@cyclonedx/cdxgen 8.2.1 → 8.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -166,7 +166,7 @@ cdxgen --server
166
166
  Or use the container image.
167
167
 
168
168
  ```bash
169
- docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen -r /app --server
169
+ docker run --rm -v /tmp:/tmp -p 9090:9090 -v $(pwd):/app:rw -t ghcr.io/cyclonedx/cdxgen -r /app --server --server-host 0.0.0.0
170
170
  ```
171
171
 
172
172
  Use curl or your favourite tool to pass arguments to the `/sbom` route.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@cyclonedx/cdxgen",
3
- "version": "8.2.1",
3
+ "version": "8.2.2",
4
4
  "description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
5
5
  "homepage": "http://github.com/cyclonedx/cdxgen",
6
6
  "author": "Prabhu Subramanian <prabhu@appthreat.com>",
package/utils.js CHANGED
@@ -754,11 +754,15 @@ const parsePnpmLock = async function (pnpmLock, parentComponent = null) {
754
754
  const ddeps = yamlObj.dependencies || {};
755
755
  const ddeplist = [];
756
756
  for (const dk of Object.keys(ddeps)) {
757
+ let version = ddeps[dk];
758
+ if (typeof version === "object" && version.version) {
759
+ version = version.version;
760
+ }
757
761
  const dpurl = new PackageURL(
758
762
  "npm",
759
763
  "",
760
764
  dk,
761
- ddeps[dk],
765
+ version,
762
766
  null,
763
767
  null
764
768
  ).toString();
@@ -769,10 +773,12 @@ const parsePnpmLock = async function (pnpmLock, parentComponent = null) {
769
773
  dependsOn: ddeplist
770
774
  });
771
775
  }
776
+ const lockfileVersion = yamlObj.lockfileVersion;
772
777
  const packages = yamlObj.packages;
773
778
  const pkgKeys = Object.keys(packages);
774
779
  for (var k in pkgKeys) {
775
780
  // Eg: @babel/code-frame/7.10.1
781
+ // In lockfileVersion 6, /@babel/code-frame@7.18.6
776
782
  const fullName = pkgKeys[k].replace("/@", "@");
777
783
  const parts = fullName.split("/");
778
784
  const integrity = packages[pkgKeys[k]].resolution.integrity;
@@ -782,13 +788,22 @@ const parsePnpmLock = async function (pnpmLock, parentComponent = null) {
782
788
  let name = "";
783
789
  let version = "";
784
790
  let group = "";
785
- if (parts.length === 2) {
786
- name = parts[0];
787
- version = parts[1];
788
- } else if (parts.length === 3) {
791
+ if (lockfileVersion === "6.0" && fullName.includes("@")) {
792
+ const tmpA = parts[parts.length - 1].split("@");
789
793
  group = parts[0];
790
- name = parts[1];
791
- version = parts[2];
794
+ if (parts.length === 2 && tmpA.length > 1) {
795
+ name = tmpA[0];
796
+ version = tmpA[1];
797
+ }
798
+ } else {
799
+ if (parts.length === 2) {
800
+ name = parts[0];
801
+ version = parts[1];
802
+ } else if (parts.length === 3) {
803
+ group = parts[0];
804
+ name = parts[1];
805
+ version = parts[2];
806
+ }
792
807
  }
793
808
  if (group !== "@types" && name.indexOf("file:") !== 0) {
794
809
  const purlString = new PackageURL(
package/utils.test.js CHANGED
@@ -1193,6 +1193,28 @@ test("parsePnpmLock", async () => {
1193
1193
 
1194
1194
  parsedList = await utils.parsePnpmLock("./test/data/pnpm-lock4.yaml");
1195
1195
  expect(parsedList.pkgList.length).toEqual(1);
1196
+
1197
+ parsedList = await utils.parsePnpmLock("./test/data/pnpm-lock6.yaml");
1198
+ expect(parsedList.pkgList.length).toEqual(195);
1199
+ expect(parsedList.dependenciesList.length).toEqual(195);
1200
+ expect(parsedList.pkgList[0]).toEqual({
1201
+ group: "@babel",
1202
+ name: "code-frame",
1203
+ version: "7.18.6",
1204
+ scope: "optional",
1205
+ _integrity:
1206
+ "sha512-TDCmlK5eOvH+eH7cdAFlNXeVJqWIQ7gW9tY1GJIpUtFb6CmjVyq2VM3u71bOyR8CRihcCgMUYoDNyLXao3+70Q==",
1207
+ properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }]
1208
+ });
1209
+ expect(parsedList.pkgList[parsedList.pkgList.length - 1]).toEqual({
1210
+ group: "",
1211
+ name: "yargs",
1212
+ version: "17.7.1",
1213
+ scope: "optional",
1214
+ _integrity:
1215
+ "sha512-cwiTb08Xuv5fqF4AovYacTFNxk62th7LKJ6BL9IGUpTJrWoU7/7WdQGTP2SjKf1dUNBGzDd28p/Yfs/GI6JrLw==",
1216
+ properties: [{ name: "SrcFile", value: "./test/data/pnpm-lock6.yaml" }]
1217
+ });
1196
1218
  });
1197
1219
 
1198
1220
  test("parseYarnLock", async () => {