@cyclonedx/cyclonedx-library 1.9.2 → 1.11.0

package/README.md

@@ -38,6 +38,14 @@ written in _TypeScript_ and compiled for the target.
   * `ComponentType`
   * `ExternalReferenceType`
   * `HashAlgorithm`
+  * Vulnerability related:  
+    _Release stage is “beta”._ These namespace and enums have been released to third-party developers experimentally for the purpose of collecting feedback. These enums should not be used in production, because their contracts may change without notice.
+    * `AffectStatus`
+    * `AnalysisJustification`
+    * `AnalysisResponse`
+    * `AnalysisState`
+    * `RatingMethod`
+    * `Severity`
 * Data models for the following use cases:
   * `Attachment`
   * `Bom`
@@ -48,10 +56,21 @@ written in _TypeScript_ and compiled for the target.
   * `LicenseExpression`, `NamedLicense`, `SpdxLicense`, `LicenseRepository`
   * `Metadata`
   * `OrganizationalContact`, `OrganizationalContactRepository`
-  * `OrganizationalEntity`
+  * `OrganizationalEntity`, `OrganizationalEntityRepository`
   * `Property`, `PropertyRepository`
   * `SWID`
   * `Tool`, `ToolRepository`
+  * Vulnerability related:   
+    _Release stage is “beta”._ These namespace and models have been released to third-party developers experimentally for the purpose of collecting feedback. These models should not be used in production, because their contracts may change without notice.  
+    _Attention_: These models are not yet supported by serializers nor normalizers.
+    * `Advisory`, `AdvisoryRepository`
+    * `Affect`, `AffectRepository`, `AffectedSingleVersion`, `AffectedVersionRange`, `AffectedVersionRepository`
+    * `Analysis`
+    * `Credits`
+    * `Rating`, `RatingRepository`
+    * `Reference`, `ReferenceRepository`
+    * `Source`
+    * `Vulnerability`, `VulnerabilityRepository`
 * Factories for the following use cases:
   * Create data models from any license descriptor string
   * Create `PackageURL` from `Component` data models
@@ -138,6 +157,8 @@ bom.metadata.component.dependencies.add(componentA.bomRef)
 There is no pre-rendered documentation at the time.  
 Instead, there are annotated type definitions, so that your IDE and tools may pick up the documentation when you use this library downstream.
 
+Additionally, there is a prepared set of configs for [TypeDoc](https://typedoc.org), so that you can build the API documentation from source via `npm run api-doc`.
+
 ## Development & Contributing
 
 Feel free to open issues, bugreports or pull requests.  
@@ -154,7 +175,7 @@ See the [LICENSE][license_file] file for the full license.
 [contributing_file]: https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md
 [examples]: https://github.com/CycloneDX/cyclonedx-javascript-library/tree/main/examples/README.md
 
-[shield_gh-workflow-test]:  https://img.shields.io/github/actions/workflow/status/CycloneDX/cyclonedx-javascript-library/nodejs.yml?branch=main&logo=GitHub&logoColor=white "tests"
+[shield_gh-workflow-test]: https://img.shields.io/github/actions/workflow/status/CycloneDX/cyclonedx-javascript-library/nodejs.yml?branch=main&logo=GitHub&logoColor=white "tests"
 [shield_npm-version]: https://img.shields.io/npm/v/@cyclonedx/cyclonedx-library?logo=npm&logoColor=white "npm"
 [shield_license]: https://img.shields.io/github/license/CycloneDX/cyclonedx-javascript-library?logo=open%20source%20initiative&logoColor=white "license"
 [shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg "homepage"

package/dist.d/_helpers/packageJson.d.ts

@@ -22,8 +22,8 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
  */
 export declare function splitNameGroup(data: string): [string, string?];
 /**
- * @see {@link https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/package.json PackageJson spec}
- * @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json PackageJson description}
+ * @see {@link https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/package.json | PackageJson spec}
+ * @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json | PackageJson description}
  */
 export interface PackageJson {
     name?: string;

package/dist.d/_helpers/packageUrl.d.ts

@@ -18,11 +18,11 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 /**
  * Known PURL qualifier names.
- * To be used until {@link https://github.com/package-url/packageurl-js/pull/34} gets merged and released,
- * and {@link https://github.com/package-url/packageurl-js/issues/35} gets sorted out.
+ * To be used until {@link https://github.com/package-url/packageurl-js/pull/34 | PackageURL PR#34} gets merged and released,
+ * and {@link https://github.com/package-url/packageurl-js/issues/35 | PackageURL Issue#35} gets sorted out.
  *
  * For the list/spec of the well-known keys,
- * see {@link https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#known-qualifiers-keyvalue-pairs}
+ * see {@link https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#known-qualifiers-keyvalue-pairs | known qualifiers key/value-pairs}
  */
 export declare const enum PackageUrlQualifierNames {
     DownloadURL = "download_url",

package/dist.d/_helpers/sortable.d.ts

@@ -16,7 +16,43 @@ limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
-export interface Sortable<T> {
-    sorted: () => T[];
+import type { Stringable } from './stringable';
+export interface Sortable<TItem> {
+    sorted: () => TItem[];
 }
+export interface Comparable<TOther> {
+    /**
+     * Compare one object with another.
+     *
+     * The purpose of this method is not to test for equality, but have deterministic comparability.
+     * As long as this method is deterministic, there is no need for a proper ordering in any result/downstream.
+     */
+    compare: (other: TOther) => number;
+}
+declare const compareObjectsSymbol: unique symbol;
+export type SortableIterable<TItem> = Iterable<TItem> & Sortable<TItem>;
+declare abstract class SortableSet<TItem> extends Set<TItem> implements SortableIterable<TItem>, Comparable<Sortable<TItem>> {
+    /**
+     * Comparator function to apply to two items.
+     */
+    protected abstract [compareObjectsSymbol](a: TItem, b: TItem): number;
+    /**
+     * Get a sorted array of all items in the collection..
+     */
+    sorted(): TItem[];
+    /**
+     * Comparator function to apply to two objects of the collection..
+     */
+    compare(other: Sortable<TItem>): number;
+}
+export declare class SortableComparables<TItem extends Comparable<TItem>> extends SortableSet<TItem> {
+    protected [compareObjectsSymbol](a: TItem, b: TItem): number;
+}
+export declare class SortableStringables<TItem extends Stringable = Stringable> extends SortableSet<TItem> {
+    protected [compareObjectsSymbol](a: TItem, b: TItem): number;
+}
+export declare class SortableNumbers<TItem extends number = number> extends SortableSet<TItem> {
+    protected [compareObjectsSymbol](a: TItem, b: TItem): number;
+}
+export {};
 //# sourceMappingURL=sortable.d.ts.map

package/dist.d/_helpers/sortable.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sortable.d.ts","sourceRoot":"","sources":["../../src/_helpers/sortable.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,MAAM,WAAW,QAAQ,CAAC,CAAC;IACzB,MAAM,EAAE,MAAM,CAAC,EAAE,CAAA;CAClB"}
+{"version":3,"file":"sortable.d.ts","sourceRoot":"","sources":["../../src/_helpers/sortable.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,cAAc,CAAA;AAE9C,MAAM,WAAW,QAAQ,CAAC,KAAK;IAC7B,MAAM,EAAE,MAAM,KAAK,EAAE,CAAA;CACtB;AAED,MAAM,WAAW,UAAU,CAAC,MAAM;IAChC;;;;;OAKG;IACH,OAAO,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAA;CACnC;AAED,QAAA,MAAM,oBAAoB,eAAsC,CAAA;AAEhE,MAAM,MAAM,gBAAgB,CAAC,KAAK,IAAI,QAAQ,CAAC,KAAK,CAAC,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;AAEvE,uBAAe,WAAW,CAAC,KAAK,CAAE,SAAQ,GAAG,CAAC,KAAK,CAAE,YAAW,gBAAgB,CAAC,KAAK,CAAC,EAAE,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAClH;;OAEG;IACH,SAAS,CAAC,QAAQ,CAAC,CAAC,oBAAoB,CAAC,CAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,GAAG,MAAM;IAEtE;;OAEG;IACH,MAAM,IAAK,KAAK,EAAE;IAIlB;;OAEG;IACH,OAAO,CAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,MAAM;CAkBzC;AAED,qBAAa,mBAAmB,CAAC,KAAK,SAAS,UAAU,CAAC,KAAK,CAAC,CAAE,SAAQ,WAAW,CAAC,KAAK,CAAC;IAC1F,SAAS,CAAC,CAAC,oBAAoB,CAAC,CAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,GAAG,MAAM;CAG9D;AAED,qBAAa,mBAAmB,CAAC,KAAK,SAAS,UAAU,GAAG,UAAU,CAAE,SAAQ,WAAW,CAAC,KAAK,CAAC;IAChG,SAAS,CAAC,CAAC,oBAAoB,CAAC,CAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,GAAG,MAAM;CAG9D;AAED,qBAAa,eAAe,CAAC,KAAK,SAAS,MAAM,GAAG,MAAM,CAAE,SAAQ,WAAW,CAAC,KAAK,CAAC;IACpF,SAAS,CAAC,CAAC,oBAAoB,CAAC,CAAE,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,KAAK,GAAG,MAAM;CAG9D"}

package/dist.d/builders/fromNodePackageJson.node.d.ts

@@ -16,15 +16,15 @@ limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
-import { PackageJson } from '../_helpers/packageJson';
-import * as Enums from '../enums';
-import * as Factories from '../factories/index.node';
-import * as Models from '../models';
 /**
  * Node-specifics.
  *
- * @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json PackageJson spec}
+ * @see [PackageJson spec](https://docs.npmjs.com/cli/v8/configuring-npm/package-json)
  */
+import type { PackageJson } from '../_helpers/packageJson';
+import * as Enums from '../enums';
+import type * as Factories from '../factories/index.node';
+import * as Models from '../models';
 /**
  * Node-specific ToolBuilder.
  */

package/dist.d/builders/fromNodePackageJson.node.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fromNodePackageJson.node.d.ts","sourceRoot":"","sources":["../../src/builders/fromNodePackageJson.node.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAE,WAAW,EAAkB,MAAM,yBAAyB,CAAA;AACrE,OAAO,KAAK,KAAK,MAAM,UAAU,CAAA;AACjC,OAAO,KAAK,SAAS,MAAM,yBAAyB,CAAA;AACpD,OAAO,KAAK,MAAM,MAAM,WAAW,CAAA;AAEnC;;;;GAIG;AAEH;;GAEG;AACH,qBAAa,WAAW;;gBAGT,aAAa,EAAE,WAAW,CAAC,eAAe,CAAC;IAIxD,IAAI,aAAa,IAAK,SAAS,CAAC,mBAAmB,CAAC,wBAAwB,CAE3E;IAID,QAAQ,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,IAAI,GAAG,SAAS;CActD;AAED;;GAEG;AACH,qBAAa,gBAAgB;;gBAKzB,aAAa,EAAE,gBAAgB,CAAC,eAAe,CAAC,EAChD,cAAc,EAAE,gBAAgB,CAAC,gBAAgB,CAAC;IAMpD,IAAI,aAAa,IAAK,SAAS,CAAC,mBAAmB,CAAC,wBAAwB,CAE3E;IAED,IAAI,cAAc,IAAK,SAAS,CAAC,cAAc,CAE9C;IAED,aAAa,CAAE,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,KAAK,CAAC,aAA2C,GAAG,MAAM,CAAC,SAAS,GAAG,SAAS;CAwDzH"}
+{"version":3,"file":"fromNodePackageJson.node.d.ts","sourceRoot":"","sources":["../../src/builders/fromNodePackageJson.node.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAE1D,OAAO,KAAK,KAAK,MAAM,UAAU,CAAA;AACjC,OAAO,KAAK,KAAK,SAAS,MAAM,yBAAyB,CAAA;AACzD,OAAO,KAAK,MAAM,MAAM,WAAW,CAAA;AAEnC;;GAEG;AACH,qBAAa,WAAW;;gBAGT,aAAa,EAAE,WAAW,CAAC,eAAe,CAAC;IAIxD,IAAI,aAAa,IAAK,SAAS,CAAC,mBAAmB,CAAC,wBAAwB,CAE3E;IAID,QAAQ,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,IAAI,GAAG,SAAS;CActD;AAED;;GAEG;AACH,qBAAa,gBAAgB;;gBAKzB,aAAa,EAAE,gBAAgB,CAAC,eAAe,CAAC,EAChD,cAAc,EAAE,gBAAgB,CAAC,gBAAgB,CAAC;IAMpD,IAAI,aAAa,IAAK,SAAS,CAAC,mBAAmB,CAAC,wBAAwB,CAE3E;IAED,IAAI,cAAc,IAAK,SAAS,CAAC,cAAc,CAE9C;IAED,aAAa,CAAE,IAAI,EAAE,WAAW,EAAE,IAAI,GAAE,KAAK,CAAC,aAA2C,GAAG,MAAM,CAAC,SAAS,GAAG,SAAS;CAwDzH"}

package/dist.d/enums/index.d.ts

@@ -21,4 +21,6 @@ export * from './componentScope';
 export * from './componentType';
 export * from './externalReferenceType';
 export * from './hashAlogorithm';
+/** @beta */
+export * as Vulnerability from './vulnerability';
 //# sourceMappingURL=index.d.ts.map

package/dist.d/enums/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/enums/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,cAAc,sBAAsB,CAAA;AACpC,cAAc,kBAAkB,CAAA;AAChC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,yBAAyB,CAAA;AACvC,cAAc,kBAAkB,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/enums/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,cAAc,sBAAsB,CAAA;AACpC,cAAc,kBAAkB,CAAA;AAChC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,yBAAyB,CAAA;AACvC,cAAc,kBAAkB,CAAA;AAEhC,YAAY;AACZ,OAAO,KAAK,aAAa,MAAM,iBAAiB,CAAA"}

package/dist.d/enums/vulnerability/affectStatus.d.ts

@@ -0,0 +1,25 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+/** @beta */
+export declare enum AffectStatus {
+    Affected = "affected",
+    Unaffected = "unaffected",
+    Unknown = "unknown"
+}
+//# sourceMappingURL=affectStatus.d.ts.map

package/dist.d/enums/vulnerability/affectStatus.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"affectStatus.d.ts","sourceRoot":"","sources":["../../../src/enums/vulnerability/affectStatus.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,YAAY;AACZ,oBAAY,YAAY;IACtB,QAAQ,aAAa;IACrB,UAAU,eAAe;IACzB,OAAO,YAAY;CACpB"}

package/dist.d/enums/vulnerability/analysisJustification.d.ts

@@ -0,0 +1,31 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+/** @beta */
+export declare enum AnalysisJustification {
+    CodeNotPresent = "code_not_present",
+    CodeNotReachable = "code_not_reachable",
+    RequiresConfiguration = "requires_configuration",
+    RequiresDependency = "requires_dependency",
+    RequiresEnvironment = "requires_environment",
+    ProtectedByCompiler = "protected_by_compiler",
+    ProtectedAtRuntime = "protected_at_runtime",
+    ProtectedAtPerimeter = "protected_at_perimeter",
+    ProtectedByMitigatingControl = "protected_by_mitigating_control"
+}
+//# sourceMappingURL=analysisJustification.d.ts.map

package/dist.d/enums/vulnerability/analysisJustification.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analysisJustification.d.ts","sourceRoot":"","sources":["../../../src/enums/vulnerability/analysisJustification.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,YAAY;AACZ,oBAAY,qBAAqB;IAC/B,cAAc,qBAAqB;IACnC,gBAAgB,uBAAuB;IACvC,qBAAqB,2BAA2B;IAChD,kBAAkB,wBAAwB;IAC1C,mBAAmB,yBAAyB;IAC5C,mBAAmB,0BAA0B;IAC7C,kBAAkB,yBAAyB;IAC3C,oBAAoB,2BAA2B;IAC/C,4BAA4B,oCAAoC;CACjE"}

package/dist.d/enums/vulnerability/analysisResponse.d.ts

@@ -0,0 +1,31 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+import { SortableStringables } from '../../_helpers/sortable';
+/** @beta */
+export declare enum AnalysisResponse {
+    CanNotFix = "can_not_fix",
+    WillNotFix = "will_not_fix",
+    Update = "update",
+    Rollback = "rollback",
+    WorkaroundAvailable = "workaround_available"
+}
+/** @beta */
+export declare class AnalysisResponseRepository extends SortableStringables<AnalysisResponse> {
+}
+//# sourceMappingURL=analysisResponse.d.ts.map

package/dist.d/enums/vulnerability/analysisResponse.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analysisResponse.d.ts","sourceRoot":"","sources":["../../../src/enums/vulnerability/analysisResponse.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAE,mBAAmB,EAAE,MAAM,yBAAyB,CAAA;AAE7D,YAAY;AACZ,oBAAY,gBAAgB;IAC1B,SAAS,gBAAgB;IACzB,UAAU,iBAAiB;IAC3B,MAAM,WAAW;IACjB,QAAQ,aAAa;IACrB,mBAAmB,yBAAyB;CAC7C;AAED,YAAY;AACZ,qBAAa,0BAA2B,SAAQ,mBAAmB,CAAC,gBAAgB,CAAC;CACpF"}

package/dist.d/enums/vulnerability/analysisState.d.ts

@@ -0,0 +1,28 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+/** @beta */
+export declare enum AnalysisState {
+    Resolved = "resolved",
+    ResolvedWithPedigree = "resolved_with_pedigree",
+    Exploitable = "exploitable",
+    InTriage = "in_triage",
+    FalsePositive = "false_positive",
+    NotAffected = "not_affected"
+}
+//# sourceMappingURL=analysisState.d.ts.map

package/dist.d/enums/vulnerability/analysisState.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"analysisState.d.ts","sourceRoot":"","sources":["../../../src/enums/vulnerability/analysisState.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,YAAY;AACZ,oBAAY,aAAa;IACvB,QAAQ,aAAa;IACrB,oBAAoB,2BAA2B;IAC/C,WAAW,gBAAgB;IAC3B,QAAQ,cAAc;IACtB,aAAa,mBAAmB;IAChC,WAAW,iBAAiB;CAC7B"}

package/dist.d/enums/vulnerability/index.d.ts

@@ -0,0 +1,25 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+export * from './affectStatus';
+export * from './analysisJustification';
+export * from './analysisResponse';
+export * from './analysisState';
+export * from './ratingMethod';
+export * from './severity';
+//# sourceMappingURL=index.d.ts.map

package/dist.d/enums/vulnerability/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/enums/vulnerability/index.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,cAAc,gBAAgB,CAAA;AAC9B,cAAc,yBAAyB,CAAA;AACvC,cAAc,oBAAoB,CAAA;AAClC,cAAc,iBAAiB,CAAA;AAC/B,cAAc,gBAAgB,CAAA;AAC9B,cAAc,YAAY,CAAA"}

package/dist.d/enums/vulnerability/ratingMethod.d.ts

@@ -0,0 +1,35 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+/**
+ * Specifies the severity or risk scoring methodology or standard used.
+ *
+ * @beta
+ */
+export declare enum RatingMethod {
+    /** [CVSS v2 standard](https://www.first.org/cvss/v2/) */
+    CVSSv2 = "CVSSv2",
+    /** [CVSS v3.0 standard](https://www.first.org/cvss/v3-0/) */
+    CVSSv3 = "CVSSv3",
+    /** [CVSS v3.1 standard](https://www.first.org/cvss/v3-1/) */
+    CVSSv31 = "CVSSv31",
+    /** [OWASP Risk Rating](https://owasp.org/www-community/OWASP_Risk_Rating_Methodology) */
+    OWASP = "OWASP",
+    Other = "other"
+}
+//# sourceMappingURL=ratingMethod.d.ts.map

package/dist.d/enums/vulnerability/ratingMethod.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ratingMethod.d.ts","sourceRoot":"","sources":["../../../src/enums/vulnerability/ratingMethod.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF;;;;GAIG;AACH,oBAAY,YAAY;IACtB,yDAAyD;IACzD,MAAM,WAAW;IACjB,6DAA6D;IAC7D,MAAM,WAAW;IACjB,6DAA6D;IAC7D,OAAO,YAAY;IACnB,yFAAyF;IACzF,KAAK,UAAU;IACf,KAAK,UAAU;CAChB"}

package/dist.d/enums/vulnerability/severity.d.ts

@@ -0,0 +1,34 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+/**
+ * Textual representation of the severity of the vulnerability adopted by the analysis method.
+ * If the analysis method uses values other than what is provided, the user is expected to translate appropriately.
+ *
+ * @beta
+ */
+export declare enum Severity {
+    Critical = "critical",
+    High = "high",
+    Medium = "medium",
+    Low = "low",
+    Info = "info",
+    None = "none",
+    Unknown = "unknown"
+}
+//# sourceMappingURL=severity.d.ts.map

package/dist.d/enums/vulnerability/severity.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"severity.d.ts","sourceRoot":"","sources":["../../../src/enums/vulnerability/severity.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF;;;;;GAKG;AACH,oBAAY,QAAQ;IAClB,QAAQ,aAAa;IACrB,IAAI,SAAS;IACb,MAAM,WAAW;IACjB,GAAG,QAAQ;IACX,IAAI,SAAS;IACb,IAAI,SAAS;IACb,OAAO,YAAY;CACpB"}

package/dist.d/factories/fromNodePackageJson.node.d.ts

@@ -16,15 +16,15 @@ limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
-import { PackageURL } from 'packageurl-js';
-import { PackageJson } from '../_helpers/packageJson';
-import * as Models from '../models';
-import { PackageUrlFactory as PlainPackageUrlFactory } from './packageUrl';
 /**
  * Node-specifics.
  *
- * @see {@link https://docs.npmjs.com/cli/v8/configuring-npm/package-json PackageJson spec}
+ * @see [PackageJson spec](https://docs.npmjs.com/cli/v8/configuring-npm/package-json)
  */
+import type { PackageURL } from 'packageurl-js';
+import type { PackageJson } from '../_helpers/packageJson';
+import * as Models from '../models';
+import { PackageUrlFactory as PlainPackageUrlFactory } from './packageUrl';
 /**
  * Node-specific ExternalReferenceFactory.
  */

package/dist.d/factories/fromNodePackageJson.node.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"fromNodePackageJson.node.d.ts","sourceRoot":"","sources":["../../src/factories/fromNodePackageJson.node.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAG1C,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAGrD,OAAO,KAAK,MAAM,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,iBAAiB,IAAI,sBAAsB,EAAE,MAAM,cAAc,CAAA;AAE1E;;;;GAIG;AAEH;;GAEG;AACH,qBAAa,wBAAwB;IACnC,sBAAsB,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,EAAE;IAUtE,OAAO,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,GAAG,SAAS;IAsBjE,YAAY,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,GAAG,SAAS;IAUtE,gBAAgB,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,GAAG,SAAS;CAgB3E;AAID;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,sBAAsB;;IAClD,iBAAiB,CAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,GAAE,OAAe,GAAG,UAAU,GAAG,SAAS;CAsCxG"}
+{"version":3,"file":"fromNodePackageJson.node.d.ts","sourceRoot":"","sources":["../../src/factories/fromNodePackageJson.node.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF;;;;GAIG;AAEH,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAG/C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAG1D,OAAO,KAAK,MAAM,MAAM,WAAW,CAAA;AACnC,OAAO,EAAE,iBAAiB,IAAI,sBAAsB,EAAE,MAAM,cAAc,CAAA;AAE1E;;GAEG;AACH,qBAAa,wBAAwB;IACnC,sBAAsB,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,EAAE;IAUtE,OAAO,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,GAAG,SAAS;IAsBjE,YAAY,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,GAAG,SAAS;IAUtE,gBAAgB,CAAE,IAAI,EAAE,WAAW,GAAG,MAAM,CAAC,iBAAiB,GAAG,SAAS;CAgB3E;AAID;;GAEG;AACH,qBAAa,iBAAkB,SAAQ,sBAAsB;;IAClD,iBAAiB,CAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,IAAI,GAAE,OAAe,GAAG,UAAU,GAAG,SAAS;CAwCxG"}

package/dist.d/factories/license.d.ts

@@ -16,16 +16,17 @@ limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
-import { DisjunctiveLicense, License, LicenseExpression, NamedLicense, SpdxLicense } from '../models';
+import type { DisjunctiveLicense, License } from '../models';
+import { LicenseExpression, NamedLicense, SpdxLicense } from '../models';
 export declare class LicenseFactory {
     makeFromString(value: string): License;
     /**
-     * @throws {RangeError} if expression is not eligible
+     * @throws {@link RangeError} if expression is not eligible
      */
     makeExpression(value: string): LicenseExpression;
     makeDisjunctive(value: string): DisjunctiveLicense;
     /**
-     * @throws {RangeError} if value is not supported SPDX id
+     * @throws {@link RangeError} if value is not supported SPDX id
      */
     makeDisjunctiveWithId(value: string | any): SpdxLicense;
     makeDisjunctiveWithName(value: string | any): NamedLicense;

package/dist.d/factories/license.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../../src/factories/license.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAE,kBAAkB,EAAE,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAGrG,qBAAa,cAAc;IACzB,cAAc,CAAE,KAAK,EAAE,MAAM,GAAG,OAAO;IAQvC;;OAEG;IACH,cAAc,CAAE,KAAK,EAAE,MAAM,GAAG,iBAAiB;IAIjD,eAAe,CAAE,KAAK,EAAE,MAAM,GAAG,kBAAkB;IAQnD;;OAEG;IACH,qBAAqB,CAAE,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,WAAW;IASxD,uBAAuB,CAAE,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,YAAY;CAG5D"}
+{"version":3,"file":"license.d.ts","sourceRoot":"","sources":["../../src/factories/license.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,KAAK,EAAE,kBAAkB,EAAE,OAAO,EAAE,MAAM,WAAW,CAAA;AAC5D,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,WAAW,CAAA;AAGxE,qBAAa,cAAc;IACzB,cAAc,CAAE,KAAK,EAAE,MAAM,GAAG,OAAO;IAQvC;;OAEG;IACH,cAAc,CAAE,KAAK,EAAE,MAAM,GAAG,iBAAiB;IAIjD,eAAe,CAAE,KAAK,EAAE,MAAM,GAAG,kBAAkB;IAQnD;;OAEG;IACH,qBAAqB,CAAE,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,WAAW;IASxD,uBAAuB,CAAE,KAAK,EAAE,MAAM,GAAG,GAAG,GAAG,YAAY;CAG5D"}

package/dist.d/factories/packageUrl.d.ts

@@ -17,7 +17,7 @@ SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
 import { PackageURL } from 'packageurl-js';
-import { Component } from '../models';
+import type { Component } from '../models';
 export declare class PackageUrlFactory {
     #private;
     constructor(type: PackageUrlFactory['type']);

package/dist.d/factories/packageUrl.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"packageUrl.d.ts","sourceRoot":"","sources":["../../src/factories/packageUrl.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAI1C,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAErC,qBAAa,iBAAiB;;gBAGf,IAAI,EAAE,iBAAiB,CAAC,MAAM,CAAC;IAI5C,IAAI,IAAI,IAAK,UAAU,CAAC,MAAM,CAAC,CAE9B;IAED,iBAAiB,CAAE,SAAS,EAAE,SAAS,EAAE,IAAI,GAAE,OAAe,GAAG,UAAU,GAAG,SAAS;CAoDxF"}
+{"version":3,"file":"packageUrl.d.ts","sourceRoot":"","sources":["../../src/factories/packageUrl.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAE,UAAU,EAAE,MAAM,eAAe,CAAA;AAI1C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,WAAW,CAAA;AAE1C,qBAAa,iBAAiB;;gBAGf,IAAI,EAAE,iBAAiB,CAAC,MAAM,CAAC;IAI5C,IAAI,IAAI,IAAK,UAAU,CAAC,MAAM,CAAC,CAE9B;IAED,iBAAiB,CAAE,SAAS,EAAE,SAAS,EAAE,IAAI,GAAE,OAAe,GAAG,UAAU,GAAG,SAAS;CAoDxF"}

package/dist.d/models/attachment.d.ts

@@ -16,8 +16,8 @@ limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
-import { AttachmentEncoding } from '../enums';
-interface OptionalProperties {
+import type { AttachmentEncoding } from '../enums';
+export interface OptionalAttachmentProperties {
     contentType?: Attachment['contentType'];
     encoding?: Attachment['encoding'];
 }
@@ -25,7 +25,6 @@ export declare class Attachment {
     contentType?: string;
     content: string;
     encoding?: AttachmentEncoding;
-    constructor(content: Attachment['content'], op?: OptionalProperties);
+    constructor(content: Attachment['content'], op?: OptionalAttachmentProperties);
 }
-export {};
 //# sourceMappingURL=attachment.d.ts.map

package/dist.d/models/attachment.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"attachment.d.ts","sourceRoot":"","sources":["../../src/models/attachment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAE7C,UAAU,kBAAkB;IAC1B,WAAW,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,CAAA;IACvC,QAAQ,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAA;CAClC;AAED,qBAAa,UAAU;IACrB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,kBAAkB,CAAA;gBAEhB,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,EAAE,GAAE,kBAAuB;CAKzE"}
+{"version":3,"file":"attachment.d.ts","sourceRoot":"","sources":["../../src/models/attachment.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAA;AAElD,MAAM,WAAW,4BAA4B;IAC3C,WAAW,CAAC,EAAE,UAAU,CAAC,aAAa,CAAC,CAAA;IACvC,QAAQ,CAAC,EAAE,UAAU,CAAC,UAAU,CAAC,CAAA;CAClC;AAED,qBAAa,UAAU;IACrB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,CAAC,EAAE,kBAAkB,CAAA;gBAEhB,OAAO,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,EAAE,GAAE,4BAAiC;CAKnF"}

package/dist.d/models/bom.d.ts

@@ -16,34 +16,36 @@ limitations under the License.
 SPDX-License-Identifier: Apache-2.0
 Copyright (c) OWASP Foundation. All Rights Reserved.
 */
-import { PositiveInteger, UrnUuid } from '../types';
+import type { PositiveInteger, UrnUuid } from '../types';
 import { ComponentRepository } from './component';
 import { Metadata } from './metadata';
-interface OptionalProperties {
+import { VulnerabilityRepository } from './vulnerability';
+export interface OptionalBomProperties {
     metadata?: Bom['metadata'];
     components?: Bom['components'];
     version?: Bom['version'];
+    vulnerabilities?: Bom['vulnerabilities'];
     serialNumber?: Bom['serialNumber'];
 }
 export declare class Bom {
     #private;
     metadata: Metadata;
     components: ComponentRepository;
+    vulnerabilities: VulnerabilityRepository;
     /**
-     * @throws {TypeError} if {@link op.version} is neither {@link PositiveInteger} nor {@link undefined}
-     * @throws {TypeError} if {@link op.serialNumber} is neither {@link UrnUuid} nor {@link undefined}
+     * @throws {@link TypeError} if `op.version` is neither {@link PositiveInteger} nor `undefined`
+     * @throws {@link TypeError} if `op.serialNumber` is neither {@link UrnUuid} nor `undefined`
      */
-    constructor(op?: OptionalProperties);
+    constructor(op?: OptionalBomProperties);
     get version(): PositiveInteger;
     /**
-     * @throws {TypeError} if value is not {@link PositiveInteger}
+     * @throws {@link TypeError} if value is not {@link PositiveInteger}
      */
     set version(value: PositiveInteger);
     get serialNumber(): UrnUuid | undefined;
     /**
-     * @throws {TypeError} if value is neither {@link UrnUuid} nor {@link undefined}
+     * @throws {@link TypeError} if value is neither {@link UrnUuid} nor `undefined`
      */
     set serialNumber(value: UrnUuid | undefined);
 }
-export {};
 //# sourceMappingURL=bom.d.ts.map

package/dist.d/models/bom.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bom.d.ts","sourceRoot":"","sources":["../../src/models/bom.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,EAAgC,eAAe,EAAE,OAAO,EAAE,MAAM,UAAU,CAAA;AACjF,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AAErC,UAAU,kBAAkB;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC,YAAY,CAAC,CAAA;IAC9B,OAAO,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;IACxB,YAAY,CAAC,EAAE,GAAG,CAAC,cAAc,CAAC,CAAA;CACnC;AAED,qBAAa,GAAG;;IACd,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,mBAAmB,CAAA;IAc/B;;;OAGG;gBACU,EAAE,GAAE,kBAAuB;IAOxC,IAAI,OAAO,IAAK,eAAe,CAE9B;IAED;;OAEG;IACH,IAAI,OAAO,CAAE,KAAK,EAAE,eAAe,EAKlC;IAED,IAAI,YAAY,IAAK,OAAO,GAAG,SAAS,CAEvC;IAED;;OAEG;IACH,IAAI,YAAY,CAAE,KAAK,EAAE,OAAO,GAAG,SAAS,EAK3C;CACF"}
+{"version":3,"file":"bom.d.ts","sourceRoot":"","sources":["../../src/models/bom.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;EAiBE;AAEF,OAAO,KAAK,EAAE,eAAe,EAAE,OAAO,EAAE,MAAM,UAAU,CAAA;AAExD,OAAO,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAA;AACjD,OAAO,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AACrC,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAA;AAEzD,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,EAAE,GAAG,CAAC,UAAU,CAAC,CAAA;IAC1B,UAAU,CAAC,EAAE,GAAG,CAAC,YAAY,CAAC,CAAA;IAC9B,OAAO,CAAC,EAAE,GAAG,CAAC,SAAS,CAAC,CAAA;IACxB,eAAe,CAAC,EAAE,GAAG,CAAC,iBAAiB,CAAC,CAAA;IACxC,YAAY,CAAC,EAAE,GAAG,CAAC,cAAc,CAAC,CAAA;CACnC;AAED,qBAAa,GAAG;;IACd,QAAQ,EAAE,QAAQ,CAAA;IAClB,UAAU,EAAE,mBAAmB,CAAA;IAC/B,eAAe,EAAE,uBAAuB,CAAA;IAcxC;;;OAGG;gBACU,EAAE,GAAE,qBAA0B;IAQ3C,IAAI,OAAO,IAAK,eAAe,CAE9B;IAED;;OAEG;IACH,IAAI,OAAO,CAAE,KAAK,EAAE,eAAe,EAKlC;IAED,IAAI,YAAY,IAAK,OAAO,GAAG,SAAS,CAEvC;IAED;;OAEG;IACH,IAAI,YAAY,CAAE,KAAK,EAAE,OAAO,GAAG,SAAS,EAK3C;CACF"}