@cyclonedx/cyclonedx-library 1.3.4 → 1.4.2

package/src/helpers/packageUrl.ts

@@ -0,0 +1,32 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+/**
+ * Known PURL qualifier names.
+ * To be used until {@link https://github.com/package-url/packageurl-js/pull/34} gets merged and released,
+ * and {@link https://github.com/package-url/packageurl-js/issues/35} gets sorted out.
+ *
+ * For the list/spec of the well-known keys,
+ * see {@link https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#known-qualifiers-keyvalue-pairs}
+ */
+export const enum PackageUrlQualifierNames {
+  DownloadURL = 'download_url',
+  VcsUrl = 'vcs_url',
+  Checksum = 'checksum',
+}

package/src/helpers/tree.ts

@@ -17,4 +17,4 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-export const treeIterator = Symbol('iterator of a tree/nesting-like structure')
+export const treeIteratorSymbol = Symbol('iterator of a tree/nesting-like structure')

package/src/index.common.ts

@@ -0,0 +1,25 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+export * as Enums from './enums'
+export * as Models from './models'
+export * as SPDX from './spdx'
+export * as Spec from './spec'
+export * as Types from './types'
+// do not export the helpers, they are for internal use only

package/src/index.node.ts

@@ -17,16 +17,15 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
+export * from './index.common'
+
+// region node-specifics
+
 export * as Builders from './builders/index.node'
-export * as Enums from './enums'
 export * as Factories from './factories/index.node'
-export * as Models from './models'
 export * as Serialize from './serialize/index.node'
-export * as SPDX from './spdx'
-export * as Spec from './spec'
-export * as Types from './types'
 
 /** @internal until the resources-module was finalized and showed value */
 export * as _Resources from './resources.node'
 
-// do not export the helpers, they are for internal use only
+// endregion node-specifics

package/src/index.web.ts

@@ -17,11 +17,11 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-export * as Types from './types'
-export * as Enums from './enums'
-export * as SPDX from './spdx'
-export * as Models from './models'
+export * from './index.common'
+
+// region web-specifics
+
 export * as Factories from './factories/index.web'
-export * as Spec from './spec'
 export * as Serialize from './serialize/index.web'
-// do not export the helpers, they are for internal use only
+
+// endregion web-specifics

package/src/models/bom.ts

@@ -18,8 +18,8 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
 import { isPositiveInteger, isUrnUuid, PositiveInteger, UrnUuid } from '../types'
-import { Metadata } from './metadata'
 import { ComponentRepository } from './component'
+import { Metadata } from './metadata'
 
 interface OptionalProperties {
   metadata?: Bom['metadata']

package/src/models/component.ts

@@ -19,17 +19,17 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 import { PackageURL } from 'packageurl-js'
 
-import { CPE, isCPE } from '../types'
 import { ComponentScope, ComponentType } from '../enums'
+import { Comparable, SortableSet } from '../helpers/sortableSet'
+import { treeIteratorSymbol } from '../helpers/tree'
+import { CPE, isCPE } from '../types'
 import { BomRef, BomRefRepository } from './bomRef'
-import { HashRepository } from './hash'
-import { OrganizationalEntity } from './organizationalEntity'
 import { ExternalReferenceRepository } from './externalReference'
+import { HashRepository } from './hash'
 import { LicenseRepository } from './license'
-import { SWID } from './swid'
+import { OrganizationalEntity } from './organizationalEntity'
 import { PropertyRepository } from './property'
-import { Comparable, SortableSet } from '../helpers/sortableSet'
-import { treeIterator } from '../helpers/tree'
+import { SWID } from './swid'
 
 interface OptionalProperties {
   bomRef?: BomRef['value']
@@ -142,10 +142,10 @@ export class Component implements Comparable {
 }
 
 export class ComponentRepository extends SortableSet<Component> {
-  * [treeIterator] (): Generator<Component> {
+  * [treeIteratorSymbol] (): Generator<Component> {
     for (const component of this) {
       yield component
-      yield * component.components[treeIterator]()
+      yield * component.components[treeIteratorSymbol]()
     }
   }
 }

package/src/models/metadata.ts

@@ -18,9 +18,9 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
 import { Component } from './component'
-import { ToolRepository } from './tool'
-import { OrganizationalEntity } from './organizationalEntity'
 import { OrganizationalContactRepository } from './organizationalContact'
+import { OrganizationalEntity } from './organizationalEntity'
+import { ToolRepository } from './tool'
 
 interface OptionalProperties {
   timestamp?: Metadata['timestamp']

package/src/models/tool.ts

@@ -17,9 +17,9 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-import { HashRepository } from './hash'
-import { ExternalReferenceRepository } from './externalReference'
 import { Comparable, SortableSet } from '../helpers/sortableSet'
+import { ExternalReferenceRepository } from './externalReference'
+import { HashRepository } from './hash'
 
 interface OptionalProperties {
   vendor?: Tool['vendor']

package/src/serialize/baseSerializer.ts

@@ -17,7 +17,7 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-import { Component, Bom, BomRef } from '../models'
+import { Bom, BomRef, Component } from '../models'
 import { BomRefDiscriminator } from './bomRefDiscriminator'
 import { NormalizerOptions, Serializer, SerializerOptions } from './types'
 

package/src/serialize/index.common.ts

@@ -17,19 +17,30 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-// not everything is public, yet
+// !!! not everything is public, yet
 
+export * from './bomRefDiscriminator'
 export * as Types from './types'
 
+// region base
+
 export * from './baseSerializer'
 // export * from './baseDeserializer' // TODO
 
-export * from './bomRefDiscriminator'
+// endregion base
+
+// region JSON
 
 export * as JSON from './json'
 export * from './jsonSerializer'
 // export * from './jsonDeserializer' // TODO
 
+// endregion JSON
+
+// region XML
+
 export * as XML from './xml'
 export * from './xmlBaseSerializer'
 // export * from './xmlBaseDeserializer' // TODO
+
+// endregion XML

package/src/serialize/index.node.ts

@@ -19,5 +19,9 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 export * from './index.common'
 
+// region node-specifics
+
 export * from './xmlSerializer.node'
 // export * from './xmlDeserializer.node' // TODO
+
+// endregion node-specifics

package/src/serialize/index.web.ts

@@ -19,5 +19,9 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 export * from './index.common'
 
+// region web-specifics
+
 export * from './xmlSerializer.web'
 // export * from './xmlDeserializer.web' // TODO
+
+// endregion web-specifics

package/src/serialize/json/index.ts

@@ -17,7 +17,6 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-export * as Types from './types'
-
 export * as Normalize from './normalize'
+export * as Types from './types'
 // export * as Denormalize from './denormalize' // TODO

package/src/serialize/json/normalize.ts

@@ -19,11 +19,11 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 import { isNotUndefined } from '../../helpers/notUndefined'
 import { Stringable } from '../../helpers/stringable'
+import { treeIteratorSymbol } from '../../helpers/tree'
 import * as Models from '../../models'
 import { Protocol as Spec, Version as SpecVersion } from '../../spec'
 import { NormalizerOptions } from '../types'
 import { JsonSchema, Normalized } from './types'
-import { treeIterator } from '../../helpers/tree'
 
 export class Factory {
   readonly #spec: Spec
@@ -193,7 +193,7 @@ export class HashNormalizer extends Base {
     return spec.supportsHashAlgorithm(algorithm) && spec.supportsHashValue(content)
       ? {
           alg: algorithm,
-          content: content
+          content
         }
       : undefined
   }
@@ -429,11 +429,11 @@ export class DependencyGraphNormalizer extends Base {
     const allRefs = new Map<Models.BomRef, Models.BomRefRepository>()
     if (data.metadata.component !== undefined) {
       allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies)
-      for (const component of data.metadata.component.components[treeIterator]()) {
+      for (const component of data.metadata.component.components[treeIteratorSymbol]()) {
         allRefs.set(component.bomRef, component.dependencies)
       }
     }
-    for (const component of data.components[treeIterator]()) {
+    for (const component of data.components[treeIteratorSymbol]()) {
       allRefs.set(component.bomRef, component.dependencies)
     }
 

package/src/serialize/jsonSerializer.ts

@@ -19,10 +19,10 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 import { Bom } from '../models'
 import { Format, UnsupportedFormatError } from '../spec'
-import { NormalizerOptions, SerializerOptions } from './types'
 import { BaseSerializer } from './baseSerializer'
 import { Factory as NormalizerFactory } from './json/normalize'
 import { Normalized } from './json/types'
+import { NormalizerOptions, SerializerOptions } from './types'
 
 /**
  * Multi purpose Json serializer.

package/src/serialize/xml/index.ts

@@ -17,7 +17,6 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
-export * as Types from './types'
-
 export * as Normalize from './normalize'
+export * as Types from './types'
 // export * as Denormalize from './denormalize' // TODO

package/src/serialize/xml/normalize.ts

@@ -19,11 +19,11 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 import { isNotUndefined } from '../../helpers/notUndefined'
 import { Stringable } from '../../helpers/stringable'
+import { treeIteratorSymbol } from '../../helpers/tree'
 import * as Models from '../../models'
 import { Protocol as Spec, Version as SpecVersion } from '../../spec'
 import { NormalizerOptions } from '../types'
 import { SimpleXml, XmlSchema } from './types'
-import { treeIterator } from '../../helpers/tree'
 
 export class Factory {
   readonly #spec: Spec
@@ -558,11 +558,11 @@ export class DependencyGraphNormalizer extends Base {
     const allRefs = new Map<Models.BomRef, Models.BomRefRepository>()
     if (data.metadata.component !== undefined) {
       allRefs.set(data.metadata.component.bomRef, data.metadata.component.dependencies)
-      for (const component of data.metadata.component.components[treeIterator]()) {
+      for (const component of data.metadata.component.components[treeIteratorSymbol]()) {
         allRefs.set(component.bomRef, component.dependencies)
       }
     }
-    for (const component of data.components[treeIterator]()) {
+    for (const component of data.components[treeIteratorSymbol]()) {
       allRefs.set(component.bomRef, component.dependencies)
     }
 

package/src/serialize/xmlSerializer.node.ts

@@ -17,10 +17,10 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 
+import { stringifyFallback } from '../../libs/universal-node-xml'
 import { SerializerOptions } from './types'
-import { XmlBaseSerializer } from './xmlBaseSerializer'
 import { SimpleXml } from './xml/types'
-import { stringifyFallback } from '../../libs/universal-node-xml'
+import { XmlBaseSerializer } from './xmlBaseSerializer'
 
 /**
  * XML serializer for node.

package/src/serialize/xmlSerializer.web.ts

@@ -19,8 +19,8 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 import { isNotUndefined } from '../helpers/notUndefined'
 import { SerializerOptions } from './types'
-import { XmlBaseSerializer } from './xmlBaseSerializer'
 import { SimpleXml } from './xml/types'
+import { XmlBaseSerializer } from './xmlBaseSerializer'
 
 /**
  * XML serializer for web browsers.