@cyclonedx/cdxgen 9.8.10 → 9.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +43 -41
- package/analyzer.js +6 -2
- package/bin/cdxgen.js +78 -17
- package/bin/evinse.js +44 -22
- package/bin/verify.js +2 -0
- package/binary.js +20 -2
- package/data/README.md +1 -0
- package/data/frameworks-list.json +146 -0
- package/data/lic-mapping.json +44 -5
- package/data/pypi-pkg-aliases.json +6 -0
- package/display.js +34 -0
- package/docker.js +64 -5
- package/evinser.js +254 -55
- package/index.js +128 -90
- package/package.json +5 -5
- package/server.js +34 -21
- package/utils.js +695 -262
- package/utils.test.js +81 -7
package/utils.test.js
CHANGED
|
@@ -1192,7 +1192,7 @@ test("parse github actions workflow data", async () => {
|
|
|
1192
1192
|
dep_list = parseGitHubWorkflowData(
|
|
1193
1193
|
readFileSync("./.github/workflows/repotests.yml", { encoding: "utf-8" })
|
|
1194
1194
|
);
|
|
1195
|
-
expect(dep_list.length).toEqual(
|
|
1195
|
+
expect(dep_list.length).toEqual(8);
|
|
1196
1196
|
expect(dep_list[0]).toEqual({
|
|
1197
1197
|
group: "actions",
|
|
1198
1198
|
name: "checkout",
|
|
@@ -1256,6 +1256,7 @@ test("parse project.assets.json", async () => {
|
|
|
1256
1256
|
expect(dep_list["pkgList"].length).toEqual(302);
|
|
1257
1257
|
expect(dep_list["pkgList"][0]).toEqual({
|
|
1258
1258
|
"bom-ref": "pkg:nuget/Castle.Core.Tests@0.0.0",
|
|
1259
|
+
purl: "pkg:nuget/Castle.Core.Tests@0.0.0",
|
|
1259
1260
|
group: "",
|
|
1260
1261
|
name: "Castle.Core.Tests",
|
|
1261
1262
|
type: "application",
|
|
@@ -1265,6 +1266,9 @@ test("parse project.assets.json", async () => {
|
|
|
1265
1266
|
expect(dep_list["dependenciesList"][0]).toEqual({
|
|
1266
1267
|
dependsOn: [
|
|
1267
1268
|
"pkg:nuget/Castle.Core@0.0.0",
|
|
1269
|
+
"pkg:nuget/Castle.Core-NLog@0.0.0",
|
|
1270
|
+
"pkg:nuget/Castle.Core-Serilog@0.0.0",
|
|
1271
|
+
"pkg:nuget/Castle.Core-log4net@0.0.0",
|
|
1268
1272
|
"pkg:nuget/Microsoft.NET.Test.Sdk@17.1.0",
|
|
1269
1273
|
"pkg:nuget/Microsoft.NETCore.App@2.1.0",
|
|
1270
1274
|
"pkg:nuget/Microsoft.NETFramework.ReferenceAssemblies@1.0.0",
|
|
@@ -1299,17 +1303,28 @@ test("parse packages.lock.json", async () => {
|
|
|
1299
1303
|
});
|
|
1300
1304
|
|
|
1301
1305
|
test("parse paket.lock", async () => {
|
|
1302
|
-
expect(await parsePaketLockData(null)).toEqual(
|
|
1306
|
+
expect(await parsePaketLockData(null)).toEqual({
|
|
1307
|
+
pkgList: [],
|
|
1308
|
+
dependenciesList: []
|
|
1309
|
+
});
|
|
1303
1310
|
const dep_list = await parsePaketLockData(
|
|
1304
1311
|
readFileSync("./test/data/paket.lock", { encoding: "utf-8" })
|
|
1305
1312
|
);
|
|
1306
|
-
expect(dep_list.length).toEqual(13);
|
|
1307
|
-
expect(dep_list[0]).toEqual({
|
|
1313
|
+
expect(dep_list.pkgList.length).toEqual(13);
|
|
1314
|
+
expect(dep_list.pkgList[0]).toEqual({
|
|
1308
1315
|
group: "",
|
|
1309
1316
|
name: "0x53A.ReferenceAssemblies.Paket",
|
|
1310
1317
|
version: "0.2",
|
|
1311
1318
|
purl: "pkg:nuget/0x53A.ReferenceAssemblies.Paket@0.2"
|
|
1312
1319
|
});
|
|
1320
|
+
expect(dep_list.dependenciesList.length).toEqual(13);
|
|
1321
|
+
expect(dep_list.dependenciesList[2]).toEqual({
|
|
1322
|
+
ref: "pkg:nuget/FSharp.Compiler.Service@17.0.1",
|
|
1323
|
+
dependsOn: [
|
|
1324
|
+
"pkg:nuget/System.Collections.Immutable@1.4",
|
|
1325
|
+
"pkg:nuget/System.Reflection.Metadata@1.5"
|
|
1326
|
+
]
|
|
1327
|
+
});
|
|
1313
1328
|
});
|
|
1314
1329
|
|
|
1315
1330
|
test("parse .net cs proj", async () => {
|
|
@@ -1683,6 +1698,13 @@ test("parsePkgLock v3", async () => {
|
|
|
1683
1698
|
});
|
|
1684
1699
|
expect(deps[deps.length - 1].name).toEqual("uid2");
|
|
1685
1700
|
expect(parsedList.dependenciesList.length).toEqual(161);
|
|
1701
|
+
parsedList = await parsePkgLock("./package-lock.json", {
|
|
1702
|
+
projectVersion: "latest",
|
|
1703
|
+
projectName: "cdxgen"
|
|
1704
|
+
});
|
|
1705
|
+
deps = parsedList.pkgList;
|
|
1706
|
+
expect(deps.length).toEqual(1204);
|
|
1707
|
+
expect(parsedList.dependenciesList.length).toEqual(1204);
|
|
1686
1708
|
});
|
|
1687
1709
|
|
|
1688
1710
|
test("parseBowerJson", async () => {
|
|
@@ -1945,6 +1967,8 @@ test("parseYarnLock", async () => {
|
|
|
1945
1967
|
name: "asap",
|
|
1946
1968
|
version: "2.0.5",
|
|
1947
1969
|
_integrity: "sha256-522765b50c3510490e52d7dcfe085ef9ba96958f",
|
|
1970
|
+
"bom-ref": "pkg:npm/asap@2.0.5",
|
|
1971
|
+
purl: "pkg:npm/asap@2.0.5",
|
|
1948
1972
|
properties: [
|
|
1949
1973
|
{
|
|
1950
1974
|
name: "SrcFile",
|
|
@@ -1977,6 +2001,8 @@ test("parseYarnLock", async () => {
|
|
|
1977
2001
|
group: "@babel",
|
|
1978
2002
|
name: "cli",
|
|
1979
2003
|
version: "7.10.1",
|
|
2004
|
+
"bom-ref": "pkg:npm/@babel/cli@7.10.1",
|
|
2005
|
+
purl: "pkg:npm/%40babel/cli@7.10.1",
|
|
1980
2006
|
_integrity:
|
|
1981
2007
|
"sha512-cVB+dXeGhMOqViIaZs3A9OUAe4pKw4SBNdMw6yHJMYR7s4TB+Cei7ThquV/84O19PdIFWuwe03vxxES0BHUm5g==",
|
|
1982
2008
|
properties: [
|
|
@@ -2013,6 +2039,8 @@ test("parseYarnLock", async () => {
|
|
|
2013
2039
|
group: "@apollo",
|
|
2014
2040
|
name: "client",
|
|
2015
2041
|
version: "3.2.5",
|
|
2042
|
+
"bom-ref": "pkg:npm/@apollo/client@3.2.5",
|
|
2043
|
+
purl: "pkg:npm/%40apollo/client@3.2.5",
|
|
2016
2044
|
properties: [
|
|
2017
2045
|
{
|
|
2018
2046
|
name: "SrcFile",
|
|
@@ -2043,6 +2071,8 @@ test("parseYarnLock", async () => {
|
|
|
2043
2071
|
group: "@actions",
|
|
2044
2072
|
name: "artifact",
|
|
2045
2073
|
version: "0.6.1",
|
|
2074
|
+
"bom-ref": "pkg:npm/@actions/artifact@0.6.1",
|
|
2075
|
+
purl: "pkg:npm/%40actions/artifact@0.6.1",
|
|
2046
2076
|
properties: [
|
|
2047
2077
|
{
|
|
2048
2078
|
name: "SrcFile",
|
|
@@ -2072,6 +2102,8 @@ test("parseYarnLock", async () => {
|
|
|
2072
2102
|
"sha512-+X9Jn4mPI+RYV0ITiiLyJSYlT9um111BocJSaztsxXR+9ZxWErpzdfQqyk+EYZUOklugjJkerQZRtJGLfJeClw==",
|
|
2073
2103
|
group: "",
|
|
2074
2104
|
name: "lru-cache",
|
|
2105
|
+
"bom-ref": "pkg:npm/lru-cache@6.0.0",
|
|
2106
|
+
purl: "pkg:npm/lru-cache@6.0.0",
|
|
2075
2107
|
version: "6.0.0",
|
|
2076
2108
|
properties: [
|
|
2077
2109
|
{
|
|
@@ -2095,7 +2127,7 @@ test("parseYarnLock", async () => {
|
|
|
2095
2127
|
});
|
|
2096
2128
|
|
|
2097
2129
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv2.lock");
|
|
2098
|
-
expect(parsedList.pkgList.length).toEqual(
|
|
2130
|
+
expect(parsedList.pkgList.length).toEqual(1088);
|
|
2099
2131
|
expect(parsedList.dependenciesList.length).toEqual(1088);
|
|
2100
2132
|
expect(parsedList.pkgList[0]).toEqual({
|
|
2101
2133
|
_integrity:
|
|
@@ -2103,6 +2135,8 @@ test("parseYarnLock", async () => {
|
|
|
2103
2135
|
group: "@arcanis",
|
|
2104
2136
|
name: "slice-ansi",
|
|
2105
2137
|
version: "1.0.2",
|
|
2138
|
+
"bom-ref": "pkg:npm/@arcanis/slice-ansi@1.0.2",
|
|
2139
|
+
purl: "pkg:npm/%40arcanis/slice-ansi@1.0.2",
|
|
2106
2140
|
properties: [
|
|
2107
2141
|
{
|
|
2108
2142
|
name: "SrcFile",
|
|
@@ -2124,14 +2158,16 @@ test("parseYarnLock", async () => {
|
|
|
2124
2158
|
}
|
|
2125
2159
|
});
|
|
2126
2160
|
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv3.lock");
|
|
2127
|
-
expect(parsedList.pkgList.length).toEqual(
|
|
2128
|
-
expect(parsedList.dependenciesList.length).toEqual(
|
|
2161
|
+
expect(parsedList.pkgList.length).toEqual(363);
|
|
2162
|
+
expect(parsedList.dependenciesList.length).toEqual(363);
|
|
2129
2163
|
expect(parsedList.pkgList[0]).toEqual({
|
|
2130
2164
|
_integrity:
|
|
2131
2165
|
"sha512-vtU+q0TmdIDmezU7lKub73vObN6nmd3lkcKWz7R9hyNI8gz5o7grDb+FML9nykOLW+09gGIup2xyJ86j5vBKpg==",
|
|
2132
2166
|
group: "@babel",
|
|
2133
2167
|
name: "code-frame",
|
|
2134
2168
|
version: "7.16.7",
|
|
2169
|
+
"bom-ref": "pkg:npm/@babel/code-frame@7.16.7",
|
|
2170
|
+
purl: "pkg:npm/%40babel/code-frame@7.16.7",
|
|
2135
2171
|
properties: [
|
|
2136
2172
|
{
|
|
2137
2173
|
name: "SrcFile",
|
|
@@ -2162,6 +2198,8 @@ test("parseYarnLock", async () => {
|
|
|
2162
2198
|
group: "@ac-synth",
|
|
2163
2199
|
name: "yjs",
|
|
2164
2200
|
version: "13.5.39-alpha1",
|
|
2201
|
+
"bom-ref": "pkg:npm/@ac-synth/yjs@13.5.39-alpha1",
|
|
2202
|
+
purl: "pkg:npm/%40ac-synth/yjs@13.5.39-alpha1",
|
|
2165
2203
|
_integrity:
|
|
2166
2204
|
"sha512-JE93VWVyVa07xkK1wJ5ogjSZ30Nn4ptUuUXdPnu8MsKme1xFHLFFD3UtnHxnxnNDSnGx+WLlhuyHdIFfSCYqYg==",
|
|
2167
2205
|
properties: [
|
|
@@ -2181,6 +2219,42 @@ test("parseYarnLock", async () => {
|
|
|
2181
2219
|
}
|
|
2182
2220
|
}
|
|
2183
2221
|
});
|
|
2222
|
+
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn5.lock");
|
|
2223
|
+
expect(parsedList.pkgList.length).toEqual(1962);
|
|
2224
|
+
expect(parsedList.dependenciesList.length).toEqual(1962);
|
|
2225
|
+
expect(parsedList.pkgList[0].purl).toEqual(
|
|
2226
|
+
"pkg:npm/%40ampproject/remapping@2.2.0"
|
|
2227
|
+
);
|
|
2228
|
+
expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
|
|
2229
|
+
"pkg:npm/@ampproject/remapping@2.2.0"
|
|
2230
|
+
);
|
|
2231
|
+
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn6.lock");
|
|
2232
|
+
expect(parsedList.pkgList.length).toEqual(1472);
|
|
2233
|
+
expect(parsedList.dependenciesList.length).toEqual(1472);
|
|
2234
|
+
expect(parsedList.pkgList[0].purl).toEqual(
|
|
2235
|
+
"pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
|
|
2236
|
+
);
|
|
2237
|
+
expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
|
|
2238
|
+
"pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
|
|
2239
|
+
);
|
|
2240
|
+
parsedList = await parseYarnLock("./test/data/yarn_locks/yarn7.lock");
|
|
2241
|
+
expect(parsedList.pkgList.length).toEqual(1350);
|
|
2242
|
+
expect(parsedList.dependenciesList.length).toEqual(1347);
|
|
2243
|
+
expect(parsedList.pkgList[0].purl).toEqual(
|
|
2244
|
+
"pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
|
|
2245
|
+
);
|
|
2246
|
+
expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
|
|
2247
|
+
"pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
|
|
2248
|
+
);
|
|
2249
|
+
parsedList = await parseYarnLock("./test/data/yarn_locks/yarnv4.lock");
|
|
2250
|
+
expect(parsedList.pkgList.length).toEqual(1851);
|
|
2251
|
+
expect(parsedList.dependenciesList.length).toEqual(1851);
|
|
2252
|
+
expect(parsedList.pkgList[0].purl).toEqual(
|
|
2253
|
+
"pkg:npm/%40aashutoshrathi/word-wrap@1.2.6"
|
|
2254
|
+
);
|
|
2255
|
+
expect(parsedList.pkgList[0]["bom-ref"]).toEqual(
|
|
2256
|
+
"pkg:npm/@aashutoshrathi/word-wrap@1.2.6"
|
|
2257
|
+
);
|
|
2184
2258
|
});
|
|
2185
2259
|
|
|
2186
2260
|
test("parseComposerLock", () => {
|