@cyclonedx/cdxgen 8.1.2 → 8.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.js +2 -2
- package/package.json +1 -1
- package/utils.js +6 -3
- package/utils.test.js +7 -0
package/index.js
CHANGED
|
@@ -1692,7 +1692,7 @@ const createNodejsBom = async (path, options) => {
|
|
|
1692
1692
|
// Parse package-lock.json if available
|
|
1693
1693
|
const parsedList = await utils.parsePkgLock(f);
|
|
1694
1694
|
const dlist = parsedList.pkgList;
|
|
1695
|
-
parentComponent = dlist.splice(0, 1)[0];
|
|
1695
|
+
parentComponent = dlist.splice(0, 1)[0] || {};
|
|
1696
1696
|
parentComponent.type = "application";
|
|
1697
1697
|
if (dlist && dlist.length) {
|
|
1698
1698
|
pkgList = pkgList.concat(dlist);
|
|
@@ -1858,7 +1858,7 @@ const createNodejsBom = async (path, options) => {
|
|
|
1858
1858
|
});
|
|
1859
1859
|
}
|
|
1860
1860
|
// Projects containing just min files or bower
|
|
1861
|
-
if (pkgList
|
|
1861
|
+
if (pkgList) {
|
|
1862
1862
|
return buildBomNSData(options, pkgList, "npm", {
|
|
1863
1863
|
allImports,
|
|
1864
1864
|
src: path,
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.1.
|
|
3
|
+
"version": "8.1.4",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
package/utils.js
CHANGED
|
@@ -352,9 +352,10 @@ const parsePkgLock = async (pkgLockFile) => {
|
|
|
352
352
|
let pkgList = [];
|
|
353
353
|
let dependenciesList = [];
|
|
354
354
|
let depKeys = {};
|
|
355
|
-
let rootPkg =
|
|
355
|
+
let rootPkg = {};
|
|
356
356
|
if (fs.existsSync(pkgLockFile)) {
|
|
357
357
|
const lockData = JSON.parse(fs.readFileSync(pkgLockFile, "utf8"));
|
|
358
|
+
rootPkg.name = lockData.name || "";
|
|
358
359
|
// lockfile v2 onwards
|
|
359
360
|
if (lockData.name && lockData.packages && lockData.packages[""]) {
|
|
360
361
|
// Build the initial dependency tree for the root package
|
|
@@ -390,7 +391,7 @@ const parsePkgLock = async (pkgLockFile) => {
|
|
|
390
391
|
pkgList.push(rootPkg);
|
|
391
392
|
// npm ls command seems to include both dependencies and devDependencies
|
|
392
393
|
// For tree purposes, including only the dependencies should be enough
|
|
393
|
-
let rootPkgDeps =
|
|
394
|
+
let rootPkgDeps = [];
|
|
394
395
|
if (
|
|
395
396
|
lockData.packages &&
|
|
396
397
|
lockData.packages[""] &&
|
|
@@ -982,7 +983,9 @@ const parsePom = function (pomFile) {
|
|
|
982
983
|
if (project && project.dependencies) {
|
|
983
984
|
let dependencies = project.dependencies.dependency;
|
|
984
985
|
// Convert to an array
|
|
985
|
-
if (
|
|
986
|
+
if (!dependencies) {
|
|
987
|
+
dependencies = [];
|
|
988
|
+
} else if (dependencies && !Array.isArray(dependencies)) {
|
|
986
989
|
dependencies = [dependencies];
|
|
987
990
|
}
|
|
988
991
|
for (let adep of dependencies) {
|
package/utils.test.js
CHANGED
|
@@ -978,6 +978,13 @@ test("parsePkgLock", async () => {
|
|
|
978
978
|
"sha512-/r5HiDwOXTjucbBYkrTMpzWQAwil9MH7zSEfKH+RWWZv27r4vDiUd2FiBJItyQoPThLPxaf82IO6gCXyJR0ZnQ=="
|
|
979
979
|
);
|
|
980
980
|
expect(parsedList.dependenciesList.length).toEqual(572);
|
|
981
|
+
parsedList = await utils.parsePkgLock("./test/data/package-lock2.json");
|
|
982
|
+
deps = parsedList.pkgList;
|
|
983
|
+
expect(deps.length).toEqual(1);
|
|
984
|
+
expect(deps[0]).toEqual({
|
|
985
|
+
"bom-ref": "pkg:application/MyProject",
|
|
986
|
+
name: "MyProject"
|
|
987
|
+
});
|
|
981
988
|
});
|
|
982
989
|
|
|
983
990
|
test("parseBowerJson", async () => {
|