly: any;
     checkYarnLock(spec: any, options?: {}): any;
     reset(): void;
     originalLockfileVersion: any;
-    get loadFiles(): any;
-    get resetFiles(): any;
+    get loadFiles(): Promise<any>;
+    get resetFiles(): Promise<any>;
     inferFormattingOptions(packageJSONData: any): void;
     load(): Promise<this>;
-    ancientLockfile: boolean;
+    ancientLockfile: boolean | undefined;
     delete(nodePath: any): void;
     get(nodePath: any): any;
     add(node: any): void;
@@ -47,7 +47,7 @@ declare class Shrinkwrap {
     commit(): any;
     toJSON(): any;
     toString(options?: {}): any;
-    save(options?: {}): any;
+    save(options?: {}): Promise<any>;
     #private;
 }
 import YarnLock from "./yarn-lock.js";

package/types/lib/third-party/arborist/lib/shrinkwrap.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"shrinkwrap.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/shrinkwrap.js"],"names":[],"mappings":";AA8LA;IACE,4CAEC;IAED,+CAEC;IAED,gCAEC;IAED,gDAqBC;IAED;;;;;;;;;;;;MAkEC;IAID,0BAiCC;IArBG,qBAAwB;IAO1B,UAAgB;IAChB,UAAgC;IAChC,cAAoB;IACpB,UAAgB;IAChB,YAAoB;IACpB,aAAsB;IACtB,wBAA2B;IAC3B,UAAgB;IAChB,mBAAoB;IACpB,oBAAoC;IACpC,kBAAwB;IACxB,oBAAoC;IAEpC,oBAAoC;IAQtC,4CA+BC;IAID,cAYC;IARC,6BAA8C;IAyBhD,qBAiBC;IAED,sBAmBC;IAED,mDASC;IAED,sBAgGC;IA7CG,yBAA4B;IAyJhC,4BAcC;IAED,wBAuBC;IAoID,qBA0DC;IAED,yBA2DC;IAYD,cAgEC;IAqKD,cAMC;IAED,4BAOC;IAED,wBAiCC;;CACF;qBA9pCoB,gBAAgB"}
+{"version":3,"file":"shrinkwrap.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/shrinkwrap.js"],"names":[],"mappings":";AA8LA;IACE,4CAEC;IAED,+CAEC;IAED,gCAEC;IAED,gDAqBC;IAED;;;;;;;;;;;;MAkEC;IAID,0BAiCC;IArBG,+BAAwB;IAO1B,UAAgB;IAChB,UAAgC;IAChC,cAAoB;IACpB,UAAgB;IAChB,YAAoB;IACpB,aAAsB;IACtB,wBAA2B;IAC3B,UAAgB;IAChB,0BAAoB;IACpB,oBAAoC;IACpC,sBAAwB;IACxB,oBAAoC;IAEpC,oBAAoC;IAQtC,4CA+BC;IAID,cAYC;IARC,6BAA8C;IAyBhD,8BAiBC;IAED,+BAmBC;IAED,mDASC;IAED,sBAgGC;IA7CG,qCAA4B;IAyJhC,4BAcC;IAED,wBAuBC;IAoID,qBA0DC;IAED,yBA2DC;IAYD,cAgEC;IAqKD,cAMC;IAED,4BAOC;IAED,iCAiCC;;CACF;qBA9pCoB,gBAAgB"}

package/types/lib/third-party/arborist/lib/version-from-tgz.d.ts

@@ -2,5 +2,5 @@ export default versionFromTgz;
 declare function versionFromTgz(name: any, tgz: any): {
     name: any;
     version: any;
-};
+} | null;
 //# sourceMappingURL=version-from-tgz.d.ts.map

package/types/lib/third-party/arborist/lib/version-from-tgz.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"version-from-tgz.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/version-from-tgz.js"],"names":[],"mappings":";AAKA;;;EA+BC"}
+{"version":3,"file":"version-from-tgz.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/version-from-tgz.js"],"names":[],"mappings":";AAKA;;;SA+BC"}

package/types/lib/third-party/arborist/lib/yarn-lock.d.ts

@@ -3,10 +3,10 @@ declare class YarnLock {
     static parse(data: any): YarnLock;
     static fromTree(tree: any): YarnLock;
     static get Entry(): typeof YarnLockEntry;
-    entries: any;
+    entries: Map<any, any> | null;
     endCurrent(): void;
-    current: YarnLockEntry;
-    subkey: any;
+    current: YarnLockEntry | null | undefined;
+    subkey: string | typeof nullSymbol | undefined;
     parse(data: any): this;
     splitQuoted(str: any, delim: any): any[];
     toString(): string;
@@ -31,4 +31,5 @@ declare class YarnLockEntry {
     addSpec(spec: any): void;
     #private;
 }
+declare const nullSymbol: unique symbol;
 //# sourceMappingURL=yarn-lock.d.ts.map

package/types/lib/third-party/arborist/lib/yarn-lock.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"yarn-lock.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/yarn-lock.js"],"names":[],"mappings":";AAsIA;IACE,kCAEC;IAED,qCAEC;IA0PD,yCAEC;IAzPC,aAAmB;IAIrB,mBAGC;IAFC,uBAAmB;IACnB,YAAwB;IAG1B,uBAiEC;IAED,yCA2BC;IAED,mBASC;IAED,0BAYC;IAED,kCAyFC;IAED;;;;;;MAwBC;CAKF;AAvSD;IAEE,wBAOC;IALC,cAAoB;IACpB,aAAmB;IACnB,eAAqB;IACrB,kBAAwB;IACxB,0BAAgC;IAGlC,mBAiBC;IAED,yBAEC;;CACF"}
+{"version":3,"file":"yarn-lock.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/yarn-lock.js"],"names":[],"mappings":";AAsIA;IACE,kCAEC;IAED,qCAEC;IA0PD,yCAEC;IAzPC,8BAAmB;IAIrB,mBAGC;IAFC,0CAAmB;IACnB,+CAAwB;IAG1B,uBAiEC;IAED,yCA2BC;IAED,mBASC;IAED,0BAYC;IAED,kCAyFC;IAED;;;;;;MAwBC;CAKF;AAvSD;IAEE,wBAOC;IALC,cAAoB;IACpB,aAAmB;IACnB,eAAqB;IACrB,kBAAwB;IACxB,0BAAgC;IAGlC,mBAiBC;IAED,yBAEC;;CACF;AAnCD,wCAAkC"}

package/bin/dependencies.js

@@ -1,131 +0,0 @@
-#!/usr/bin/env node
-
-import { readFileSync } from "node:fs";
-
-import { parse as yaml } from "yaml";
-
-const pkgJson = JSON.parse(readFileSync("./package.json", "utf8"));
-const pnpmLockYaml = yaml(readFileSync("./pnpm-lock.yaml", "utf8"));
-
-const installedPackages = [];
-
-const incorrectNpmOverridesVersions = [];
-const incorrectPnpmOverridesVersions = [];
-const missingNpmOverrides = [];
-const missingPnpmOverrides = [];
-
-const obsoleteNpmOverrides = [];
-const obsoletePnpmOverrides = [];
-
-for (const _package in pkgJson.dependencies) {
-  checkOverride(_package, pkgJson.dependencies[_package]);
-}
-for (const _package in pkgJson.devDependencies) {
-  checkOverride(_package, pkgJson.devDependencies[_package]);
-}
-for (const _package in pkgJson.optionalDependencies) {
-  checkOverride(_package, pkgJson.optionalDependencies[_package]);
-}
-for (const _package in pnpmLockYaml.snapshots) {
-  const indexOfSeparator = _package.split("(")[0].lastIndexOf("@");
-  const packageName = _package.substring(0, indexOfSeparator);
-  const packageVersion = _package.substring(indexOfSeparator + 1);
-  if (!installedPackages.includes(packageName)) {
-    installedPackages.push(packageName);
-    checkOverride(packageName, packageVersion);
-  }
-  for (const dependency in pnpmLockYaml.snapshots[_package].dependencies) {
-    if (!installedPackages.includes(dependency)) {
-      installedPackages.push(dependency);
-      checkOverride(
-        dependency,
-        pnpmLockYaml.snapshots[_package].dependencies[dependency],
-      );
-    }
-  }
-  for (const dependency in pnpmLockYaml.snapshots[_package]
-    .optionalDependencies) {
-    if (!installedPackages.includes(dependency)) {
-      installedPackages.push(dependency);
-      checkOverride(
-        dependency,
-        pnpmLockYaml.snapshots[_package].optionalDependencies[dependency],
-      );
-    }
-  }
-}
-for (const override in pkgJson.overrides) {
-  checkObsolescence(override, obsoleteNpmOverrides);
-}
-for (const override in pkgJson.pnpm.overrides) {
-  checkObsolescence(override, obsoletePnpmOverrides);
-}
-
-if (missingNpmOverrides.length) {
-  console.log("\nThe following dependencies are not in the 'overrides'-block:");
-  console.log(missingNpmOverrides.join(",\n"));
-}
-if (incorrectNpmOverridesVersions.length) {
-  console.log(
-    "\nThe following dependencies have a different version in the 'overrides'-block:",
-  );
-  console.log(incorrectNpmOverridesVersions.join("\n"));
-}
-if (missingPnpmOverrides.length) {
-  console.log(
-    "\nThe following dependencies are not in the 'pnpm.overrides'-block:",
-  );
-  console.log(missingPnpmOverrides.join(",\n"));
-}
-if (incorrectPnpmOverridesVersions.length) {
-  console.log(
-    "\nThe following dependencies have a different version in the 'pnpm.overrides'-block:",
-  );
-  console.log(incorrectPnpmOverridesVersions.join("\n"));
-}
-if (obsoleteNpmOverrides.length) {
-  console.log("\nThe following entries in 'overrides' are not used:");
-  console.log(obsoleteNpmOverrides.join("\n"));
-}
-if (obsoletePnpmOverrides.length) {
-  console.log("\nThe following entries in 'pnpm.overrides' are not used:");
-  console.log(obsoletePnpmOverrides.join("\n"));
-}
-
-function checkOverride(packageName, packageVersion) {
-  packageVersion = packageVersion.split("(")[0];
-  if (packageVersion.includes("@")) {
-    packageVersion = `npm:${packageVersion}`;
-  }
-  if (!Object.hasOwn(pkgJson.overrides, packageName)) {
-    missingNpmOverrides.push(`  "${packageName}": "${packageVersion}"`);
-  } else if (pkgJson.overrides[packageName] !== packageVersion) {
-    incorrectNpmOverridesVersions.push(
-      ` - ${packageName} (${pkgJson.overrides[packageName]} instead of ${packageVersion})`,
-    );
-  }
-  if (!Object.hasOwn(pkgJson.pnpm.overrides, packageName)) {
-    missingPnpmOverrides.push(`  "${packageName}": "${packageVersion}"`);
-  } else if (pkgJson.pnpm.overrides[packageName] !== packageVersion) {
-    incorrectPnpmOverridesVersions.push(
-      ` - ${packageName} (${pkgJson.pnpm.overrides[packageName]} instead of ${packageVersion})`,
-    );
-  }
-}
-
-function checkObsolescence(override, obsoletionArray) {
-  if (!installedPackages.includes(override)) {
-    obsoletionArray.push(override);
-  }
-}
-
-export function checkDependencies() {
-  return (
-    incorrectNpmOverridesVersions.length +
-    incorrectPnpmOverridesVersions.length +
-    missingNpmOverrides.length +
-    missingPnpmOverrides.length +
-    obsoleteNpmOverrides.length +
-    obsoletePnpmOverrides.length
-  );
-}

package/bin/licenses.js

@@ -1,78 +0,0 @@
-#!/usr/bin/env node
-
-import { existsSync, readFileSync } from "node:fs";
-
-const CURRENT_LICENSES = [
-  "Apache-2.0",
-  "BSD-2-Clause",
-  "BSD-3-Clause",
-  "BlueOak-1.0.0",
-  "CC-BY-3.0",
-  "CC0-1.0",
-  "ISC",
-  "MIT",
-  "WTFPL",
-];
-
-const newLicenses = new Map();
-const noLicenses = [];
-
-if (existsSync("./bom.json")) {
-  const sbom = JSON.parse(readFileSync("./bom.json", "utf8"));
-
-  for (const component of sbom.components) {
-    const componentID =
-      (component.group !== "" ? `${component.group}/` : "") +
-      `${component.name}@${component.version}`;
-    if (component.licenses) {
-      for (const license of component.licenses) {
-        if (license.license) {
-          if (!CURRENT_LICENSES.includes(license.license.id)) {
-            newLicenses.set(componentID, license.license.id);
-          }
-        } else if (license.expression) {
-          const licenses = license.expression
-            .replaceAll("(", "")
-            .replaceAll(")", "")
-            .split(/ (?:and|or) /i);
-          for (const aLicense of licenses) {
-            if (!CURRENT_LICENSES.includes(aLicense)) {
-              newLicenses.set(componentID, license.expression);
-              break;
-            }
-          }
-        } else {
-          noLicenses.push(componentID);
-        }
-      }
-    } else {
-      noLicenses.push(componentID);
-    }
-  }
-
-  if (newLicenses.size) {
-    console.log(
-      "The following dependencies have licenses that are not yet used in the project:",
-    );
-    for (const dependency of newLicenses.keys()) {
-      console.log(`  - ${dependency}: ${newLicenses.get(dependency)}`);
-    }
-    console.log(
-      "If the licenses are allowed, add them to CURRENT_LICENSES in 'bin/licenses.js'.",
-    );
-  }
-
-  if (noLicenses.length) {
-    console.log("The following dependencies have NO license:");
-    for (const dependency of noLicenses) {
-      console.log(`  - ${dependency}`);
-    }
-    console.log(
-      "If this is correct and the dependency should be allowed, an ignore mechanism should be implemented!",
-    );
-  }
-}
-
-export function checkLicenses() {
-  return newLicenses.size + noLicenses.length;
-}

package/lib/helpers/dependencies.poku.js

@@ -1,11 +0,0 @@
-import { assert, it } from "poku";
-
-import { checkDependencies } from "../../bin/dependencies.js";
-
-it("checks dependency overrides in package.json vs installed in pnpm-lock.yaml", async () => {
-  assert.equal(
-    checkDependencies(),
-    0,
-    "There shouldn't have been dependency discrepancies",
-  );
-});

package/lib/helpers/licenses.poku.js

@@ -1,11 +0,0 @@
-import { assert, it } from "poku";
-
-import { checkLicenses } from "../../bin/licenses.js";
-
-it("checks dependency licenses", async () => {
-  assert.equal(
-    checkLicenses(),
-    0,
-    "There shouldn't have been license discrepancies",
-  );
-});

package/types/lib/third-party/arborist/lib/arborist/load-actual.d.ts

@@ -1,34 +0,0 @@
-export default ActualLoader;
-declare function ActualLoader(cls: any): {
-    new (options: any): {
-        [x: string]: any;
-        "__#private@#actualTree": any;
-        "__#private@#actualTreeLoaded": any;
-        "__#private@#actualTreePromise": any;
-        "__#private@#cache": any;
-        "__#private@#filter": any;
-        "__#private@#topNodes": any;
-        "__#private@#transplantFilter": any;
-        actualTree: any;
-        loadActual(options?: {}): Promise<any>;
-        "__#private@#loadActual"(options: any): Promise<any>;
-        "__#private@#transplant"(root: any): void;
-        "__#private@#loadFSNode"({ path, parent, real, root, loadOverrides, useRootOverrides, }: {
-            path: any;
-            parent: any;
-            real: any;
-            root: any;
-            loadOverrides: any;
-            useRootOverrides: any;
-        }): Promise<any>;
-        "__#private@#newNode"(options: any): Node;
-        "__#private@#newLink"(options: any): Promise<Link>;
-        "__#private@#loadFSTree"(node: any): any;
-        "__#private@#loadFSChildren"(node: any): Promise<any>;
-        "__#private@#findMissingEdges"(): Promise<void>;
-    };
-    [x: string]: any;
-};
-import Node from "../node.js";
-import Link from "../link.js";
-//# sourceMappingURL=load-actual.d.ts.map

package/types/lib/third-party/arborist/lib/arborist/load-actual.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"load-actual.d.ts","sourceRoot":"","sources":["../../../../../../lib/third-party/arborist/lib/arborist/load-actual.js"],"names":[],"mappings":";AAsBA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqbG;iBAhcc,YAAY;iBADZ,YAAY"}

package/types/lib/third-party/arborist/lib/arborist/load-virtual.d.ts

@@ -1,24 +0,0 @@
-export default VirtualLoader;
-declare function VirtualLoader(cls: any): {
-    new (options: any): {
-        [x: string]: any;
-        "__#private@#rootOptionProvided": any;
-        virtualTree: any;
-        loadVirtual(options?: {}): Promise<any>;
-        "__#private@#loadRoot"(s: any): Promise<any>;
-        "__#private@#loadFromShrinkwrap"(s: any, root: any): Promise<any>;
-        "__#private@#checkRootEdges"(s: any, root: any): boolean;
-        "__#private@#resolveNodes"(s: any, root: any): {
-            links: any;
-            nodes: any;
-        };
-        "__#private@#resolveLinks"(links: any, nodes: any): Promise<void>;
-        "__#private@#assignBundles"(nodes: any): void;
-        "__#private@#loadNode"(location: any, sw: any, loadOverrides: any): Node;
-        "__#private@#loadLink"(location: any, targetLoc: any, target: any): Link;
-    };
-    [x: string]: any;
-};
-import Node from "../node.js";
-import Link from "../link.js";
-//# sourceMappingURL=load-virtual.d.ts.map

package/types/lib/third-party/arborist/lib/arborist/load-virtual.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"load-virtual.d.ts","sourceRoot":"","sources":["../../../../../../lib/third-party/arborist/lib/arborist/load-virtual.js"],"names":[],"mappings":";AAmBA;;;;;;;;;;;;;;;;;;;EAmTG;iBA3Tc,YAAY;iBADZ,YAAY"}

package/types/lib/third-party/arborist/lib/tracker.d.ts

@@ -1,13 +0,0 @@
-export default Tracker;
-declare function Tracker(cls: any): {
-    new (): {
-        [x: string]: any;
-        "__#private@#progress": any;
-        "__#private@#createTracker"(key: any, name: any): void;
-        addTracker(section: any, subsection?: any, key?: any): void;
-        finishTracker(section: any, subsection?: any, key?: any): void;
-        "__#private@#onError"(msg: any): void;
-    };
-    [x: string]: any;
-};
-//# sourceMappingURL=tracker.d.ts.map

package/types/lib/third-party/arborist/lib/tracker.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tracker.d.ts","sourceRoot":"","sources":["../../../../../lib/third-party/arborist/lib/tracker.js"],"names":[],"mappings":";AAEA;;;;;;;;;;EAoFG"}