@cyclonedx/cdxgen 8.4.3 → 8.4.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +7 -7
- package/utils.js +38 -19
- package/utils.test.js +24 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@cyclonedx/cdxgen",
|
|
3
|
-
"version": "8.4.
|
|
3
|
+
"version": "8.4.6",
|
|
4
4
|
"description": "Creates CycloneDX Software Bill-of-Materials (SBOM) from source or container image",
|
|
5
5
|
"homepage": "http://github.com/cyclonedx/cdxgen",
|
|
6
6
|
"author": "Prabhu Subramanian <prabhu@appthreat.com>",
|
|
@@ -43,14 +43,14 @@
|
|
|
43
43
|
},
|
|
44
44
|
"repository": {
|
|
45
45
|
"type": "git",
|
|
46
|
-
"url": "git+https://github.com/
|
|
46
|
+
"url": "git+https://github.com/CycloneDX/cdxgen"
|
|
47
47
|
},
|
|
48
48
|
"bugs": {
|
|
49
49
|
"url": "https://github.com/cyclonedx/cdxgen/issues"
|
|
50
50
|
},
|
|
51
51
|
"dependencies": {
|
|
52
|
-
"@babel/parser": "^7.21.
|
|
53
|
-
"@babel/traverse": "^7.21.
|
|
52
|
+
"@babel/parser": "^7.21.8",
|
|
53
|
+
"@babel/traverse": "^7.21.5",
|
|
54
54
|
"cheerio": "^1.0.0-rc.12",
|
|
55
55
|
"edn-data": "^1.0.0",
|
|
56
56
|
"glob": "^8.1.0",
|
|
@@ -66,11 +66,11 @@
|
|
|
66
66
|
"semver": "^7.5.0",
|
|
67
67
|
"ssri": "^8.0.1",
|
|
68
68
|
"table": "^6.8.1",
|
|
69
|
-
"tar": "^6.1.
|
|
69
|
+
"tar": "^6.1.14",
|
|
70
70
|
"uuid": "^9.0.0",
|
|
71
71
|
"xml-js": "^1.6.11",
|
|
72
72
|
"xmlbuilder": "^15.1.1",
|
|
73
|
-
"yargs": "^17.7.
|
|
73
|
+
"yargs": "^17.7.2"
|
|
74
74
|
},
|
|
75
75
|
"optionalDependencies": {
|
|
76
76
|
"@cyclonedx/cdxgen-plugins-bin": "^1.1.0",
|
|
@@ -88,7 +88,7 @@
|
|
|
88
88
|
"queries.json"
|
|
89
89
|
],
|
|
90
90
|
"devDependencies": {
|
|
91
|
-
"eslint": "^8.
|
|
91
|
+
"eslint": "^8.40.0",
|
|
92
92
|
"jest": "^26.6.3"
|
|
93
93
|
}
|
|
94
94
|
}
|
package/utils.js
CHANGED
|
@@ -256,18 +256,33 @@ const _getDepPkgList = async function (
|
|
|
256
256
|
depKeys,
|
|
257
257
|
pkg
|
|
258
258
|
) {
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
259
|
+
let pkgDependencies =
|
|
260
|
+
pkg.lockfileVersion && pkg.lockfileVersion >= 3
|
|
261
|
+
? pkg.packages
|
|
262
|
+
: pkg.dependencies;
|
|
263
|
+
if (pkg && pkgDependencies) {
|
|
264
|
+
const pkgKeys = Object.keys(pkgDependencies);
|
|
265
|
+
for (const k of pkgKeys) {
|
|
266
|
+
// Skip the root package in lockFileVersion 3 and above
|
|
267
|
+
if (k === "") {
|
|
268
|
+
continue;
|
|
269
|
+
}
|
|
270
|
+
let name = k;
|
|
271
|
+
const version = pkgDependencies[name].version;
|
|
272
|
+
const purl = new PackageURL(
|
|
273
|
+
"npm",
|
|
274
|
+
"",
|
|
275
|
+
name.replace("node_modules/", ""),
|
|
276
|
+
version,
|
|
277
|
+
null,
|
|
278
|
+
null
|
|
279
|
+
);
|
|
265
280
|
const purlString = decodeURIComponent(purl.toString());
|
|
266
|
-
let scope =
|
|
281
|
+
let scope = pkgDependencies[name].dev === true ? "optional" : undefined;
|
|
267
282
|
const apkg = {
|
|
268
|
-
name,
|
|
283
|
+
name: name.replace("node_modules/", ""),
|
|
269
284
|
version,
|
|
270
|
-
_integrity:
|
|
285
|
+
_integrity: pkgDependencies[name].integrity,
|
|
271
286
|
scope,
|
|
272
287
|
properties: [
|
|
273
288
|
{
|
|
@@ -277,9 +292,9 @@ const _getDepPkgList = async function (
|
|
|
277
292
|
]
|
|
278
293
|
};
|
|
279
294
|
pkgList.push(apkg);
|
|
280
|
-
if (
|
|
295
|
+
if (pkgDependencies[name].dependencies) {
|
|
281
296
|
// Include child dependencies
|
|
282
|
-
const dependencies =
|
|
297
|
+
const dependencies = pkgDependencies[name].dependencies;
|
|
283
298
|
const pkgDepKeys = Object.keys(dependencies);
|
|
284
299
|
const deplist = [];
|
|
285
300
|
for (const j in pkgDepKeys) {
|
|
@@ -288,7 +303,7 @@ const _getDepPkgList = async function (
|
|
|
288
303
|
const deppurl = new PackageURL(
|
|
289
304
|
"npm",
|
|
290
305
|
"",
|
|
291
|
-
depName,
|
|
306
|
+
depName.replace("node_modules/", ""),
|
|
292
307
|
depVersion,
|
|
293
308
|
null,
|
|
294
309
|
null
|
|
@@ -303,13 +318,17 @@ const _getDepPkgList = async function (
|
|
|
303
318
|
});
|
|
304
319
|
depKeys[purlString] = true;
|
|
305
320
|
}
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
309
|
-
|
|
310
|
-
|
|
311
|
-
|
|
312
|
-
|
|
321
|
+
if (pkg.lockfileVersion && pkg.lockfileVersion >= 3) {
|
|
322
|
+
// Do not recurse for lock file v3 and above
|
|
323
|
+
} else {
|
|
324
|
+
await _getDepPkgList(
|
|
325
|
+
pkgLockFile,
|
|
326
|
+
pkgList,
|
|
327
|
+
dependenciesList,
|
|
328
|
+
depKeys,
|
|
329
|
+
pkgDependencies[name]
|
|
330
|
+
);
|
|
331
|
+
}
|
|
313
332
|
} else {
|
|
314
333
|
if (!depKeys[purlString]) {
|
|
315
334
|
dependenciesList.push({
|
package/utils.test.js
CHANGED
|
@@ -1097,6 +1097,30 @@ test("parsePkgLock", async () => {
|
|
|
1097
1097
|
"bom-ref": "pkg:application/MyProject",
|
|
1098
1098
|
name: "MyProject"
|
|
1099
1099
|
});
|
|
1100
|
+
parsedList = await utils.parsePkgLock("./test/data/package-lock-v2.json");
|
|
1101
|
+
deps = parsedList.pkgList;
|
|
1102
|
+
expect(deps.length).toEqual(1467);
|
|
1103
|
+
expect(parsedList.dependenciesList.length).toEqual(1280);
|
|
1104
|
+
expect(deps[0]).toEqual({
|
|
1105
|
+
"bom-ref": "pkg:application/flink-dashboard@2.0.0",
|
|
1106
|
+
group: "",
|
|
1107
|
+
name: "flink-dashboard",
|
|
1108
|
+
type: "application",
|
|
1109
|
+
version: "2.0.0"
|
|
1110
|
+
});
|
|
1111
|
+
expect(deps[deps.length - 1].name).toEqual("zone.js");
|
|
1112
|
+
parsedList = await utils.parsePkgLock("./test/data/package-lock-v3.json");
|
|
1113
|
+
deps = parsedList.pkgList;
|
|
1114
|
+
expect(deps.length).toEqual(879);
|
|
1115
|
+
expect(parsedList.dependenciesList.length).toEqual(879);
|
|
1116
|
+
expect(deps[0]).toEqual({
|
|
1117
|
+
"bom-ref": "pkg:application/@cyclonedx/cdxgen@8.4.3",
|
|
1118
|
+
group: "",
|
|
1119
|
+
name: "@cyclonedx/cdxgen",
|
|
1120
|
+
type: "application",
|
|
1121
|
+
version: "8.4.3"
|
|
1122
|
+
});
|
|
1123
|
+
expect(deps[deps.length - 1].name).toEqual("yocto-queue");
|
|
1100
1124
|
});
|
|
1101
1125
|
|
|
1102
1126
|
test("parseBowerJson", async () => {
|