@cyclonedx/cdxgen 8.2.0 → 8.2.1

package/binary.js

@@ -312,7 +312,9 @@ const getOSPackages = (src) => {
         if (DEBUG_MODE) {
           console.log(`Cleaning up ${tempDir}`);
         }
-        fs.rmSync(tempDir, { recursive: true, force: true });
+        if (fs.rmSync) {
+          fs.rmSync(tempDir, { recursive: true, force: true });
+        }
       }
       if (tmpBom && tmpBom.components) {
         for (const comp of tmpBom.components) {

package/docker.js

@@ -619,7 +619,9 @@ const exportImage = async (fullImageName) => {
       if (DEBUG_MODE) {
         console.log(`Cleaning up ${imageTarFile}`);
       }
-      fs.rmSync(imageTarFile, { force: true });
+      if (fs.rmSync) {
+        fs.rmSync(imageTarFile, { force: true });
+      }
     }
   } else {
     let client = await getConnection();

package/index.js

@@ -519,7 +519,10 @@ function addComponent(
     // Skip @types package for npm
     if (
       ptype == "npm" &&
-      (group === "types" || !name || name.startsWith("@types"))
+      (group === "types" ||
+        group === "@types" ||
+        !name ||
+        name.startsWith("@types"))
     ) {
       return;
     }
@@ -531,7 +534,14 @@ function addComponent(
 
     let purl =
       pkg.purl ||
-      new PackageURL(ptype, group, name, version, pkg.qualifiers, pkg.subpath);
+      new PackageURL(
+        ptype,
+        encodeURIComponent(group),
+        encodeURIComponent(name),
+        version,
+        pkg.qualifiers,
+        pkg.subpath
+      );
     let purlString = purl.toString();
     purlString = decodeURIComponent(purlString);
     let description = { "#cdata": pkg.description };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cyclonedx/cdxgen",
-  "version": "8.2.0",
+  "version": "8.2.1",
   "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
   "homepage": "http://github.com/cyclonedx/cdxgen",
   "author": "Prabhu Subramanian <prabhu@appthreat.com>",

package/server.js

@@ -115,7 +115,7 @@ const start = async (options) => {
       }
     }
     res.end("\n");
-    if (cleanup && srcDir && srcDir.startsWith(os.tmpdir())) {
+    if (cleanup && srcDir && srcDir.startsWith(os.tmpdir()) && fs.rmSync) {
       console.log(`Cleaning up ${srcDir}`);
       fs.rmSync(srcDir, { recursive: true, force: true });
     }

package/utils.js

@@ -4208,6 +4208,7 @@ const extractJarArchive = function (jarFile, tempDir) {
             jarMetadata["Extension-Name"] ||
             jarMetadata["Implementation-Vendor-Id"] ||
             jarMetadata["Bundle-SymbolicName"] ||
+            jarMetadata["Bundle-Vendor"] ||
             jarMetadata["Automatic-Module-Name"];
           let name = "";
           if (
@@ -4274,8 +4275,8 @@ const extractJarArchive = function (jarFile, tempDir) {
           }
           if (name && version) {
             pkgList.push({
-              group: group === "." ? "" : group || "",
-              name: name || "",
+              group: group === "." ? "" : encodeURIComponent(group) || "",
+              name: name ? encodeURIComponent(name) : "",
               version,
               properties: [
                 {

package/utils.test.js

@@ -1214,7 +1214,7 @@ test("parseYarnLock", async () => {
       }
     ]
   });
-
+  expect(parsedList.dependenciesList.length).toEqual(56);
   identMap = utils.yarnLockToIdentMap(
     fs.readFileSync("./test/data/yarn_locks/yarn.lock", "utf8")
   );
@@ -1329,6 +1329,7 @@ test("parseYarnLock", async () => {
   });
   parsedList = await utils.parseYarnLock("./test/data/yarn_locks/yarn4.lock");
   expect(parsedList.pkgList.length).toEqual(1);
+  expect(parsedList.dependenciesList.length).toEqual(1);
   parsedList = await utils.parseYarnLock("./test/data/yarn_locks/yarn-at.lock");
   expect(parsedList.pkgList.length).toEqual(4);
   expect(parsedList.dependenciesList.length).toEqual(4);