npm - @cyclonedx/cdxgen - Versions diffs - 12.3.0 → 12.3.2 - Mend

@cyclonedx/cdxgen 12.3.0 → 12.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (121) hide show

package/README.md +15 -5
package/bin/audit.js +7 -0
package/bin/cdxgen.js +241 -81
package/bin/repl.js +138 -0
package/data/rules/ai-agent-governance.yaml +249 -0
package/data/rules/dependency-sources.yaml +41 -0
package/data/rules/mcp-servers.yaml +304 -0
package/data/rules/package-integrity.yaml +123 -0
package/lib/audit/index.js +353 -29
package/lib/audit/index.poku.js +247 -7
package/lib/audit/reporters.js +26 -0
package/lib/audit/scoring.js +262 -13
package/lib/audit/scoring.poku.js +179 -0
package/lib/audit/targets.js +391 -2
package/lib/audit/targets.poku.js +416 -3
package/lib/cli/index.js +588 -45
package/lib/cli/index.poku.js +735 -1
package/lib/evinser/evinser.js +8 -5
package/lib/helpers/agentFormulationParser.js +318 -0
package/lib/helpers/aiInventory.js +262 -0
package/lib/helpers/aiInventory.poku.js +111 -0
package/lib/helpers/analyzer.js +1769 -0
package/lib/helpers/analyzer.poku.js +284 -3
package/lib/helpers/auditCategories.js +76 -0
package/lib/helpers/ciParsers/githubActions.js +140 -16
package/lib/helpers/ciParsers/githubActions.poku.js +110 -0
package/lib/helpers/communityAiConfigParser.js +672 -0
package/lib/helpers/communityAiConfigParser.poku.js +63 -0
package/lib/helpers/depsUtils.js +108 -0
package/lib/helpers/depsUtils.poku.js +72 -1
package/lib/helpers/display.js +325 -3
package/lib/helpers/display.poku.js +301 -0
package/lib/helpers/formulationParsers.js +28 -0
package/lib/helpers/formulationParsers.poku.js +504 -1
package/lib/helpers/jsonLike.js +102 -0
package/lib/helpers/jsonLike.poku.js +34 -0
package/lib/helpers/mcp.js +248 -0
package/lib/helpers/mcp.poku.js +101 -0
package/lib/helpers/mcpConfigParser.js +656 -0
package/lib/helpers/mcpConfigParser.poku.js +126 -0
package/lib/helpers/mcpDiscovery.js +84 -0
package/lib/helpers/mcpDiscovery.poku.js +21 -0
package/lib/helpers/protobom.js +3 -3
package/lib/helpers/provenanceUtils.js +29 -4
package/lib/helpers/provenanceUtils.poku.js +29 -3
package/lib/helpers/registryProvenance.js +210 -0
package/lib/helpers/registryProvenance.poku.js +144 -0
package/lib/helpers/rustFormulationParser.js +330 -0
package/lib/helpers/source.js +21 -2
package/lib/helpers/source.poku.js +38 -0
package/lib/helpers/utils.js +1331 -83
package/lib/helpers/utils.poku.js +599 -188
package/lib/helpers/vsixutils.js +12 -4
package/lib/helpers/vsixutils.poku.js +34 -0
package/lib/managers/binary.js +36 -12
package/lib/managers/binary.poku.js +68 -0
package/lib/managers/docker.js +59 -9
package/lib/managers/docker.poku.js +61 -0
package/lib/managers/piptree.js +12 -7
package/lib/managers/piptree.poku.js +44 -0
package/lib/stages/postgen/annotator.js +2 -1
package/lib/stages/postgen/annotator.poku.js +15 -0
package/lib/stages/postgen/auditBom.js +20 -6
package/lib/stages/postgen/auditBom.poku.js +694 -1
package/lib/stages/postgen/postgen.js +262 -11
package/lib/stages/postgen/postgen.poku.js +306 -2
package/lib/stages/postgen/ruleEngine.js +49 -1
package/lib/stages/postgen/spdxConverter.poku.js +70 -0
package/lib/stages/pregen/pregen.js +6 -4
package/package.json +1 -1
package/types/bin/repl.d.ts.map +1 -1
package/types/lib/audit/index.d.ts.map +1 -1
package/types/lib/audit/reporters.d.ts.map +1 -1
package/types/lib/audit/scoring.d.ts.map +1 -1
package/types/lib/audit/targets.d.ts +12 -0
package/types/lib/audit/targets.d.ts.map +1 -1
package/types/lib/cli/index.d.ts +2 -8
package/types/lib/cli/index.d.ts.map +1 -1
package/types/lib/evinser/evinser.d.ts.map +1 -1
package/types/lib/helpers/agentFormulationParser.d.ts +19 -0
package/types/lib/helpers/agentFormulationParser.d.ts.map +1 -0
package/types/lib/helpers/aiInventory.d.ts +23 -0
package/types/lib/helpers/aiInventory.d.ts.map +1 -0
package/types/lib/helpers/analyzer.d.ts +10 -0
package/types/lib/helpers/analyzer.d.ts.map +1 -1
package/types/lib/helpers/auditCategories.d.ts +12 -0
package/types/lib/helpers/auditCategories.d.ts.map +1 -0
package/types/lib/helpers/ciParsers/githubActions.d.ts.map +1 -1
package/types/lib/helpers/communityAiConfigParser.d.ts +29 -0
package/types/lib/helpers/communityAiConfigParser.d.ts.map +1 -0
package/types/lib/helpers/depsUtils.d.ts +8 -0
package/types/lib/helpers/depsUtils.d.ts.map +1 -1
package/types/lib/helpers/display.d.ts +17 -1
package/types/lib/helpers/display.d.ts.map +1 -1
package/types/lib/helpers/formulationParsers.d.ts.map +1 -1
package/types/lib/helpers/jsonLike.d.ts +4 -0
package/types/lib/helpers/jsonLike.d.ts.map +1 -0
package/types/lib/helpers/mcp.d.ts +29 -0
package/types/lib/helpers/mcp.d.ts.map +1 -0
package/types/lib/helpers/mcpConfigParser.d.ts +30 -0
package/types/lib/helpers/mcpConfigParser.d.ts.map +1 -0
package/types/lib/helpers/mcpDiscovery.d.ts +5 -0
package/types/lib/helpers/mcpDiscovery.d.ts.map +1 -0
package/types/lib/helpers/provenanceUtils.d.ts +5 -3
package/types/lib/helpers/provenanceUtils.d.ts.map +1 -1
package/types/lib/helpers/registryProvenance.d.ts +9 -0
package/types/lib/helpers/registryProvenance.d.ts.map +1 -1
package/types/lib/helpers/rustFormulationParser.d.ts +17 -0
package/types/lib/helpers/rustFormulationParser.d.ts.map +1 -0
package/types/lib/helpers/source.d.ts.map +1 -1
package/types/lib/helpers/utils.d.ts +31 -1
package/types/lib/helpers/utils.d.ts.map +1 -1
package/types/lib/helpers/vsixutils.d.ts.map +1 -1
package/types/lib/managers/binary.d.ts.map +1 -1
package/types/lib/managers/docker.d.ts.map +1 -1
package/types/lib/managers/piptree.d.ts.map +1 -1
package/types/lib/stages/postgen/annotator.d.ts.map +1 -1
package/types/lib/stages/postgen/auditBom.d.ts.map +1 -1
package/types/lib/stages/postgen/postgen.d.ts.map +1 -1
package/types/lib/stages/postgen/ruleEngine.d.ts.map +1 -1
package/types/lib/stages/pregen/pregen.d.ts.map +1 -1

package/lib/helpers/aiInventory.poku.js ADDED Viewed

@@ -0,0 +1,111 @@
+import { assert, describe, it } from "poku";
+import {
+  filterInventoryDependencies,
+  inventoryTypesForSubject,
+  matchesAiInventoryExcludeType,
+  matchesAiInventoryType,
+  summarizeAiInventory,
+} from "./aiInventory.js";
+describe("aiInventory", () => {
+  it("classifies agent-derived MCP services as both mcp and ai-skill", () => {
+    const service = {
+      "bom-ref": "urn:service:agent-mcp:demo:1",
+      group: "mcp",
+      properties: [
+        { name: "cdx:mcp:inventorySource", value: "agent-file" },
+        { name: "cdx:mcp:serviceType", value: "inferred-endpoint" },
+      ],
+    };
+    assert.deepStrictEqual(inventoryTypesForSubject(service).sort(), [
+      "ai-skill",
+      "mcp",
+    ]);
+    assert.strictEqual(matchesAiInventoryType(service, "mcp"), true);
+    assert.strictEqual(matchesAiInventoryType(service, "ai-skill"), true);
+  });
+  it("limits MCP exclusion matching to AI inventory services, files, and primitives", () => {
+    const mcpPackage = {
+      "bom-ref": "pkg:npm/@modelcontextprotocol/server-filesystem@1.0.0",
+      name: "@modelcontextprotocol/server-filesystem",
+      purl: "pkg:npm/%40modelcontextprotocol/server-filesystem@1.0.0",
+    };
+    const mcpPrimitive = {
+      "bom-ref": "urn:mcp:tool:docs:search",
+      properties: [{ name: "cdx:mcp:role", value: "tool" }],
+      tags: ["mcp", "mcp-tool"],
+    };
+    const mcpConfig = {
+      "bom-ref": "file:/repo/.vscode/mcp.json",
+      properties: [{ name: "cdx:file:kind", value: "mcp-config" }],
+      type: "file",
+    };
+    const mcpService = {
+      "bom-ref": "urn:service:mcp:docs:latest",
+      group: "mcp",
+      properties: [{ name: "cdx:mcp:inventorySource", value: "config-file" }],
+    };
+    assert.strictEqual(matchesAiInventoryExcludeType(mcpPackage, "mcp"), false);
+    assert.strictEqual(
+      matchesAiInventoryExcludeType(mcpPrimitive, "mcp"),
+      true,
+    );
+    assert.strictEqual(matchesAiInventoryExcludeType(mcpConfig, "mcp"), true);
+    assert.strictEqual(matchesAiInventoryExcludeType(mcpService, "mcp"), true);
+  });
+  it("filters dependencies to retained component and service refs", () => {
+    const components = [{ "bom-ref": "file:/repo/CLAUDE.md" }];
+    const services = [{ "bom-ref": "urn:service:mcp:docs:latest" }];
+    const filtered = filterInventoryDependencies(
+      [
+        {
+          ref: "urn:service:mcp:docs:latest",
+          provides: ["file:/repo/CLAUDE.md", "urn:service:mcp:other:latest"],
+        },
+        {
+          ref: "urn:service:mcp:missing:latest",
+          provides: ["file:/repo/CLAUDE.md"],
+        },
+      ],
+      components,
+      services,
+    );
+    assert.deepStrictEqual(filtered, [
+      {
+        ref: "urn:service:mcp:docs:latest",
+        provides: ["file:/repo/CLAUDE.md"],
+      },
+    ]);
+  });
+  it("summarizes AI inventory counts for instructions, skills, configs, and services", () => {
+    const summary = summarizeAiInventory({
+      components: [
+        {
+          properties: [{ name: "cdx:file:kind", value: "agent-instructions" }],
+        },
+        {
+          properties: [
+            { name: "cdx:file:kind", value: "copilot-instructions" },
+          ],
+        },
+        {
+          properties: [{ name: "cdx:file:kind", value: "skill-file" }],
+        },
+        {
+          properties: [{ name: "cdx:file:kind", value: "mcp-config" }],
+        },
+      ],
+      services: [{ name: "releaseDocs" }, { name: "deployBot" }],
+    });
+    assert.deepStrictEqual(summary, {
+      instructionCount: 2,
+      mcpConfigCount: 1,
+      mcpServiceCount: 2,
+      skillCount: 1,
+    });
+  });
+});