npm - @cyclonedx/cdxgen - Versions diffs - 12.1.4 → 12.2.0 - Mend

@cyclonedx/cdxgen 12.1.4 → 12.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (184) hide show

package/README.md +47 -39
package/bin/cdxgen.js +181 -90
package/bin/evinse.js +4 -4
package/bin/repl.js +3 -3
package/bin/sign.js +102 -0
package/bin/validate.js +233 -0
package/bin/verify.js +69 -28
package/data/queries.json +1 -1
package/data/rules/ci-permissions.yaml +186 -0
package/data/rules/dependency-sources.yaml +123 -0
package/data/rules/package-integrity.yaml +135 -0
package/data/rules/vscode-extensions.yaml +228 -0
package/lib/cli/index.js +484 -440
package/lib/evinser/db.js +137 -0
package/lib/{helpers → evinser}/db.poku.js +2 -6
package/lib/evinser/evinser.js +5 -18
package/lib/evinser/swiftsem.js +1 -1
package/lib/helpers/bomSigner.js +312 -0
package/lib/helpers/bomSigner.poku.js +156 -0
package/lib/helpers/caxa.js +1 -1
package/lib/helpers/ciParsers/azurePipelines.js +295 -0
package/lib/helpers/ciParsers/azurePipelines.poku.js +253 -0
package/lib/helpers/ciParsers/circleCi.js +286 -0
package/lib/helpers/ciParsers/circleCi.poku.js +230 -0
package/lib/helpers/ciParsers/common.js +24 -0
package/lib/helpers/ciParsers/githubActions.js +636 -0
package/lib/helpers/ciParsers/githubActions.poku.js +802 -0
package/lib/helpers/ciParsers/gitlabCi.js +213 -0
package/lib/helpers/ciParsers/gitlabCi.poku.js +247 -0
package/lib/helpers/ciParsers/jenkins.js +181 -0
package/lib/helpers/ciParsers/jenkins.poku.js +197 -0
package/lib/helpers/depsUtils.js +203 -0
package/lib/helpers/depsUtils.poku.js +150 -0
package/lib/helpers/display.js +429 -14
package/lib/helpers/envcontext.js +23 -8
package/lib/helpers/formulationParsers.js +351 -0
package/lib/helpers/logger.js +14 -0
package/lib/helpers/protobom.js +9 -9
package/lib/helpers/pythonutils.js +305 -0
package/lib/helpers/pythonutils.poku.js +469 -0
package/lib/helpers/utils.js +970 -528
package/lib/helpers/utils.poku.js +139 -256
package/lib/helpers/versutils.js +202 -0
package/lib/helpers/versutils.poku.js +315 -0
package/lib/helpers/vsixutils.js +1061 -0
package/lib/helpers/vsixutils.poku.js +2247 -0
package/lib/managers/binary.js +19 -19
package/lib/managers/docker.js +108 -1
package/lib/managers/oci.js +10 -0
package/lib/managers/piptree.js +4 -10
package/lib/parsers/npmrc.js +92 -0
package/lib/parsers/npmrc.poku.js +528 -0
package/lib/server/openapi.yaml +1 -10
package/lib/server/server.js +58 -16
package/lib/server/server.poku.js +123 -144
package/lib/stages/postgen/annotator.js +1 -1
package/lib/stages/postgen/auditBom.js +197 -0
package/lib/stages/postgen/auditBom.poku.js +378 -0
package/lib/stages/postgen/postgen.js +54 -1
package/lib/stages/postgen/postgen.poku.js +90 -1
package/lib/stages/postgen/ruleEngine.js +369 -0
package/lib/stages/pregen/envAudit.js +299 -0
package/lib/stages/pregen/envAudit.poku.js +572 -0
package/lib/stages/pregen/pregen.js +12 -8
package/lib/third-party/arborist/lib/deepest-nesting-target.js +1 -1
package/lib/third-party/arborist/lib/node.js +3 -3
package/lib/third-party/arborist/lib/shrinkwrap.js +1 -1
package/lib/third-party/arborist/lib/tree-check.js +1 -1
package/lib/{helpers/validator.js → validator/bomValidator.js} +107 -47
package/lib/validator/complianceEngine.js +241 -0
package/lib/validator/complianceEngine.poku.js +168 -0
package/lib/validator/complianceRules.js +1610 -0
package/lib/validator/complianceRules.poku.js +328 -0
package/lib/validator/index.js +222 -0
package/lib/validator/index.poku.js +144 -0
package/lib/validator/reporters/annotations.js +121 -0
package/lib/validator/reporters/console.js +149 -0
package/lib/validator/reporters/index.js +41 -0
package/lib/validator/reporters/json.js +37 -0
package/lib/validator/reporters/sarif.js +184 -0
package/lib/validator/reporters.poku.js +150 -0
package/package.json +8 -8
package/types/bin/sign.d.ts +3 -0
package/types/bin/sign.d.ts.map +1 -0
package/types/bin/validate.d.ts +3 -0
package/types/bin/validate.d.ts.map +1 -0
package/types/helpers/utils.d.ts +0 -1
package/types/lib/cli/index.d.ts +49 -52
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/evinser/db.d.ts +34 -0
package/types/lib/evinser/db.d.ts.map +1 -0
package/types/lib/evinser/evinser.d.ts +63 -16
package/types/lib/evinser/evinser.d.ts.map +1 -1
package/types/lib/helpers/bomSigner.d.ts +27 -0
package/types/lib/helpers/bomSigner.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/azurePipelines.d.ts +17 -0
package/types/lib/helpers/ciParsers/azurePipelines.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/circleCi.d.ts +17 -0
package/types/lib/helpers/ciParsers/circleCi.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/common.d.ts +11 -0
package/types/lib/helpers/ciParsers/common.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/githubActions.d.ts +34 -0
package/types/lib/helpers/ciParsers/githubActions.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/gitlabCi.d.ts +17 -0
package/types/lib/helpers/ciParsers/gitlabCi.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/jenkins.d.ts +17 -0
package/types/lib/helpers/ciParsers/jenkins.d.ts.map +1 -0
package/types/lib/helpers/depsUtils.d.ts +21 -0
package/types/lib/helpers/depsUtils.d.ts.map +1 -0
package/types/lib/helpers/display.d.ts +111 -11
package/types/lib/helpers/display.d.ts.map +1 -1
package/types/lib/helpers/envcontext.d.ts +19 -7
package/types/lib/helpers/envcontext.d.ts.map +1 -1
package/types/lib/helpers/formulationParsers.d.ts +50 -0
package/types/lib/helpers/formulationParsers.d.ts.map +1 -0
package/types/lib/helpers/logger.d.ts +15 -1
package/types/lib/helpers/logger.d.ts.map +1 -1
package/types/lib/helpers/protobom.d.ts +2 -2
package/types/lib/helpers/pythonutils.d.ts +18 -0
package/types/lib/helpers/pythonutils.d.ts.map +1 -0
package/types/lib/helpers/utils.d.ts +532 -128
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/helpers/versutils.d.ts +8 -0
package/types/lib/helpers/versutils.d.ts.map +1 -0
package/types/lib/helpers/vsixutils.d.ts +130 -0
package/types/lib/helpers/vsixutils.d.ts.map +1 -0
package/types/lib/managers/docker.d.ts +12 -31
package/types/lib/managers/docker.d.ts.map +1 -1
package/types/lib/managers/oci.d.ts +11 -1
package/types/lib/managers/oci.d.ts.map +1 -1
package/types/lib/managers/piptree.d.ts.map +1 -1
package/types/lib/parsers/npmrc.d.ts +26 -0
package/types/lib/parsers/npmrc.d.ts.map +1 -0
package/types/lib/server/server.d.ts +21 -2
package/types/lib/server/server.d.ts.map +1 -1
package/types/lib/stages/postgen/auditBom.d.ts +20 -0
package/types/lib/stages/postgen/auditBom.d.ts.map +1 -0
package/types/lib/stages/postgen/postgen.d.ts +8 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/types/lib/stages/postgen/ruleEngine.d.ts +18 -0
package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -0
package/types/lib/stages/pregen/envAudit.d.ts +8 -0
package/types/lib/stages/pregen/envAudit.d.ts.map +1 -0
package/types/lib/stages/pregen/pregen.d.ts.map +1 -1
package/types/lib/{helpers/validator.d.ts → validator/bomValidator.d.ts} +1 -1
package/types/lib/validator/bomValidator.d.ts.map +1 -0
package/types/lib/validator/complianceEngine.d.ts +66 -0
package/types/lib/validator/complianceEngine.d.ts.map +1 -0
package/types/lib/validator/complianceRules.d.ts +70 -0
package/types/lib/validator/complianceRules.d.ts.map +1 -0
package/types/lib/validator/index.d.ts +70 -0
package/types/lib/validator/index.d.ts.map +1 -0
package/types/lib/validator/reporters/annotations.d.ts +31 -0
package/types/lib/validator/reporters/annotations.d.ts.map +1 -0
package/types/lib/validator/reporters/console.d.ts +30 -0
package/types/lib/validator/reporters/console.d.ts.map +1 -0
package/types/lib/validator/reporters/index.d.ts +21 -0
package/types/lib/validator/reporters/index.d.ts.map +1 -0
package/types/lib/validator/reporters/json.d.ts +11 -0
package/types/lib/validator/reporters/json.d.ts.map +1 -0
package/types/lib/validator/reporters/sarif.d.ts +16 -0
package/types/lib/validator/reporters/sarif.d.ts.map +1 -0
package/lib/helpers/db.js +0 -162
package/types/helpers/db.d.ts +0 -35
package/types/helpers/db.d.ts.map +0 -1
package/types/lib/helpers/db.d.ts +0 -35
package/types/lib/helpers/db.d.ts.map +0 -1
package/types/lib/helpers/validator.d.ts.map +0 -1
package/types/managers/binary.d.ts +0 -37
package/types/managers/binary.d.ts.map +0 -1
package/types/managers/docker.d.ts +0 -56
package/types/managers/docker.d.ts.map +0 -1
package/types/managers/oci.d.ts +0 -2
package/types/managers/oci.d.ts.map +0 -1
package/types/managers/piptree.d.ts +0 -2
package/types/managers/piptree.d.ts.map +0 -1
package/types/server/server.d.ts +0 -34
package/types/server/server.d.ts.map +0 -1
package/types/stages/postgen/annotator.d.ts +0 -27
package/types/stages/postgen/annotator.d.ts.map +0 -1
package/types/stages/postgen/postgen.d.ts +0 -51
package/types/stages/postgen/postgen.d.ts.map +0 -1
package/types/stages/pregen/pregen.d.ts +0 -59
package/types/stages/pregen/pregen.d.ts.map +0 -1

package/types/lib/helpers/ciParsers/githubActions.d.ts ADDED Viewed

@@ -0,0 +1,34 @@
+/**
+ * Parse a single GitHub Actions workflow file and return formulation-shaped data.
+ *
+ * Reads and parses the YAML, then walks every job and step to produce:
+ * - **workflows** – CycloneDX formulation workflow objects with tasks
+ * - **components** – action references (`pkg:github/…`) and run-step processes
+ * - **dependencies** – workflow→job and job→action/step edges
+ *
+ * @param {string} f - Absolute path to a workflow YAML file.
+ * @param {Object} options - CLI options
+ * @returns {{ workflows: Object[], components: Object[], dependencies: Object[] }}
+ */
+export function parseWorkflowFile(f: string, options: Object): {
+    workflows: Object[];
+    components: Object[];
+    dependencies: Object[];
+};
+export namespace githubActionsParser {
+    let id: string;
+    let patterns: string[];
+    /**
+     * @param {string[]} files Matched workflow file paths
+     * @param {Object} options CLI options
+     * @returns {{ workflows: Object[], components: Object[], services: Object[], properties: Object[], dependencies: Object[] }}
+     */
+    function parse(files: string[], options: Object): {
+        workflows: Object[];
+        components: Object[];
+        services: Object[];
+        properties: Object[];
+        dependencies: Object[];
+    };
+}
+//# sourceMappingURL=githubActions.d.ts.map

package/types/lib/helpers/ciParsers/githubActions.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"githubActions.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/ciParsers/githubActions.js"],"names":[],"mappings":"AA0QA;;;;;;;;;;;GAWG;AACH,qCAJW,MAAM,WACN,MAAM,GACJ;IAAE,SAAS,EAAE,MAAM,EAAE,CAAC;IAAC,UAAU,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CAgUjF;;;;IAeC;;;;OAIG;IACH,sBAJW,MAAM,EAAE,WACR,MAAM,GACJ;QAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAoB3H"}

package/types/lib/helpers/ciParsers/gitlabCi.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+export namespace gitlabCiParser {
+    let id: string;
+    let patterns: string[];
+    /**
+     * @param {string[]} files Matched CI config file paths
+     * @param {Object} options CLI options
+     * @returns {{ workflows: Object[], components: Object[], services: Object[], properties: Object[], dependencies: Object[] }}
+     */
+    function parse(files: string[], options: Object): {
+        workflows: Object[];
+        components: Object[];
+        services: Object[];
+        properties: Object[];
+        dependencies: Object[];
+    };
+}
+//# sourceMappingURL=gitlabCi.d.ts.map

package/types/lib/helpers/ciParsers/gitlabCi.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"gitlabCi.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/ciParsers/gitlabCi.js"],"names":[],"mappings":";;;IA+LE;;;;OAIG;IACH,sBAJW,MAAM,EAAE,WACR,MAAM,GACJ;QAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAiB3H"}

package/types/lib/helpers/ciParsers/jenkins.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+export namespace jenkinsParser {
+    let id: string;
+    let patterns: string[];
+    /**
+     * @param {string[]} files Matched Jenkinsfile paths
+     * @param {Object} options CLI options
+     * @returns {{ workflows: Object[], components: Object[], services: Object[], properties: Object[], dependencies: Object[] }}
+     */
+    function parse(files: string[], options: Object): {
+        workflows: Object[];
+        components: Object[];
+        services: Object[];
+        properties: Object[];
+        dependencies: Object[];
+    };
+}
+//# sourceMappingURL=jenkins.d.ts.map

package/types/lib/helpers/ciParsers/jenkins.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"jenkins.d.ts","sourceRoot":"","sources":["../../../../lib/helpers/ciParsers/jenkins.js"],"names":[],"mappings":";;;IA2JE;;;;OAIG;IACH,sBAJW,MAAM,EAAE,WACR,MAAM,GACJ;QAAE,SAAS,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;QAAC,UAAU,EAAE,MAAM,EAAE,CAAC;QAAC,YAAY,EAAE,MAAM,EAAE,CAAA;KAAE,CAqB3H"}

package/types/lib/helpers/depsUtils.d.ts ADDED Viewed

@@ -0,0 +1,21 @@
+/**
+ * Merges two CycloneDX dependency arrays into a single deduplicated list.
+ * For each unique ref, the dependsOn and provides sets from both arrays are
+ * combined. Self-referential entries pointing to the parent component are
+ * removed from all dependsOn and provides lists.
+ *
+ * @param {Object[]} dependencies First array of dependency objects
+ * @param {Object[]} newDependencies Second array of dependency objects to merge
+ * @param {Object} parentComponent Parent component whose bom-ref is used to filter self-references
+ * @returns {Object[]} Merged and deduplicated array of dependency objects
+ */
+export function mergeDependencies(dependencies: Object[], newDependencies: Object[], parentComponent?: Object): Object[];
+/**
+ * Trim duplicate components by retaining all the properties
+ *
+ * @param {Array} components Components
+ *
+ * @returns {Array} Filtered components
+ */
+export function trimComponents(components: any[]): any[];
+//# sourceMappingURL=depsUtils.d.ts.map

package/types/lib/helpers/depsUtils.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"depsUtils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/depsUtils.js"],"names":[],"mappings":"AAEA;;;;;;;;;;GAUG;AACH,gDALW,MAAM,EAAE,mBACR,MAAM,EAAE,oBACR,MAAM,GACJ,MAAM,EAAE,CAuEpB;AAED;;;;;;GAMG;AACH,yDA+GC"}

package/types/lib/helpers/display.d.ts CHANGED Viewed

@@ -1,12 +1,112 @@
-export function printTable(bomJson: any, filterTypes?: undefined, highlight?: undefined): void;
-export function printOSTable(bomJson: any): void;
-export function printServices(bomJson: any): void;
-export function printFormulation(bomJson: any): void;
-export function printOccurrences(bomJson: any): void;
-export function printCallStack(bomJson: any): void;
-export function printDependencyTree(bomJson: any, mode?: string, highlight?: undefined): void;
-export function printReachables(sliceArtefacts: any): void;
-export function printVulnerabilities(vulnerabilities: any): void;
-export function printSponsorBanner(options: any): void;
-export function printSummary(bomJson: any): void;
+/**
+ * Prints the BOM components as a streaming table to the console.
+ * Delegates to {@link printOSTable} automatically when the BOM metadata indicates
+ * an operating-system or platform component type.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object
+ * @param {string[]} [filterTypes] Optional list of component types to include; all types shown when omitted
+ * @param {string} [highlight] Optional string to highlight in the output
+ * @returns {void}
+ */
+export function printTable(bomJson: Object, filterTypes?: string[], highlight?: string): void;
+/**
+ * Prints OS package components from the BOM as a formatted streaming table.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object
+ * @returns {void}
+ */
+export function printOSTable(bomJson: Object): void;
+/**
+ * Prints the services listed in the BOM as a formatted table.
+ * Includes endpoint URLs, authentication flag, and cross-trust-boundary flag.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object
+ * @returns {void}
+ */
+export function printServices(bomJson: Object): void;
+/**
+ * Prints the formulation components from the BOM as a formatted table.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object
+ * @returns {void}
+ */
+export function printFormulation(bomJson: Object): void;
+/**
+ * Prints component evidence occurrences (file locations) as a streaming table.
+ * Only components that have `evidence.occurrences` are included.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object
+ * @returns {void}
+ */
+export function printOccurrences(bomJson: Object): void;
+/**
+ * Prints the call stack evidence for each component in the BOM as a formatted table.
+ * Only components that have `evidence.callstack.frames` are included.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object
+ * @returns {void}
+ */
+export function printCallStack(bomJson: Object): void;
+/**
+ * Prints the dependency tree from the BOM as an ASCII tree diagram.
+ * Uses the `table` library for small trees and plain console output for larger ones.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object containing a `dependencies` array
+ * @param {string} [mode="dependsOn"] Dependency relation to traverse (`"dependsOn"` or `"provides"`)
+ * @param {string} [highlight] Optional string to highlight in the tree output
+ * @returns {void}
+ */
+export function printDependencyTree(bomJson: Object, mode?: string, highlight?: string): void;
+/**
+ * Prints a table of reachable components derived from a reachability slices file.
+ * Aggregates per-purl reachable-flow counts and sorts them descending.
+ *
+ * @param {Object} sliceArtefacts Slice artefact paths, must include `reachablesSlicesFile`
+ * @returns {void}
+ */
+export function printReachables(sliceArtefacts: Object): void;
+/**
+ * Prints a formatted table of CycloneDX vulnerability objects.
+ *
+ * @param {Object[]} vulnerabilities Array of CycloneDX vulnerability objects
+ * @returns {void}
+ */
+export function printVulnerabilities(vulnerabilities: Object[]): void;
+/**
+ * Prints an OWASP donation banner when running in a CI environment.
+ * The banner is suppressed when `options.noBanner` is set or the repository
+ * belongs to the cdxgen project itself.
+ *
+ * @param {Object} options CLI options
+ * @returns {void}
+ */
+export function printSponsorBanner(options: Object): void;
+/**
+ * Prints a BOM summary table including generator tool names, component package types,
+ * and component namespaces extracted from BOM metadata properties.
+ *
+ * @param {Object} bomJson CycloneDX BOM JSON object
+ * @returns {void}
+ */
+export function printSummary(bomJson: Object): void;
+/**
+ * @typedef {{type: string, variable: string, severity: string, message: string, mitigation: string}} EnvAuditFinding
+ */
+/**
+ * Runs the pre-generation environment audit and renders the results as formatted
+ * tables to the console. Called when the --env-audit CLI flag is set.
+ *
+ * @param {string} filePath Project path being scanned
+ * @param {Object} config Loaded .cdxgenrc / config-file values
+ * @param {Object} options Effective CLI options
+ * @param {EnvAuditFinding[]} envAuditFindings Audit findings to display
+ */
+export function displaySelfThreatModel(filePath: string, config: Object, options: Object, envAuditFindings: EnvAuditFinding[]): void;
+export type EnvAuditFinding = {
+    type: string;
+    variable: string;
+    severity: string;
+    message: string;
+    mitigation: string;
+};
 //# sourceMappingURL=display.d.ts.map

package/types/lib/helpers/display.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../../../lib/helpers/display.js"],"names":[],"mappings":"~~AAqBA,+FAuEC~~;AAQD,~~iDAmBC~~;AACD,~~kDAsBC~~;AAED,~~qDAqBC~~;AAeD,~~qDAqCC~~;AAED,~~mDA8CC~~;AACD,~~8FA0CC~~;AA4DD,~~2DAkCC~~;AAED,~~iEA0BC~~;AAED,~~uDAoBC~~;AAED,~~iDAgDC~~"}
1	+ {"version":3,"file":"display.d.ts","sourceRoot":"","sources":["../../../lib/helpers/display.js"],"names":[],"mappings":"AAwBA;;;;;;;;;GASG;AACH,oCALW,MAAM,gBACN,MAAM,EAAE,cACR,MAAM,GACJ,IAAI,CAyEhB;AAQD;;;;;GAKG;AACH,sCAHW,MAAM,GACJ,IAAI,CAqBhB;AACD;;;;;;GAMG;AACH,uCAHW,MAAM,GACJ,IAAI,CAwBhB;AAED;;;;;GAKG;AACH,0CAHW,MAAM,GACJ,IAAI,CAuBhB;AAeD;;;;;;GAMG;AACH,0CAHW,MAAM,GACJ,IAAI,CAuChB;AAED;;;;;;GAMG;AACH,wCAHW,MAAM,GACJ,IAAI,CA4ChB;AACD;;;;;;;;GAQG;AACH,6CALW,MAAM,SACN,MAAM,cACN,MAAM,GACJ,IAAI,CA4ChB;AA4DD;;;;;;GAMG;AACH,gDAHW,MAAM,GACJ,IAAI,CAoChB;AAED;;;;;GAKG;AACH,sDAHW,MAAM,EAAE,GACN,IAAI,CA4BhB;AAED;;;;;;;GAOG;AACH,4CAHW,MAAM,GACJ,IAAI,CAsBhB;AAED;;;;;;GAMG;AACH,sCAHW,MAAM,GACJ,IAAI,CAkDhB;AAED;;GAEG;AAEH;;;;;;;;GAQG;AACH,iDALW,MAAM,UACN,MAAM,WACN,MAAM,oBACN,eAAe,EAAE,QAmU3B;8BA7UY;IAAC,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,UAAU,EAAE,MAAM,CAAA;CAAC"}

package/types/lib/helpers/envcontext.d.ts CHANGED Viewed

@@ -5,14 +5,14 @@
  *
  * @returns Output from git config or undefined
  */
-export function getGitConfig(configKey: string, dir: string): string;
+export function getGitConfig(configKey: string, dir: string): string | undefined;
 /**
  * Retrieves the git origin url
  * @param {string} dir repo directory
  *
  * @returns Output from git config or undefined
  */
-export function getOriginUrl(dir: string): string;
+export function getOriginUrl(dir: string): string | undefined;
 /**
  * Retrieves the git branch name
  * @param {string} configKey Git config key
@@ -20,7 +20,7 @@ export function getOriginUrl(dir: string): string;
  *
  * @returns Output from git config or undefined
  */
-export function getBranch(_configKey: any, dir: string): string;
+export function getBranch(_configKey: any, dir: string): string | undefined;
 /**
  * Retrieves the tree and parent hash for a git repo
  * @param {string} dir repo directory
@@ -43,7 +43,7 @@ export function listFiles(dir: string): any[];
  *
  * @returns Output from the git command
  */
-export function execGitCommand(dir: string, args: any[]): string;
+export function execGitCommand(dir: string, args: any[]): string | undefined;
 /**
  * Collect Java version and installed modules
  *
@@ -155,7 +155,7 @@ export function collectRubyInfo(dir: string): {
  * @param {Array} args Command arguments
  * @returns Object containing swift details
  */
-export function runSwiftCommand(dir: string, args: any[]): string;
+export function runSwiftCommand(dir: string, args: any[]): string | undefined;
 export function collectEnvInfo(dir: any): {
     type: string;
     name: string;
@@ -214,7 +214,15 @@ export function getOrInstallNvmTool(toolVersion: string): string;
  * @returns {Boolean} true if rbenv is available. false otherwise.
  */
 export function isRbenvAvailable(): boolean;
-export function rubyVersionDir(rubyVersion: any): any;
+/**
+ * Returns the rbenv binary directory for the given Ruby version.
+ * Respects the `RBENV_ROOT` environment variable when set; otherwise falls back
+ * to `~/.rbenv/versions/<rubyVersion>/bin`.
+ *
+ * @param {string} rubyVersion Ruby version string (e.g. `"3.2.2"`)
+ * @returns {string} Absolute path to the rbenv bin directory for that version
+ */
+export function rubyVersionDir(rubyVersion: string): string;
 /**
  * Perform bundle install using Ruby container images. Not working cleanly yet.
  *
@@ -230,7 +238,10 @@ export function bundleInstallWithDocker(rubyVersion: any, cdxgenGemHome: any, fi
  * @param filePath File path
  */
 export function installRubyVersion(rubyVersion: any, filePath: any): {
-    fullToolBinDir: any;
+    fullToolBinDir: undefined;
+    status: boolean;
+} | {
+    fullToolBinDir: string;
     status: boolean;
 };
 /**
@@ -261,5 +272,6 @@ export namespace SDKMAN_JAVA_TOOL_ALIASES {
     let java23: any;
     let java24: any;
     let java25: any;
+    let java26: any;
 }
 //# sourceMappingURL=envcontext.d.ts.map

package/types/lib/helpers/envcontext.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"envcontext.d.ts","sourceRoot":"","sources":["../../../lib/helpers/envcontext.js"],"names":[],"mappings":"~~AAyCA~~;;;;;;GAMG;AACH,wCALW,MAAM,OACN,MAAM,~~UAMhB~~;AAED;;;;;GAKG;AACH,kCAJW,MAAM,~~UAMhB~~;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,~~UAMhB~~;AAED;;;;;GAKG;AACH,mCAJW,MAAM,MAsBhB;AAED;;;;;GAKG;AACH,+BAJW,MAAM,SAgChB;AAED;;;;;;;GAOG;AACH,oCALW,MAAM,~~uBAOhB~~;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;;;;;cAsBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;cAgBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;cAwBhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,CAelB;AAED;;;;;GAKG;AACH,oCAHW,MAAM;;;;;cAehB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;cAehB;AAED;;;;;GAKG;AACH,mCAHW,MAAM;;;;cAahB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;cAahB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;cAahB;AAED;;;;;;GAMG;AACH,~~kEAEC~~;AAED;;;;;;;;;IAmCC;~~AAqCD~~;;GAEG;AACH,6CAeC;AAED;;GAEG;AACH,0CASC;AAED;;;;;;;GAOG;AACH,mFAqBC;AAED;;;;;;;GAOG;AACH,+EA+FC;AAED;;;;;;GAMG;AACH,8DAqBC;AAED;;;;;;GAMG;AACH,iEAiCC;AASD;;;;GAIG;AACH,4CAcC;AAED,~~sDAIC~~;AAED;;;;;;GAMG;AACH,sGAoCC;AAED;;;;;GAKG;AACH~~;;;~~EAqFC;AAED;;;;;GAKG;AACH,mFA2DC;AAED;;;;;;;;;GASG;AACH,+GAFa,OAAO,CA8KnB;~~AAliCD~~,8BAAwD"}
1	+ {"version":3,"file":"envcontext.d.ts","sourceRoot":"","sources":["../../../lib/helpers/envcontext.js"],"names":[],"mappings":"AA0CA;;;;;;GAMG;AACH,wCALW,MAAM,OACN,MAAM,sBAMhB;AAED;;;;;GAKG;AACH,kCAJW,MAAM,sBAMhB;AAED;;;;;;GAMG;AACH,gDAJW,MAAM,sBAMhB;AAED;;;;;GAKG;AACH,mCAJW,MAAM,MAsBhB;AAED;;;;;GAKG;AACH,+BAJW,MAAM,SAgChB;AAED;;;;;;;GAOG;AACH,oCALW,MAAM,mCAOhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;;;;;cAsBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;cAgBhB;AAED;;;;;GAKG;AACH,uCAHW,MAAM;;;;;cAwBhB;AAED;;;;;GAKG;AACH,qCAHW,MAAM,GACJ,MAAM,CAelB;AAED;;;;;GAKG;AACH,oCAHW,MAAM;;;;;cAehB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;;cAehB;AAED;;;;;GAKG;AACH,mCAHW,MAAM;;;;cAahB;AAED;;;;;GAKG;AACH,sCAHW,MAAM;;;;cAahB;AAED;;;;;GAKG;AACH,qCAHW,MAAM;;;;cAahB;AAED;;;;;;GAMG;AACH,8EAEC;AAED;;;;;;;;;IAmCC;AA2CD;;GAEG;AACH,6CAeC;AAED;;GAEG;AACH,0CASC;AAED;;;;;;;GAOG;AACH,mFAqBC;AAED;;;;;;;GAOG;AACH,+EA+FC;AAED;;;;;;GAMG;AACH,8DAqBC;AAED;;;;;;GAMG;AACH,iEAiCC;AASD;;;;GAIG;AACH,4CAcC;AAED;;;;;;;GAOG;AACH,4CAHW,MAAM,GACJ,MAAM,CAMlB;AAED;;;;;;GAMG;AACH,sGAoCC;AAED;;;;;GAKG;AACH;;;;;;EAqFC;AAED;;;;;GAKG;AACH,mFA2DC;AAED;;;;;;;;;GASG;AACH,+GAFa,OAAO,CA8KnB;AAjjCD,8BAAwD"}

package/types/lib/helpers/formulationParsers.d.ts ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Register an external formulation parser.
+ *
+ * The parser is appended to the registry and will be invoked by
+ * {@link addFormulationSection} on the next call.
+ *
+ * @param {{ id: string, patterns: string[], parse: Function }} parser
+ */
+export function registerParser(parser: {
+    id: string;
+    patterns: string[];
+    parse: Function;
+}): void;
+/**
+ * Return a shallow copy of the currently registered parsers.
+ *
+ * @returns {Array<{ id: string, patterns: string[], parse: Function }>}
+ */
+export function getParsers(): Array<{
+    id: string;
+    patterns: string[];
+    parse: Function;
+}>;
+/**
+ * Build the formulation section for a CycloneDX BOM.
+ *
+ * This function is the top-level aggregator: it collects git metadata,
+ * invokes every registered CI parser, and merges the results into a single
+ * CycloneDX formulation entry.
+ *
+ * The function falls back to a minimal stub workflow when no CI config files
+ * are detected at the given path.
+ *
+ * @param {string} filePath         File path
+ * @param {Object} options          CLI options; `options.path` is used as the
+ *                                  project root for file discovery.
+ * @param {Object} [context={}]     Optional context object.  If it contains a
+ *                                  non-empty `formulationList` array those
+ *                                  components are merged into the result.
+ *
+ * @returns {{ formulation: Object[], dependencies: Object[] }}
+ *   `formulation` – array to be placed at `bomJson.formulation`
+ *   `dependencies` – dependency objects to be merged into
+ *                    `bomJson.dependencies` via `mergeDependencies`
+ */
+export function addFormulationSection(filePath: string, options: Object, context?: Object): {
+    formulation: Object[];
+    dependencies: Object[];
+};
+//# sourceMappingURL=formulationParsers.d.ts.map

package/types/lib/helpers/formulationParsers.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"formulationParsers.d.ts","sourceRoot":"","sources":["../../../lib/helpers/formulationParsers.js"],"names":[],"mappings":"AA2CA;;;;;;;GAOG;AACH,uCAFW;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,WAAU;CAAE,QAoB7D;AAED;;;;GAIG;AACH,8BAFa,KAAK,CAAC;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,QAAQ,EAAE,MAAM,EAAE,CAAC;IAAC,KAAK,WAAU;CAAE,CAAC,CAItE;AAgDD;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,gDAZW,MAAM,WACN,MAAM,YAEN,MAAM,GAIJ;IAAE,WAAW,EAAE,MAAM,EAAE,CAAC;IAAC,YAAY,EAAE,MAAM,EAAE,CAAA;CAAE,CA+M7D"}

package/types/lib/helpers/logger.d.ts CHANGED Viewed

@@ -1,4 +1,18 @@
-export function thoughtLog(s: any, args: any): void;
+/**
+ * Logs a thought message to the think logger if THINK_MODE is enabled.
+ * Automatically appends a period to the message if it lacks terminal punctuation.
+ *
+ * @param {string} s The thought message to log
+ * @param {Object} [args] Optional additional arguments to log alongside the message
+ * @returns {void}
+ */
+export function thoughtLog(s: string, args?: Object): void;
+/**
+ * Closes the think log group by emitting the closing `</think>` marker.
+ * Has no effect if THINK_MODE is not enabled.
+ *
+ * @returns {void}
+ */
 export function thoughtEnd(): void;
 /**
  * Log trace messages

package/types/lib/helpers/logger.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../lib/helpers/logger.js"],"names":[],"mappings":"AA8CA,~~oDAaC~~;AACD,~~mCAKC~~;AAUD;;;;;GAKG;AACH,kDAFW,MAAM,QAgChB;~~AAxGD~~,6BAG8C;AAe9C,6BAI8C"}
1	+ {"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../../../lib/helpers/logger.js"],"names":[],"mappings":"AA8CA;;;;;;;GAOG;AACH,8BAJW,MAAM,SACN,MAAM,GACJ,IAAI,CAehB;AACD;;;;;GAKG;AACH,8BAFa,IAAI,CAOhB;AAUD;;;;;GAKG;AACH,kDAFW,MAAM,QAgChB;AAtHD,6BAG8C;AAe9C,6BAI8C"}

package/types/lib/helpers/protobom.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 export function writeBinary(bomJson: string | Object, binFile: string): void;
-export function readBinary(binFile: string, asJson?: boolean, specVersion?: number): cdx_16.Bom | cdx_15.Bom | import("@bufbuild/protobuf").JsonValue | undefined;
+export function readBinary(binFile: string, asJson?: boolean, specVersion?: number): cdx_17.Bom | cdx_16.Bom | import("@bufbuild/protobuf").JsonValue | undefined;
+import { cdx_17 } from "@appthreat/cdx-proto";
 import { cdx_16 } from "@appthreat/cdx-proto";
-import { cdx_15 } from "@appthreat/cdx-proto";
 //# sourceMappingURL=protobom.d.ts.map

package/types/lib/helpers/pythonutils.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Universal virtual environment metadata detector
+ * @param {Object} env - Environment variables (defaults to process.env)
+ * @param {string} [explicitPath] - Optional explicit venv path to inspect
+ * @returns {Object} Structured environment metadata
+ */
+export function getVenvMetadata(env?: Object, explicitPath?: string): Object;
+/**
+ * Determines the appropriate Python executable path from a virtual environment.
+ * Inspects the virtual environment metadata to detect the Python type (system,
+ * conda, pyenv, etc.) and returns the most specific executable found, falling
+ * back to the global `PYTHON_CMD` constant when no executable is detected.
+ *
+ * @param {string} env Path to the Python virtual environment directory
+ * @returns {string} Path to the Python executable or the fallback command name
+ */
+export function get_python_command_from_env(env: string): string;
+//# sourceMappingURL=pythonutils.d.ts.map

package/types/lib/helpers/pythonutils.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"pythonutils.d.ts","sourceRoot":"","sources":["../../../lib/helpers/pythonutils.js"],"names":[],"mappings":"AAMA;;;;;GAKG;AACH,sCAJW,MAAM,iBACN,MAAM,GACJ,MAAM,CAyLlB;AAyED;;;;;;;;GAQG;AACH,iDAHW,MAAM,GACJ,MAAM,CA6BlB"}