@cyclonedx/cdxgen 8.0.1 → 8.0.3

package/README.md

@@ -78,7 +78,7 @@ sudo npm install -g @cyclonedx/cdxgen
 You can also use the cdxgen container image
 
 ```bash
-docker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen -r /app
+docker run --rm -it -v /tmp:/tmp -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen -r /app -o /app/bom.json
 ```
 
 ## Getting Help

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "8.0.1",
+  "version": "8.0.3",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",

package/utils.js

@@ -3616,6 +3616,10 @@ const parseComposerLock = function (pkgLockFile) {
       for (let compScope in packages) {
         for (let i in packages[compScope]) {
           const pkg = packages[compScope][i];
+          // Be extra cautious. Potential fix for #236
+          if (!pkg || !pkg.name || !pkg.version) {
+            continue;
+          }
           let group = path.dirname(pkg.name);
           if (group === ".") {
             group = "";

package/utils.test.js

@@ -1285,6 +1285,23 @@ test("parseComposerLock", () => {
       }
     ]
   });
+
+  deps = utils.parseComposerLock("./test/data/composer-3.lock");
+  expect(deps.length).toEqual(62);
+  expect(deps[0]).toEqual({
+    group: "amphp",
+    name: "amp",
+    version: "2.6.2",
+    repository: {
+      type: "git",
+      url: "https://github.com/amphp/amp.git",
+      reference: "9d5100cebffa729aaffecd3ad25dc5aeea4f13bb"
+    },
+    license: ["MIT"],
+    description: "A non-blocking concurrency framework for PHP applications.",
+    scope: "required",
+    properties: [{ name: "SrcFile", value: "./test/data/composer-3.lock" }]
+  });
 });
 
 test("parseGemfileLockData", async () => {