@cyclonedx/cdxgen 8.1.9 → 8.2.0

package/README.md

@@ -23,6 +23,7 @@ When used with plugins, cdxgen could generate an SBoM for Linux docker images an
 | elixir                                                 | mix.lock                                                                                        | Yes                                                                                      |
 | c/c++                                                  | conan.lock, conanfile.txt                                                                       | Yes only for conan.lock                                                                  |
 | clojure                                                | Clojure CLI (deps.edn), Leiningen (project.clj)                                                 | Yes unless the files are parsed manually due to lack of clojure cli or leiningen command |
+| swift                                                  | Package.resolved, Package.swift (swiftpm)                                                       | Yes                                                                                      |
 | docker / oci image                                     | All supported languages. Linux OS packages with plugins [4]                                     | Best effort based on lock files                                                          |
 | GitHub Actions                                         | .github/workflows/\*.yml                                                                        | N/A                                                                                      |
 | Linux                                                  | All supported languages. Linux OS packages with plugins [5]                                     | Best effort based on lock files                                                          |

package/docker.js

@@ -117,7 +117,11 @@ const getDefaultOptions = () => {
           ? "npipe//./pipe/docker_engine:"
           : "unix:/var/run/docker.sock:";
         */
-        opts.prefixUrl = isWin ? WIN_LOCAL_TLS : "unix:/var/run/docker.sock:";
+        opts.prefixUrl = isWin
+          ? WIN_LOCAL_TLS
+          : isDockerRootless
+          ? `unix:${os.homedir()}/.docker/run/docker.sock:`
+          : "unix:/var/run/docker.sock:";
       }
     }
   } else {
@@ -162,6 +166,18 @@ const getConnection = async (options) => {
       }
     } catch (err) {
       // console.log(err, opts);
+      opts.prefixUrl = `unix:${os.homedir()}/.docker/run/docker.sock:`;
+      try {
+        await got.get("_ping", opts);
+        dockerConn = got.extend(opts);
+        isDockerRootless = true;
+        if (DEBUG_MODE) {
+          console.log("Docker service in rootless mode detected!");
+        }
+        return dockerConn;
+      } catch (err) {
+        // console.log(err, opts);
+      }
       try {
         if (isWin) {
           opts.prefixUrl = WIN_LOCAL_TLS;
@@ -323,7 +339,7 @@ const getImage = async (fullImageName) => {
   }
   try {
     localData = await makeRequest(`images/${repo}/json`);
-    if (DEBUG_MODE) {
+    if (DEBUG_MODE && localData) {
       console.log(localData);
     }
   } catch (err) {

package/index.js

@@ -44,6 +44,11 @@ if (process.env.PIP_CMD) {
   PIP_CMD = process.env.PIP_CMD;
 }
 
+let SWIFT_CMD = "swift";
+if (process.env.SWIFT_CMD) {
+  SWIFT_CMD = process.env.SWIFT_CMD;
+}
+
 // Construct sbt cache directory
 let SBT_CACHE_DIR =
   process.env.SBT_CACHE_DIR || pathLib.join(os.homedir(), ".ivy2", "cache");
@@ -61,6 +66,29 @@ const HASH_PATTERN =
 // Timeout milliseconds. Default 10 mins
 const TIMEOUT_MS = parseInt(process.env.CDXGEN_TIMEOUT_MS) || 10 * 60 * 1000;
 
+const createDefaultParentComponent = (path) => {
+  // Create a parent component based on the directory name
+  let dirName = pathLib.dirname(path);
+  const tmpA = dirName.split(pathLib.sep);
+  dirName = tmpA[tmpA.length - 1];
+  const parentComponent = {
+    group: "",
+    name: dirName,
+    type: "application"
+  };
+  const ppurl = new PackageURL(
+    "application",
+    parentComponent.group,
+    parentComponent.name,
+    parentComponent.version,
+    null,
+    null
+  ).toString();
+  parentComponent["bom-ref"] = ppurl;
+  parentComponent["purl"] = ppurl;
+  return parentComponent;
+};
+
 const determineParentComponent = (options) => {
   let parentComponent = undefined;
   if (options.projectName && options.projectVersion) {
@@ -1008,13 +1036,13 @@ const createJavaBom = async (path, options) => {
               "Resolve the above maven error. This could be due to the following:\n"
             );
             console.log(
-              "1. Java version requirement - Scan or the CI build agent could be using an incompatible version"
+              "1. Java version requirement: cdxgen container image bundles Java 17 with gradle 8 which might be incompatible."
             );
             console.log(
-              "2. Private maven repository is not serving all the required maven plugins correctly. Refer to your registry documentation to add support for jitpack.io"
+              "2. Private dependencies cannot be downloaded: Check if any additional arguments must be passed to maven and set them via MVN_ARGS environment variable."
             );
             console.log(
-              "3. Check if all required environment variables including any maven profile arguments are passed correctly to this tool"
+              "3. Check if all required environment variables including any maven profile arguments are passed correctly to this tool."
             );
             // Do not fall back to methods that can produce incomplete results when failOnError is set
             options.failOnError && process.exit(1);
@@ -1125,7 +1153,7 @@ const createJavaBom = async (path, options) => {
             console.error(result.stdout, result.stderr);
           }
           console.log(
-            "1. Check if the correct version of java and gradle are installed and available in PATH. For example, some project might require Java 11 with gradle 7."
+            "1. Check if the correct version of java and gradle are installed and available in PATH. For example, some project might require Java 11 with gradle 7.\n cdxgen container image bundles Java 17 with gradle 8 which might be incompatible."
           );
           options.failOnError && process.exit(1);
         }
@@ -1251,7 +1279,7 @@ const createJavaBom = async (path, options) => {
             }
             if (DEBUG_MODE || !result.stderr || options.failOnError) {
               console.log(
-                "1. Check if the correct version of java and gradle are installed and available in PATH. For example, some project might require Java 11 with gradle 7."
+                "1. Check if the correct version of java and gradle are installed and available in PATH. For example, some project might require Java 11 with gradle 7.\n cdxgen container image bundles Java 17 with gradle 8 which might be incompatible."
               );
               console.log(
                 "2. When using tools such as sdkman, the init script must be invoked to set the PATH variables correctly."
@@ -2805,6 +2833,91 @@ const createHelmBom = async (path, options) => {
   return {};
 };
 
+/**
+ * Function to create bom string for swift projects
+ *
+ * @param path to the project
+ * @param options Parse options from the cli
+ */
+const createSwiftBom = async (path, options) => {
+  const swiftFiles = utils.getAllFiles(
+    path,
+    (options.multiProject ? "**/" : "") + "Package*.swift"
+  );
+  const pkgResolvedFiles = utils.getAllFiles(
+    path,
+    (options.multiProject ? "**/" : "") + "Package.resolved"
+  );
+  let pkgList = [];
+  let dependencies = [];
+  let parentComponent = {};
+  let completedPath = [];
+  if (pkgResolvedFiles.length) {
+    for (let f of pkgResolvedFiles) {
+      if (!parentComponent || !Object.keys(parentComponent).length) {
+        parentComponent = createDefaultParentComponent(f);
+      }
+      if (DEBUG_MODE) {
+        console.log("Parsing", f);
+      }
+      const dlist = utils.parseSwiftResolved(f);
+      if (dlist && dlist.length) {
+        pkgList = pkgList.concat(dlist);
+      }
+    }
+  } else if (swiftFiles.length) {
+    for (let f of swiftFiles) {
+      const basePath = pathLib.dirname(f);
+      if (completedPath.includes(basePath)) {
+        continue;
+      }
+      let treeData = undefined;
+      if (DEBUG_MODE) {
+        console.log("Executing 'swift package show-dependencies' in", basePath);
+      }
+      const result = spawnSync(
+        SWIFT_CMD,
+        ["package", "show-dependencies", "--format", "json"],
+        {
+          cwd: basePath,
+          encoding: "utf-8",
+          timeout: TIMEOUT_MS
+        }
+      );
+      if (result.status === 0 && result.stdout) {
+        completedPath.push(basePath);
+        treeData = Buffer.from(result.stdout).toString();
+        const retData = utils.parseSwiftJsonTree(treeData, f);
+        if (retData.pkgList && retData.pkgList.length) {
+          parentComponent = retData.pkgList.splice(0, 1)[0];
+          parentComponent.type = "application";
+          pkgList = pkgList.concat(retData.pkgList);
+        }
+        if (retData.dependenciesList) {
+          dependencies = mergeDependencies(
+            dependencies,
+            retData.dependenciesList
+          );
+        }
+      } else {
+        if (DEBUG_MODE) {
+          console.log(
+            "Please install swift from https://www.swift.org/download/ or use the cdxgen container image"
+          );
+        }
+        console.error(result.stderr);
+        options.failOnError && process.exit(1);
+      }
+    }
+  }
+  return buildBomNSData(options, pkgList, "swift", {
+    src: path,
+    filename: swiftFiles.join(", "),
+    parentComponent,
+    dependencies
+  });
+};
+
 /**
  * Function to create bom string for docker compose
  *
@@ -4041,6 +4154,19 @@ const createXBom = async (path, options) => {
   if (cbFiles.length) {
     return await createCloudBuildBom(path, options);
   }
+
+  // Swift
+  const swiftFiles = utils.getAllFiles(
+    path,
+    (options.multiProject ? "**/" : "") + "Package*.swift"
+  );
+  const pkgResolvedFiles = utils.getAllFiles(
+    path,
+    (options.multiProject ? "**/" : "") + "Package.resolved"
+  );
+  if (swiftFiles.length || pkgResolvedFiles.length) {
+    return await createSwiftBom(path, options);
+  }
 };
 
 /**
@@ -4287,6 +4413,9 @@ const createBom = async (path, options) => {
     case "cloudbuild":
       options.multiProject = true;
       return await createCloudBuildBom(path, options);
+    case "swift":
+      options.multiProject = true;
+      return await createSwiftBom(path, options);
     default:
       // In recurse mode return multi-language Bom
       // https://github.com/cyclonedx/cdxgen/issues/95

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "8.1.9",
+  "version": "8.2.0",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",

package/utils.js

@@ -377,7 +377,7 @@ const parsePkgLock = async (pkgLockFile) => {
         type: "application"
       };
     }
-    if (rootPkg) {
+    if (rootPkg && rootPkg.name) {
       const purl = new PackageURL(
         "application",
         "",
@@ -1018,7 +1018,7 @@ exports.parsePom = parsePom;
  */
 const parseMavenTree = function (rawOutput) {
   if (!rawOutput) {
-    return [];
+    return {};
   }
   const deps = [];
   const dependenciesList = [];
@@ -1128,7 +1128,7 @@ const parseGradleDep = function (rawOutput) {
     level_trees[last_purl] = [];
     let stack = [last_purl];
     const depRegex =
-      /^.*?--- +(?<group>[^\s:]+):(?<name>[^\s:]+)(?::(?:{strictly )?(?<versionspecified>[^\s:}]+))?(?:})?(?: +-> +(?<versionoverride>[^\s:]+))?/gm;
+      /^.*?--- +(?<group>[^\s:]+):(?<name>[^\s:]+)(?::(?:{strictly [[]?)?(?<versionspecified>[^,\s:}]+))?(?:})?(?:[^->]* +-> +(?<versionoverride>[^\s:]+))?/gm;
     while ((match = depRegex.exec(rawOutput))) {
       const [line, group, name, versionspecified, versionoverride] = match;
       const version = versionoverride || versionspecified;
@@ -3773,6 +3773,207 @@ const convertOSQueryResults = function (queryCategory, queryObj, results) {
 };
 exports.convertOSQueryResults = convertOSQueryResults;
 
+const _swiftDepPkgList = (pkgList, dependenciesList, depKeys, jsonData) => {
+  if (jsonData && jsonData.dependencies) {
+    for (let adep of jsonData.dependencies) {
+      const urlOrPath = adep.url || adep.path;
+      const apkg = {
+        group: adep.identity || "",
+        name: adep.name,
+        version: adep.version
+      };
+      const purl = new PackageURL(
+        "swift",
+        apkg.group,
+        apkg.name,
+        apkg.version,
+        null,
+        null
+      );
+      const purlString = decodeURIComponent(purl.toString());
+      if (urlOrPath) {
+        if (urlOrPath.startsWith("http")) {
+          apkg.repository = { url: urlOrPath };
+          if (apkg.path) {
+            apkg.properties = [
+              {
+                name: "SrcPath",
+                value: apkg.path
+              }
+            ];
+          }
+        } else {
+          apkg.properties = [
+            {
+              name: "SrcPath",
+              value: urlOrPath
+            }
+          ];
+        }
+      }
+      pkgList.push(apkg);
+      // Handle the immediate dependencies before recursing
+      if (adep.dependencies && adep.dependencies.length) {
+        const deplist = [];
+        for (let cdep of adep.dependencies) {
+          const deppurl = new PackageURL(
+            "swift",
+            cdep.identity || "",
+            cdep.name,
+            cdep.version,
+            null,
+            null
+          );
+          const deppurlString = decodeURIComponent(deppurl.toString());
+          deplist.push(deppurlString);
+        }
+        if (!depKeys[purlString]) {
+          dependenciesList.push({
+            ref: purlString,
+            dependsOn: deplist
+          });
+          depKeys[purlString] = true;
+        }
+        if (adep.dependencies && adep.dependencies.length) {
+          _swiftDepPkgList(pkgList, dependenciesList, depKeys, adep);
+        }
+      } else {
+        if (!depKeys[purlString]) {
+          dependenciesList.push({
+            ref: purlString,
+            dependsOn: []
+          });
+          depKeys[purlString] = true;
+        }
+      }
+    }
+  }
+  return { pkgList, dependenciesList };
+};
+
+/**
+ * Parse swift dependency tree output
+ * @param {string} rawOutput Swift dependencies json output
+ * @param {string} pkgFile Package.swift file
+ */
+const parseSwiftJsonTree = (rawOutput, pkgFile) => {
+  if (!rawOutput) {
+    return {};
+  }
+  const pkgList = [];
+  const dependenciesList = [];
+  let depKeys = {};
+  let rootPkg = {};
+  let jsonData = {};
+  try {
+    jsonData = JSON.parse(rawOutput);
+    if (jsonData && jsonData.name) {
+      rootPkg = {
+        group: jsonData.identity || "",
+        name: jsonData.name,
+        version: jsonData.version
+      };
+      const urlOrPath = jsonData.url || jsonData.path;
+      if (urlOrPath) {
+        if (urlOrPath.startsWith("http")) {
+          rootPkg.repository = { url: urlOrPath };
+        } else {
+          rootPkg.properties = [
+            {
+              name: "SrcPath",
+              value: urlOrPath
+            },
+            {
+              name: "SrcFile",
+              value: pkgFile
+            }
+          ];
+        }
+      }
+      const purl = new PackageURL(
+        "application",
+        rootPkg.group,
+        rootPkg.name,
+        rootPkg.version,
+        null,
+        null
+      );
+      const purlString = decodeURIComponent(purl.toString());
+      rootPkg["bom-ref"] = purlString;
+      pkgList.push(rootPkg);
+      const deplist = [];
+      for (const rd of jsonData.dependencies) {
+        const deppurl = new PackageURL(
+          "swift",
+          rd.identity || "",
+          rd.name,
+          rd.version,
+          null,
+          null
+        );
+        const deppurlString = decodeURIComponent(deppurl.toString());
+        deplist.push(deppurlString);
+      }
+      dependenciesList.push({
+        ref: purlString,
+        dependsOn: deplist
+      });
+      _swiftDepPkgList(pkgList, dependenciesList, depKeys, jsonData);
+    }
+  } catch (e) {
+    if (DEBUG_MODE) {
+      console.log(e);
+    }
+    return {};
+  }
+  return {
+    pkgList,
+    dependenciesList
+  };
+};
+exports.parseSwiftJsonTree = parseSwiftJsonTree;
+
+/**
+ * Parse swift package resolved file
+ * @param {string} resolvedFile Package.resolved file
+ */
+const parseSwiftResolved = (resolvedFile) => {
+  const pkgList = [];
+  if (fs.existsSync(resolvedFile)) {
+    try {
+      const pkgData = JSON.parse(fs.readFileSync(resolvedFile, "utf8"));
+      let resolvedList = [];
+      if (pkgData.pins) {
+        resolvedList = pkgData.pins;
+      } else if (pkgData.object && pkgData.object.pins) {
+        resolvedList = pkgData.object.pins;
+      }
+      for (const adep of resolvedList) {
+        const apkg = {
+          name: adep.package || adep.identity,
+          group: "",
+          version: adep.state.version || adep.state.revision,
+          properties: [
+            {
+              name: "SrcFile",
+              value: resolvedFile
+            }
+          ]
+        };
+        const repLocation = adep.location || adep.repositoryURL;
+        if (repLocation) {
+          apkg.repository = { url: repLocation };
+        }
+        pkgList.push(apkg);
+      }
+    } catch (err) {
+      // continue regardless of error
+    }
+  }
+  return pkgList;
+};
+exports.parseSwiftResolved = parseSwiftResolved;
+
 /**
  * Collect maven dependencies
  *

package/utils.test.js

@@ -73,7 +73,7 @@ test("finds license id from name", () => {
 test("parse gradle dependencies", () => {
   expect(utils.parseGradleDep(null)).toEqual({});
   let parsedList = utils.parseGradleDep(
-    fs.readFileSync("./test/gradle-dep.out", (encoding = "utf-8"))
+    fs.readFileSync("./test/gradle-dep.out", { encoding: "utf-8" })
   );
   expect(parsedList.pkgList.length).toEqual(34);
   expect(parsedList.dependenciesList.length).toEqual(34);
@@ -87,7 +87,7 @@ test("parse gradle dependencies", () => {
   });
 
   parsedList = utils.parseGradleDep(
-    fs.readFileSync("./test/data/gradle-android-dep.out", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/gradle-android-dep.out", { encoding: "utf-8" })
   );
   expect(parsedList.pkgList.length).toEqual(106);
   expect(parsedList.dependenciesList.length).toEqual(106);
@@ -116,7 +116,7 @@ test("parse gradle dependencies", () => {
     version: "1.7.0"
   });
   parsedList = utils.parseGradleDep(
-    fs.readFileSync("./test/data/gradle-out1.dep", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/gradle-out1.dep", { encoding: "utf-8" })
   );
   expect(parsedList.pkgList.length).toEqual(90);
   expect(parsedList.dependenciesList.length).toEqual(90);
@@ -126,20 +126,99 @@ test("parse gradle dependencies", () => {
     version: "2.2.0.RELEASE",
     qualifiers: { type: "jar" }
   });
+
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-rich1.dep", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(5);
+  expect(parsedList.pkgList[parsedList.pkgList.length - 1]).toEqual({
+    group: "ch.qos.logback",
+    name: "logback-core",
+    qualifiers: { type: "jar" },
+    version: "1.4.5"
+  });
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-rich2.dep", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(3);
+  expect(parsedList.pkgList).toEqual([
+    {
+      group: "",
+      name: "root",
+      qualifiers: { type: "jar" },
+      type: "maven",
+      version: "latest"
+    },
+    {
+      group: "io.appium",
+      name: "java-client",
+      qualifiers: { type: "jar" },
+      version: "8.1.1"
+    },
+    {
+      group: "org.seleniumhq.selenium",
+      name: "selenium-support",
+      qualifiers: { type: "jar" },
+      version: "4.5.0"
+    }
+  ]);
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-rich3.dep", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(2);
+  expect(parsedList.pkgList).toEqual([
+    {
+      group: "",
+      name: "root",
+      version: "latest",
+      type: "maven",
+      qualifiers: { type: "jar" }
+    },
+    {
+      group: "org.seleniumhq.selenium",
+      name: "selenium-remote-driver",
+      version: "4.5.0",
+      qualifiers: { type: "jar" }
+    }
+  ]);
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-rich4.dep", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(2);
+  expect(parsedList.pkgList).toEqual([
+    {
+      group: "",
+      name: "root",
+      version: "latest",
+      type: "maven",
+      qualifiers: { type: "jar" }
+    },
+    {
+      group: "org.seleniumhq.selenium",
+      name: "selenium-api",
+      version: "4.5.0",
+      qualifiers: { type: "jar" }
+    }
+  ]);
+  parsedList = utils.parseGradleDep(
+    fs.readFileSync("./test/data/gradle-rich5.dep", { encoding: "utf-8" })
+  );
+  expect(parsedList.pkgList.length).toEqual(68);
+  expect(parsedList.dependenciesList.length).toEqual(69);
 });
 
 test("parse gradle projects", () => {
   expect(utils.parseGradleProjects(null)).toEqual([]);
   let proj_list = utils.parseGradleProjects(
-    fs.readFileSync("./test/data/gradle-projects.out", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/gradle-projects.out", { encoding: "utf-8" })
   );
   expect(proj_list.length).toEqual(9);
 });
 
 test("parse maven tree", () => {
-  expect(utils.parseMavenTree(null)).toEqual([]);
+  expect(utils.parseMavenTree(null)).toEqual({});
   let parsedList = utils.parseMavenTree(
-    fs.readFileSync("./test/data/sample-mvn-tree.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/sample-mvn-tree.txt", { encoding: "utf-8" })
   );
   expect(parsedList.pkgList.length).toEqual(59);
   expect(parsedList.dependenciesList.length).toEqual(59);
@@ -173,7 +252,9 @@ test("parse maven tree", () => {
     ]
   });
   parsedList = utils.parseMavenTree(
-    fs.readFileSync("./test/data/mvn-dep-tree-simple.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/mvn-dep-tree-simple.txt", {
+      encoding: "utf-8"
+    })
   );
   expect(parsedList.pkgList.length).toEqual(27);
   expect(parsedList.dependenciesList.length).toEqual(27);
@@ -284,7 +365,7 @@ test("parseGoModData", async () => {
       "sha256-6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg="
   };
   dep_list = await utils.parseGoModData(
-    fs.readFileSync("./test/gomod/go.mod", (encoding = "utf-8")),
+    fs.readFileSync("./test/gomod/go.mod", { encoding: "utf-8" }),
     gosumMap
   );
   expect(dep_list.length).toEqual(4);
@@ -326,7 +407,7 @@ test("parseGoSumData", async () => {
   let dep_list = await utils.parseGoModData(null);
   expect(dep_list).toEqual([]);
   dep_list = await utils.parseGosumData(
-    fs.readFileSync("./test/gomod/go.sum", (encoding = "utf-8"))
+    fs.readFileSync("./test/gomod/go.sum", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(4);
   expect(dep_list[0]).toEqual({
@@ -364,7 +445,7 @@ test("parseGoSumData", async () => {
 
 test("parse go list dependencies", async () => {
   let dep_list = await utils.parseGoListDep(
-    fs.readFileSync("./test/data/golist-dep.txt", (encoding = "utf-8")),
+    fs.readFileSync("./test/data/golist-dep.txt", { encoding: "utf-8" }),
     {}
   );
   expect(dep_list.length).toEqual(8);
@@ -377,11 +458,11 @@ test("parse go list dependencies", async () => {
 
 test("parse go mod why dependencies", () => {
   let pkg_name = utils.parseGoModWhy(
-    fs.readFileSync("./test/data/gomodwhy.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/gomodwhy.txt", { encoding: "utf-8" })
   );
   expect(pkg_name).toEqual("github.com/mailgun/mailgun-go/v4");
   pkg_name = utils.parseGoModWhy(
-    fs.readFileSync("./test/data/gomodwhynot.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/gomodwhynot.txt", { encoding: "utf-8" })
   );
   expect(pkg_name).toBeUndefined();
 });
@@ -391,7 +472,7 @@ test("parseGopkgData", async () => {
   let dep_list = await utils.parseGopkgData(null);
   expect(dep_list).toEqual([]);
   dep_list = await utils.parseGopkgData(
-    fs.readFileSync("./test/gopkg/Gopkg.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/gopkg/Gopkg.lock", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(36);
   expect(dep_list[0]).toEqual({
@@ -407,7 +488,7 @@ test("parseGopkgData", async () => {
 
 test("parse go version data", async () => {
   let dep_list = await utils.parseGoVersionData(
-    fs.readFileSync("./test/data/goversion.txt", (encoding = "utf-8")),
+    fs.readFileSync("./test/data/goversion.txt", { encoding: "utf-8" }),
     {}
   );
   expect(dep_list.length).toEqual(125);
@@ -419,7 +500,7 @@ test("parse go version data", async () => {
     license: undefined
   });
   dep_list = await utils.parseGoVersionData(
-    fs.readFileSync("./test/data/goversion2.txt", (encoding = "utf-8")),
+    fs.readFileSync("./test/data/goversion2.txt", { encoding: "utf-8" }),
     {}
   );
   expect(dep_list.length).toEqual(149);
@@ -435,7 +516,7 @@ test("parse go version data", async () => {
 test("parse cargo lock", async () => {
   expect(await utils.parseCargoData(null)).toEqual([]);
   dep_list = await utils.parseCargoData(
-    fs.readFileSync("./test/Cargo.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/Cargo.lock", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(224);
   expect(dep_list[0]).toEqual({
@@ -446,7 +527,7 @@ test("parse cargo lock", async () => {
       "sha384-6a07677093120a02583717b6dd1ef81d8de1e8d01bd226c83f0f9bdf3e56bb3a"
   });
   dep_list = await utils.parseCargoData(
-    fs.readFileSync("./test/data/Cargom.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/Cargom.lock", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(242);
   expect(dep_list[0]).toEqual({
@@ -461,7 +542,7 @@ test("parse cargo lock", async () => {
 test("parse cargo toml", async () => {
   expect(await utils.parseCargoTomlData(null)).toEqual([]);
   dep_list = await utils.parseCargoTomlData(
-    fs.readFileSync("./test/data/Cargo1.toml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/Cargo1.toml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(4);
   expect(dep_list).toEqual([
@@ -471,7 +552,7 @@ test("parse cargo toml", async () => {
     { name: "cfg-if", version: "0.1.8" }
   ]);
   dep_list = await utils.parseCargoTomlData(
-    fs.readFileSync("./test/data/Cargo2.toml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/Cargo2.toml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(3);
   expect(dep_list).toEqual([
@@ -487,7 +568,7 @@ test("parse cargo toml", async () => {
 test("parse cargo auditable data", async () => {
   expect(await utils.parseCargoAuditableData(null)).toEqual([]);
   dep_list = await utils.parseCargoAuditableData(
-    fs.readFileSync("./test/data/cargo-auditable.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/cargo-auditable.txt", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(32);
   expect(dep_list[0]).toEqual({
@@ -527,7 +608,7 @@ test("get crates metadata", async () => {
 test("parse pub lock", async () => {
   expect(await utils.parsePubLockData(null)).toEqual([]);
   dep_list = await utils.parsePubLockData(
-    fs.readFileSync("./test/data/pubspec.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/pubspec.lock", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(26);
   expect(dep_list[0]).toEqual({
@@ -535,7 +616,7 @@ test("parse pub lock", async () => {
     version: "2.8.2"
   });
   dep_list = await utils.parsePubYamlData(
-    fs.readFileSync("./test/data/pubspec.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/pubspec.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(1);
   expect(dep_list[0]).toEqual({
@@ -574,7 +655,7 @@ test("get dart metadata", async () => {
 test("parse cabal freeze", async () => {
   expect(await utils.parseCabalData(null)).toEqual([]);
   dep_list = await utils.parseCabalData(
-    fs.readFileSync("./test/data/cabal.project.freeze", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/cabal.project.freeze", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(24);
   expect(dep_list[0]).toEqual({
@@ -582,7 +663,7 @@ test("parse cabal freeze", async () => {
     version: "0.11.3"
   });
   dep_list = await utils.parseCabalData(
-    fs.readFileSync("./test/data/cabal-2.project.freeze", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/cabal-2.project.freeze", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(366);
   expect(dep_list[0]).toEqual({
@@ -594,7 +675,7 @@ test("parse cabal freeze", async () => {
 test("parse conan data", async () => {
   expect(await utils.parseConanLockData(null)).toEqual([]);
   dep_list = await utils.parseConanLockData(
-    fs.readFileSync("./test/data/conan.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/conan.lock", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(3);
   expect(dep_list[0]).toEqual({
@@ -603,7 +684,7 @@ test("parse conan data", async () => {
   });
 
   dep_list = await utils.parseConanData(
-    fs.readFileSync("./test/data/conanfile.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/conanfile.txt", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(3);
   expect(dep_list[0]).toEqual({
@@ -615,7 +696,7 @@ test("parse conan data", async () => {
 test("parse clojure data", () => {
   expect(utils.parseLeiningenData(null)).toEqual([]);
   let dep_list = utils.parseLeiningenData(
-    fs.readFileSync("./test/data/project.clj", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/project.clj", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(14);
   expect(dep_list[0]).toEqual({
@@ -624,7 +705,7 @@ test("parse clojure data", () => {
     version: "2.9.9-SNAPSHOT"
   });
   dep_list = utils.parseLeiningenData(
-    fs.readFileSync("./test/data/project.clj.1", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/project.clj.1", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(17);
   expect(dep_list[0]).toEqual({
@@ -633,7 +714,7 @@ test("parse clojure data", () => {
     version: "1.9.0"
   });
   dep_list = utils.parseLeiningenData(
-    fs.readFileSync("./test/data/project.clj.2", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/project.clj.2", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(49);
   expect(dep_list[0]).toEqual({
@@ -642,7 +723,7 @@ test("parse clojure data", () => {
     version: "2.1.6"
   });
   dep_list = utils.parseEdnData(
-    fs.readFileSync("./test/data/deps.edn", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/deps.edn", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(20);
   expect(dep_list[0]).toEqual({
@@ -651,7 +732,7 @@ test("parse clojure data", () => {
     version: "1.10.3"
   });
   dep_list = utils.parseEdnData(
-    fs.readFileSync("./test/data/deps.edn.1", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/deps.edn.1", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(11);
   expect(dep_list[0]).toEqual({
@@ -660,7 +741,7 @@ test("parse clojure data", () => {
     version: "1.11.0-beta1"
   });
   dep_list = utils.parseEdnData(
-    fs.readFileSync("./test/data/deps.edn.2", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/deps.edn.2", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(5);
   expect(dep_list[0]).toEqual({
@@ -669,7 +750,7 @@ test("parse clojure data", () => {
     version: "1.2.1"
   });
   dep_list = utils.parseCljDep(
-    fs.readFileSync("./test/data/clj-tree.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/clj-tree.txt", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(253);
   expect(dep_list[0]).toEqual({
@@ -679,7 +760,7 @@ test("parse clojure data", () => {
   });
 
   dep_list = utils.parseLeinDep(
-    fs.readFileSync("./test/data/lein-tree.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/lein-tree.txt", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(47);
   expect(dep_list[0]).toEqual({
@@ -692,7 +773,7 @@ test("parse clojure data", () => {
 test("parse mix lock data", async () => {
   expect(await utils.parseMixLockData(null)).toEqual([]);
   dep_list = await utils.parseMixLockData(
-    fs.readFileSync("./test/data/mix.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/mix.lock", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(16);
   expect(dep_list[0]).toEqual({
@@ -700,7 +781,7 @@ test("parse mix lock data", async () => {
     version: "1.7.0"
   });
   dep_list = await utils.parseMixLockData(
-    fs.readFileSync("./test/data/mix.lock.1", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/mix.lock.1", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(23);
   expect(dep_list[0]).toEqual({
@@ -712,7 +793,7 @@ test("parse mix lock data", async () => {
 test("parse github actions workflow data", async () => {
   expect(await utils.parseGitHubWorkflowData(null)).toEqual([]);
   dep_list = await utils.parseGitHubWorkflowData(
-    fs.readFileSync("./.github/workflows/nodejs.yml", (encoding = "utf-8"))
+    fs.readFileSync("./.github/workflows/nodejs.yml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(3);
   expect(dep_list[0]).toEqual({
@@ -721,16 +802,18 @@ test("parse github actions workflow data", async () => {
     version: "v3"
   });
   dep_list = await utils.parseGitHubWorkflowData(
-    fs.readFileSync("./.github/workflows/repotests.yml", (encoding = "utf-8"))
+    fs.readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" })
   );
-  expect(dep_list.length).toEqual(4);
+  expect(dep_list.length).toEqual(5);
   expect(dep_list[0]).toEqual({
     group: "actions",
     name: "checkout",
     version: "v3"
   });
   dep_list = await utils.parseGitHubWorkflowData(
-    fs.readFileSync("./.github/workflows/app-release.yml", (encoding = "utf-8"))
+    fs.readFileSync("./.github/workflows/app-release.yml", {
+      encoding: "utf-8"
+    })
   );
   expect(dep_list.length).toEqual(4);
 });
@@ -738,7 +821,7 @@ test("parse github actions workflow data", async () => {
 test("parse cs pkg data", async () => {
   expect(await utils.parseCsPkgData(null)).toEqual([]);
   const dep_list = await utils.parseCsPkgData(
-    fs.readFileSync("./test/data/packages.config", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/packages.config", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(21);
   expect(dep_list[0]).toEqual({
@@ -751,7 +834,7 @@ test("parse cs pkg data", async () => {
 test("parse cs pkg data 2", async () => {
   expect(await utils.parseCsPkgData(null)).toEqual([]);
   const dep_list = await utils.parseCsPkgData(
-    fs.readFileSync("./test/data/packages2.config", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/packages2.config", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(1);
   expect(dep_list[0]).toEqual({
@@ -764,7 +847,7 @@ test("parse cs pkg data 2", async () => {
 test("parse cs proj", async () => {
   expect(await utils.parseCsProjData(null)).toEqual([]);
   const dep_list = await utils.parseCsProjData(
-    fs.readFileSync("./test/sample.csproj", (encoding = "utf-8"))
+    fs.readFileSync("./test/sample.csproj", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(5);
   expect(dep_list[0]).toEqual({
@@ -777,7 +860,7 @@ test("parse cs proj", async () => {
 test("parse project.assets.json", async () => {
   expect(await utils.parseCsProjAssetsData(null)).toEqual([]);
   const dep_list = await utils.parseCsProjAssetsData(
-    fs.readFileSync("./test/data/project.assets.json", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/project.assets.json", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(142);
   expect(dep_list[0]).toEqual({
@@ -792,7 +875,7 @@ test("parse project.assets.json", async () => {
 test("parse packages.lock.json", async () => {
   expect(await utils.parseCsPkgLockData(null)).toEqual([]);
   const dep_list = await utils.parseCsPkgLockData(
-    fs.readFileSync("./test/data/packages.lock.json", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/packages.lock.json", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(14);
   expect(dep_list[0]).toEqual({
@@ -805,7 +888,7 @@ test("parse packages.lock.json", async () => {
 test("parse .net cs proj", async () => {
   expect(await utils.parseCsProjData(null)).toEqual([]);
   const dep_list = await utils.parseCsProjData(
-    fs.readFileSync("./test/data/sample-dotnet.csproj", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/sample-dotnet.csproj", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(19);
   expect(dep_list[0]).toEqual({
@@ -1326,7 +1409,7 @@ test("parseComposerLock", () => {
 
 test("parseGemfileLockData", async () => {
   let deps = await utils.parseGemfileLockData(
-    fs.readFileSync("./test/data/Gemfile.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/Gemfile.lock", { encoding: "utf-8" })
   );
   expect(deps.length).toEqual(140);
   expect(deps[0]).toEqual({
@@ -1337,7 +1420,7 @@ test("parseGemfileLockData", async () => {
 
 test("parseGemspecData", async () => {
   let deps = await utils.parseGemspecData(
-    fs.readFileSync("./test/data/xmlrpc.gemspec", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/xmlrpc.gemspec", { encoding: "utf-8" })
   );
   expect(deps.length).toEqual(1);
   expect(deps[0]).toEqual({
@@ -1351,14 +1434,15 @@ test("parseGemspecData", async () => {
 test("parse requirements.txt", async () => {
   jest.setTimeout(120000);
   let deps = await utils.parseReqFile(
-    fs.readFileSync(
-      "./test/data/requirements.comments.txt",
-      (encoding = "utf-8")
-    )
+    fs.readFileSync("./test/data/requirements.comments.txt", {
+      encoding: "utf-8"
+    })
   );
   expect(deps.length).toEqual(31);
   deps = await utils.parseReqFile(
-    fs.readFileSync("./test/data/requirements.freeze.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/requirements.freeze.txt", {
+      encoding: "utf-8"
+    })
   );
   expect(deps.length).toEqual(113);
   expect(deps[0]).toEqual({
@@ -1371,18 +1455,18 @@ test("parse requirements.txt", async () => {
 test("parse poetry.lock", async () => {
   jest.setTimeout(120000);
   let deps = await utils.parsePoetrylockData(
-    fs.readFileSync("./test/data/poetry.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/poetry.lock", { encoding: "utf-8" })
   );
   expect(deps.length).toEqual(31);
   deps = await utils.parsePoetrylockData(
-    fs.readFileSync("./test/data/poetry1.lock", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/poetry1.lock", { encoding: "utf-8" })
   );
   expect(deps.length).toEqual(67);
 });
 
 test("parse wheel metadata", () => {
   let deps = utils.parseBdistMetadata(
-    fs.readFileSync("./test/data/METADATA", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/METADATA", { encoding: "utf-8" })
   );
   expect(deps.length).toEqual(1);
   expect(deps[0]).toEqual({
@@ -1394,10 +1478,9 @@ test("parse wheel metadata", () => {
     repository: { url: "https://github.com/adrienverge/yamllint" }
   });
   deps = utils.parseBdistMetadata(
-    fs.readFileSync(
-      "./test/data/mercurial-5.5.2-py3.8.egg-info",
-      (encoding = "utf-8")
-    )
+    fs.readFileSync("./test/data/mercurial-5.5.2-py3.8.egg-info", {
+      encoding: "utf-8"
+    })
   );
   expect(deps.length).toEqual(1);
   expect(deps[0]).toEqual({
@@ -1431,7 +1514,7 @@ test("parse pipfile.lock with hashes", async () => {
   jest.setTimeout(120000);
   let deps = await utils.parsePiplockData(
     JSON.parse(
-      fs.readFileSync("./test/data/Pipfile.lock", (encoding = "utf-8"))
+      fs.readFileSync("./test/data/Pipfile.lock", { encoding: "utf-8" })
     )
   );
   expect(deps.length).toEqual(46);
@@ -1457,7 +1540,7 @@ test("parse nupkg file", async () => {
 
 test("parse bazel skyframe", () => {
   let deps = utils.parseBazelSkyframe(
-    fs.readFileSync("./test/data/bazel/bazel-state.txt", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/bazel/bazel-state.txt", { encoding: "utf-8" })
   );
   expect(deps.length).toEqual(16);
   expect(deps[0].name).toEqual("guava");
@@ -1465,7 +1548,7 @@ test("parse bazel skyframe", () => {
 
 test("parse bazel build", () => {
   let projs = utils.parseBazelBuild(
-    fs.readFileSync("./test/data/bazel/BUILD", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/bazel/BUILD", { encoding: "utf-8" })
   );
   expect(projs.length).toEqual(2);
   expect(projs[0]).toEqual("java-maven-lib");
@@ -1473,7 +1556,7 @@ test("parse bazel build", () => {
 
 test("parse helm charts", async () => {
   let dep_list = await utils.parseHelmYamlData(
-    fs.readFileSync("./test/data/Chart.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/Chart.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(3);
   expect(dep_list[0]).toEqual({
@@ -1485,10 +1568,9 @@ test("parse helm charts", async () => {
     }
   });
   dep_list = await utils.parseHelmYamlData(
-    fs.readFileSync(
-      "./test/data/prometheus-community-index.yaml",
-      (encoding = "utf-8")
-    )
+    fs.readFileSync("./test/data/prometheus-community-index.yaml", {
+      encoding: "utf-8"
+    })
   );
   expect(dep_list.length).toEqual(1836);
   expect(dep_list[0]).toEqual({
@@ -1505,25 +1587,25 @@ test("parse helm charts", async () => {
 
 test("parse container spec like files", async () => {
   let dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/docker-compose.yml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/docker-compose.yml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(4);
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/docker-compose-ng.yml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/docker-compose-ng.yml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(8);
   expect(dep_list[0]).toEqual({
     service: "frontend"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/docker-compose-cr.yml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/docker-compose-cr.yml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(14);
   expect(dep_list[0]).toEqual({
     service: "crapi-identity"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/tekton-task.yml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/tekton-task.yml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(2);
   expect(dep_list[0]).toEqual({
@@ -1531,7 +1613,7 @@ test("parse container spec like files", async () => {
       "docker.io/amazon/aws-cli:2.0.52@sha256:1506cec98a7101c935176d440a14302ea528b8f92fcaf4a6f1ea2d7ecef7edc4"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/postgrescluster.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/postgrescluster.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(6);
   expect(dep_list[0]).toEqual({
@@ -1539,49 +1621,49 @@ test("parse container spec like files", async () => {
       "registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-14.5-1"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/deployment.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/deployment.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(2);
   expect(dep_list[0]).toEqual({
     image: "node-typescript-example"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/skaffold.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/skaffold.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(6);
   expect(dep_list[0]).toEqual({
     image: "leeroy-web"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/skaffold-ms.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/skaffold-ms.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(22);
   expect(dep_list[0]).toEqual({
     image: "emailservice"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/emailservice.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/emailservice.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(2);
   expect(dep_list[0]).toEqual({
     image: "emailservice"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/redis.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/redis.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(2);
   expect(dep_list[0]).toEqual({
     image: "redis:alpine"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/adservice.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/adservice.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(2);
   expect(dep_list[0]).toEqual({
     image: "gcr.io/google-samples/microservices-demo/adservice:v0.4.1"
   });
   dep_list = await utils.parseContainerSpecData(
-    fs.readFileSync("./test/data/kustomization.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/kustomization.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(22);
   expect(dep_list[0]).toEqual({
@@ -1592,7 +1674,7 @@ test("parse container spec like files", async () => {
 test("parse cloudbuild data", async () => {
   expect(await utils.parseCloudBuildData(null)).toEqual([]);
   dep_list = await utils.parseCloudBuildData(
-    fs.readFileSync("./test/data/cloudbuild.yaml", (encoding = "utf-8"))
+    fs.readFileSync("./test/data/cloudbuild.yaml", { encoding: "utf-8" })
   );
   expect(dep_list.length).toEqual(1);
   expect(dep_list[0]).toEqual({
@@ -1612,10 +1694,9 @@ test("parse privado files", () => {
 
 test("parse openapi spec files", async () => {
   let aservice = await utils.parseOpenapiSpecData(
-    fs.readFileSync(
-      "./test/data/openapi/openapi-spec.json",
-      (encoding = "utf-8")
-    )
+    fs.readFileSync("./test/data/openapi/openapi-spec.json", {
+      encoding: "utf-8"
+    })
   );
   expect(aservice.length).toEqual(1);
   expect(aservice[0]).toEqual({
@@ -1667,10 +1748,9 @@ test("parse openapi spec files", async () => {
     authenticated: true
   });
   aservice = await utils.parseOpenapiSpecData(
-    fs.readFileSync(
-      "./test/data/openapi/openapi-oai.yaml",
-      (encoding = "utf-8")
-    )
+    fs.readFileSync("./test/data/openapi/openapi-oai.yaml", {
+      encoding: "utf-8"
+    })
   );
   expect(aservice.length).toEqual(1);
   expect(aservice[0]).toEqual({
@@ -1704,3 +1784,98 @@ test("parse openapi spec files", async () => {
     authenticated: false
   });
 });
+
+test("parse swift deps files", () => {
+  expect(utils.parseSwiftJsonTree(null, "./test/data/swift-deps.json")).toEqual(
+    {}
+  );
+  let retData = utils.parseSwiftJsonTree(
+    fs.readFileSync("./test/data/swift-deps.json", { encoding: "utf-8" }),
+    "./test/data/swift-deps.json"
+  );
+  expect(retData.pkgList.length).toEqual(5);
+  expect(retData.pkgList[0]).toEqual({
+    group: "swift-markdown",
+    name: "swift-markdown",
+    version: "unspecified",
+    properties: [
+      { name: "SrcPath", value: "/Volumes/Work/sandbox/swift-markdown" },
+      { name: "SrcFile", value: "./test/data/swift-deps.json" }
+    ],
+    "bom-ref": "pkg:application/swift-markdown/swift-markdown@unspecified"
+  });
+  expect(retData.dependenciesList.length).toEqual(5);
+  expect(retData.dependenciesList[0]).toEqual({
+    ref: "pkg:application/swift-markdown/swift-markdown@unspecified",
+    dependsOn: [
+      "pkg:swift/swift-cmark/cmark-gfm@unspecified",
+      "pkg:swift/swift-argument-parser/swift-argument-parser@1.0.3",
+      "pkg:swift/swift-docc-plugin/SwiftDocCPlugin@1.1.0"
+    ]
+  });
+  expect(retData.dependenciesList[retData.dependenciesList.length - 1]).toEqual(
+    {
+      ref: "pkg:swift/swift-docc-symbolkit/SymbolKit@1.0.0",
+      dependsOn: []
+    }
+  );
+  retData = utils.parseSwiftJsonTree(
+    fs.readFileSync("./test/data/swift-deps1.json", { encoding: "utf-8" }),
+    "./test/data/swift-deps.json"
+  );
+  expect(retData.pkgList.length).toEqual(5);
+  expect(retData.pkgList[0]).toEqual({
+    group: "swift-certificates",
+    name: "swift-certificates",
+    version: "unspecified",
+    properties: [
+      {
+        name: "SrcPath",
+        value: "/Volumes/Work/sandbox/swift-certificates"
+      },
+      { name: "SrcFile", value: "./test/data/swift-deps.json" }
+    ],
+    "bom-ref":
+      "pkg:application/swift-certificates/swift-certificates@unspecified"
+  });
+  expect(retData.dependenciesList).toEqual([
+    {
+      ref: "pkg:application/swift-certificates/swift-certificates@unspecified",
+      dependsOn: ["pkg:swift/swift-crypto/swift-crypto@2.4.0"]
+    },
+    {
+      ref: "pkg:swift/swift-crypto/swift-crypto@2.4.0",
+      dependsOn: ["pkg:swift/swift-asn1/swift-asn1@0.7.0"]
+    },
+    {
+      ref: "pkg:swift/swift-asn1/swift-asn1@0.7.0",
+      dependsOn: ["pkg:swift/swift-docc-plugin/SwiftDocCPlugin@1.1.0"]
+    },
+    {
+      ref: "pkg:swift/swift-docc-plugin/SwiftDocCPlugin@1.1.0",
+      dependsOn: ["pkg:swift/swift-docc-symbolkit/SymbolKit@1.0.0"]
+    },
+    {
+      ref: "pkg:swift/swift-docc-symbolkit/SymbolKit@1.0.0",
+      dependsOn: []
+    }
+  ]);
+  let pkgList = utils.parseSwiftResolved("./test/data/Package.resolved");
+  expect(pkgList.length).toEqual(4);
+  expect(pkgList[0]).toEqual({
+    name: "swift-argument-parser",
+    group: "",
+    version: "1.0.3",
+    properties: [{ name: "SrcFile", value: "./test/data/Package.resolved" }],
+    repository: { url: "https://github.com/apple/swift-argument-parser" }
+  });
+  pkgList = utils.parseSwiftResolved("./test/data/Package2.resolved");
+  expect(pkgList.length).toEqual(4);
+  expect(pkgList[0]).toEqual({
+    name: "swift-argument-parser",
+    group: "",
+    version: "1.2.2",
+    properties: [{ name: "SrcFile", value: "./test/data/Package2.resolved" }],
+    repository: { url: "https://github.com/apple/swift-argument-parser.git" }
+  });
+});