@cyclonedx/cyclonedx-library 9.0.0 → 9.2.0

package/res/schema/cryptography-defs.SNAPSHOT.schema.json

@@ -0,0 +1,576 @@
+{
+  "$schema": "http://json-schema.org/draft-07/schema#",
+  "$id": "http://cyclonedx.org/schema/cryptography-defs.schema.json",
+  "$comment": "2025-09-07T11:12:52Z",
+  "title": "Cryptographic Algorithm Family Definitions",
+  "description": "Enumerates cryptographic algorithm families and their specific metadata.",
+  "type": "object",
+  "additionalProperties": false,
+  "properties": {
+    "$schema": {
+      "type": "string"
+    },
+    "lastUpdated": {
+      "type": "string",
+      "format": "date-time",
+      "title": "Last Updated",
+      "description": "The date and time (timestamp) when the data was last updated."
+    },
+    "algorithms": {
+      "type": "array",
+      "title": "Algorithm Families",
+      "description": "An array of cryptographic algorithm family definitions.",
+      "items": {
+        "type": "object",
+        "title": "Algorithm Family",
+        "description": "Defines a cryptographic algorithm family and its metadata.",
+        "additionalProperties": false,
+        "properties": {
+          "family": {
+            "type": "string",
+            "title": "Algorithm Family",
+            "description": "The name of the cryptographic algorithm family."
+          },
+          "standard": {
+            "type": "array",
+            "title": "Standards",
+            "description": "List of standards defining or relating to the algorithm family.",
+            "items": {
+              "type": "object",
+              "title": "Standard Reference",
+              "description": "Reference to a standard, including its name and URL.",
+              "additionalProperties": false,
+              "properties": {
+                "name": {
+                  "type": "string",
+                  "title": "Standard Name",
+                  "description": "The name or identifier of the standard."
+                },
+                "url": {
+                  "type": "string",
+                  "format": "iri-reference",
+                  "title": "Standard URL",
+                  "description": "A URL pointing to the standard's official documentation."
+                }
+              },
+              "required": [
+                "name",
+                "url"
+              ]
+            }
+          },
+          "variant": {
+            "type": "array",
+            "title": "Variants",
+            "description": "Defines algorithm variants by a naming pattern and the corresponding cryptographic primitive.",
+            "items": {
+              "type": "object",
+              "title": "Standard Reference",
+              "description": "Reference to a standard, including its name and URL.",
+              "additionalProperties": false,
+              "properties": {
+                "pattern": {
+                  "type": "string",
+                  "title": "Standard Name",
+                  "description": "Defines the pattern used to construct the complete algorithm name. Placeholders are defined by {} for algorithm-specific properties."
+                },
+                "primitive": {
+                  "type": "string",
+                  "title": "Primitive",
+                  "description": "Type of cryptographic primitive (e.g., signature, encryption, hash)."
+                },
+                "standard": {
+                  "type": "array",
+                  "title": "Standards",
+                  "description": "List of standards defining or relating to the algorithm variant.",
+                  "items": {
+                    "type": "object",
+                    "title": "Standard Reference",
+                    "description": "Reference to a standard, including its name and URL.",
+                    "additionalProperties": false,
+                    "properties": {
+                      "name": {
+                        "type": "string",
+                        "title": "Standard Name",
+                        "description": "The name or identifier of the standard."
+                      },
+                      "url": {
+                        "type": "string",
+                        "format": "iri-reference",
+                        "title": "Standard URL",
+                        "description": "A URL pointing to the standard's official documentation."
+                      }
+                    },
+                    "required": [
+                      "name",
+                      "url"
+                    ]
+                  }
+                }
+              },
+              "required": [
+                "pattern",
+                "primitive"
+              ]
+            }
+          }
+        },
+        "required": [
+          "family",
+          "variant"
+        ]
+      }
+    },
+    "ellipticCurves": {
+      "type": "array",
+      "title": "Elliptic Curves",
+      "description": "An array of elliptic curve family definitions.",
+      "items": {
+        "type": "object",
+        "title": "Elliptic Curve Family",
+        "description": "Defines an elliptic curve family and its metadata.",
+        "additionalProperties": false,
+        "properties": {
+          "name": {
+            "type": "string",
+            "title": "Curve Family Name",
+            "description": "The name of the elliptic curve family."
+          },
+          "description": {
+            "type": [
+              "string",
+              "null"
+            ],
+            "title": "Description",
+            "description": "A description of the elliptic curve family."
+          },
+          "curves": {
+            "type": "array",
+            "title": "Curves",
+            "description": "List of curves in this family.",
+            "items": {
+              "type": "object",
+              "title": "Curve",
+              "description": "Defines a specific elliptic curve and its metadata.",
+              "additionalProperties": false,
+              "properties": {
+                "name": {
+                  "type": "string",
+                  "title": "Curve Name",
+                  "description": "The name of the elliptic curve."
+                },
+                "description": {
+                  "type": [
+                    "string",
+                    "null"
+                  ],
+                  "title": "Description",
+                  "description": "A description of the elliptic curve."
+                },
+                "oid": {
+                  "type": [
+                    "string",
+                    "null"
+                  ],
+                  "title": "OID",
+                  "description": "The Object Identifier (OID) of the elliptic curve."
+                },
+                "form": {
+                  "type": "string",
+                  "title": "Form",
+                  "description": "The form of the elliptic curve.",
+                  "enum": [
+                    "Weierstrass",
+                    "Edwards",
+                    "TwistedEdwards",
+                    "Montgomery"
+                  ]
+                },
+                "aliases": {
+                  "type": "array",
+                  "title": "Aliases",
+                  "description": "List of aliases for this curve.",
+                  "items": {
+                    "type": "object",
+                    "title": "Alias",
+                    "description": "An alias for the curve.",
+                    "additionalProperties": false,
+                    "properties": {
+                      "category": {
+                        "type": "string",
+                        "title": "Category",
+                        "description": "The category of the alias."
+                      },
+                      "name": {
+                        "type": "string",
+                        "title": "Name",
+                        "description": "The name of the alias."
+                      }
+                    },
+                    "required": [
+                      "category",
+                      "name"
+                    ]
+                  }
+                }
+              },
+              "required": [
+                "name",
+                "description",
+                "oid",
+                "form"
+              ]
+            }
+          }
+        },
+        "required": [
+          "name",
+          "description",
+          "curves"
+        ]
+      }
+    }
+  },
+  "required": [
+    "lastUpdated",
+    "algorithms",
+    "ellipticCurves"
+  ],
+  "definitions": {
+    "algorithmFamiliesEnum": {
+      "type": "string",
+      "title": "Algorithm Families",
+      "description": "An enum for the algorithm families.",
+      "enum": [
+        "3DES",
+        "3GPP-XOR",
+        "A5/1",
+        "A5/2",
+        "AES",
+        "ARIA",
+        "Ascon",
+        "BLAKE2",
+        "BLAKE3",
+        "BLS",
+        "Blowfish",
+        "CAMELLIA",
+        "CAST5",
+        "CAST6",
+        "CMAC",
+        "CMEA",
+        "ChaCha",
+        "ChaCha20",
+        "DES",
+        "DSA",
+        "ECDH",
+        "ECDSA",
+        "ECIES",
+        "EdDSA",
+        "ElGamal",
+        "FFDH",
+        "Fortuna",
+        "GOST",
+        "HC",
+        "HKDF",
+        "HMAC",
+        "IDEA",
+        "IKE-PRF",
+        "KMAC",
+        "LMS",
+        "MD2",
+        "MD4",
+        "MD5",
+        "MILENAGE",
+        "ML-DSA",
+        "ML-KEM",
+        "MQV",
+        "PBES1",
+        "PBES2",
+        "PBKDF1",
+        "PBKDF2",
+        "PBMAC1",
+        "Poly1305",
+        "RABBIT",
+        "RC2",
+        "RC4",
+        "RC5",
+        "RC6",
+        "RIPEMD",
+        "RSAES-OAEP",
+        "RSAES-PKCS1",
+        "RSASSA-PKCS1",
+        "RSASSA-PSS",
+        "SEED",
+        "SHA-1",
+        "SHA-2",
+        "SHA-3",
+        "SLH-DSA",
+        "SNOW3G",
+        "SP800-108",
+        "Salsa20",
+        "Serpent",
+        "SipHash",
+        "Skipjack",
+        "TUAK",
+        "Twofish",
+        "Whirlpool",
+        "X3DH",
+        "XMSS",
+        "Yarrow",
+        "ZUC",
+        "bcrypt"
+      ]
+    },
+    "ellipticCurvesEnum": {
+      "type": "string",
+      "enum": [
+        "anssi/FRP256v1",
+        "bls/BLS12-377",
+        "bls/BLS12-381",
+        "bls/BLS12-446",
+        "bls/BLS12-455",
+        "bls/BLS12-638",
+        "bls/BLS24-477",
+        "bls/Bandersnatch",
+        "bn/bn158",
+        "bn/bn190",
+        "bn/bn222",
+        "bn/bn254",
+        "bn/bn286",
+        "bn/bn318",
+        "bn/bn350",
+        "bn/bn382",
+        "bn/bn414",
+        "bn/bn446",
+        "bn/bn478",
+        "bn/bn510",
+        "bn/bn542",
+        "bn/bn574",
+        "bn/bn606",
+        "bn/bn638",
+        "brainpool/brainpoolP160r1",
+        "brainpool/brainpoolP160t1",
+        "brainpool/brainpoolP192r1",
+        "brainpool/brainpoolP192t1",
+        "brainpool/brainpoolP224r1",
+        "brainpool/brainpoolP224t1",
+        "brainpool/brainpoolP256r1",
+        "brainpool/brainpoolP256t1",
+        "brainpool/brainpoolP320r1",
+        "brainpool/brainpoolP320t1",
+        "brainpool/brainpoolP384r1",
+        "brainpool/brainpoolP384t1",
+        "brainpool/brainpoolP512r1",
+        "brainpool/brainpoolP512t1",
+        "gost/gost256",
+        "gost/gost512",
+        "gost/id-GostR3410-2001-CryptoPro-A-ParamSet",
+        "gost/id-GostR3410-2001-CryptoPro-B-ParamSet",
+        "gost/id-GostR3410-2001-CryptoPro-C-ParamSet",
+        "gost/id-tc26-gost-3410-12-512-paramSetA",
+        "gost/id-tc26-gost-3410-12-512-paramSetB",
+        "gost/id-tc26-gost-3410-2012-256-paramSetA",
+        "gost/id-tc26-gost-3410-2012-512-paramSetC",
+        "mnt/mnt1",
+        "mnt/mnt2/1",
+        "mnt/mnt2/2",
+        "mnt/mnt3/1",
+        "mnt/mnt3/2",
+        "mnt/mnt3/3",
+        "mnt/mnt4",
+        "mnt/mnt5/1",
+        "mnt/mnt5/2",
+        "mnt/mnt5/3",
+        "nist/B-163",
+        "nist/B-233",
+        "nist/B-283",
+        "nist/B-409",
+        "nist/B-571",
+        "nist/K-163",
+        "nist/K-233",
+        "nist/K-283",
+        "nist/K-409",
+        "nist/K-571",
+        "nist/P-192",
+        "nist/P-224",
+        "nist/P-256",
+        "nist/P-384",
+        "nist/P-521",
+        "nums/ed-254-mont",
+        "nums/ed-255-mers",
+        "nums/ed-256-mont",
+        "nums/ed-382-mont",
+        "nums/ed-383-mers",
+        "nums/ed-384-mont",
+        "nums/ed-510-mont",
+        "nums/ed-511-mers",
+        "nums/ed-512-mont",
+        "nums/numsp256d1",
+        "nums/numsp256t1",
+        "nums/numsp384d1",
+        "nums/numsp384t1",
+        "nums/numsp512d1",
+        "nums/numsp512t1",
+        "nums/w-254-mont",
+        "nums/w-255-mers",
+        "nums/w-256-mont",
+        "nums/w-382-mont",
+        "nums/w-383-mers",
+        "nums/w-384-mont",
+        "nums/w-510-mont",
+        "nums/w-511-mers",
+        "nums/w-512-mont",
+        "oakley/192-bit Random ECP Group",
+        "oakley/224-bit Random ECP Group",
+        "oakley/256-bit Random ECP Group",
+        "oakley/384-bit Random ECP Group",
+        "oakley/521-bit Random ECP Group",
+        "oakley/Oakley Group 3",
+        "oakley/Oakley Group 4",
+        "oscaa/SM2",
+        "other/BADA55-R-256",
+        "other/BADA55-VPR-224",
+        "other/BADA55-VPR2-224",
+        "other/BADA55-VR-224",
+        "other/BADA55-VR-256",
+        "other/BADA55-VR-384",
+        "other/Curve1174",
+        "other/Curve22103",
+        "other/Curve25519",
+        "other/Curve383187",
+        "other/Curve41417",
+        "other/Curve4417",
+        "other/Curve448",
+        "other/Curve67254",
+        "other/E-222",
+        "other/E-382",
+        "other/E-521",
+        "other/Ed25519",
+        "other/Ed448",
+        "other/Ed448-Goldilocks",
+        "other/FourQ",
+        "other/Fp224BN",
+        "other/Fp254BNa",
+        "other/Fp254BNb",
+        "other/Fp254n2BNa",
+        "other/Fp256BN",
+        "other/Fp384BN",
+        "other/Fp512BN",
+        "other/JubJub",
+        "other/M-221",
+        "other/M-383",
+        "other/M-511",
+        "other/MDC201601",
+        "other/Pallas",
+        "other/Tom-256",
+        "other/Tom-384",
+        "other/Tom-521",
+        "other/Tweedledee",
+        "other/Tweedledum",
+        "other/Vesta",
+        "other/ssc-160",
+        "other/ssc-192",
+        "other/ssc-224",
+        "other/ssc-256",
+        "other/ssc-288",
+        "other/ssc-320",
+        "other/ssc-384",
+        "other/ssc-512",
+        "secg/secp112r1",
+        "secg/secp112r2",
+        "secg/secp128r1",
+        "secg/secp128r2",
+        "secg/secp160k1",
+        "secg/secp160r1",
+        "secg/secp160r2",
+        "secg/secp192k1",
+        "secg/secp192r1",
+        "secg/secp224k1",
+        "secg/secp224r1",
+        "secg/secp256k1",
+        "secg/secp256r1",
+        "secg/secp384r1",
+        "secg/secp521r1",
+        "secg/sect113r1",
+        "secg/sect113r2",
+        "secg/sect131r1",
+        "secg/sect131r2",
+        "secg/sect163k1",
+        "secg/sect163r1",
+        "secg/sect163r2",
+        "secg/sect193r1",
+        "secg/sect193r2",
+        "secg/sect233k1",
+        "secg/sect233r1",
+        "secg/sect239k1",
+        "secg/sect283k1",
+        "secg/sect283r1",
+        "secg/sect409k1",
+        "secg/sect409r1",
+        "secg/sect571k1",
+        "secg/sect571r1",
+        "wtls/wap-wsg-idm-ecid-wtls1",
+        "wtls/wap-wsg-idm-ecid-wtls10",
+        "wtls/wap-wsg-idm-ecid-wtls11",
+        "wtls/wap-wsg-idm-ecid-wtls12",
+        "wtls/wap-wsg-idm-ecid-wtls3",
+        "wtls/wap-wsg-idm-ecid-wtls4",
+        "wtls/wap-wsg-idm-ecid-wtls5",
+        "wtls/wap-wsg-idm-ecid-wtls6",
+        "wtls/wap-wsg-idm-ecid-wtls7",
+        "wtls/wap-wsg-idm-ecid-wtls8",
+        "wtls/wap-wsg-idm-ecid-wtls9",
+        "x962/c2onb191v4",
+        "x962/c2onb191v5",
+        "x962/c2onb239v4",
+        "x962/c2onb239v5",
+        "x962/c2pnb163v1",
+        "x962/c2pnb163v2",
+        "x962/c2pnb163v3",
+        "x962/c2pnb176w1",
+        "x962/c2pnb208w1",
+        "x962/c2pnb272w1",
+        "x962/c2pnb304w1",
+        "x962/c2pnb368w1",
+        "x962/c2tnb191v1",
+        "x962/c2tnb191v2",
+        "x962/c2tnb191v3",
+        "x962/c2tnb239v1",
+        "x962/c2tnb239v2",
+        "x962/c2tnb239v3",
+        "x962/c2tnb359v1",
+        "x962/c2tnb431r1",
+        "x962/prime192v1",
+        "x962/prime192v2",
+        "x962/prime192v3",
+        "x962/prime239v1",
+        "x962/prime239v2",
+        "x962/prime239v3",
+        "x962/prime256v1",
+        "x963/ansip160k1",
+        "x963/ansip160r1",
+        "x963/ansip160r2",
+        "x963/ansip192k1",
+        "x963/ansip224k1",
+        "x963/ansip224r1",
+        "x963/ansip256k1",
+        "x963/ansip384r1",
+        "x963/ansip521r1",
+        "x963/ansit163k1",
+        "x963/ansit163r1",
+        "x963/ansit163r2",
+        "x963/ansit193r1",
+        "x963/ansit193r2",
+        "x963/ansit233k1",
+        "x963/ansit233r1",
+        "x963/ansit239k1",
+        "x963/ansit283k1",
+        "x963/ansit283r1",
+        "x963/ansit409k1",
+        "x963/ansit409r1",
+        "x963/ansit571k1",
+        "x963/ansit571r1"
+      ]
+    }
+  }
+}

package/src/_helpers/sortable.ts

@@ -62,6 +62,7 @@ export abstract class SortableSet<TItem> extends Set<TItem> implements SortableI
     }
 
     // it was asserted, that both lists have equal length -> zip-like compare
+    /* eslint-disable-next-line  no-plusplus -- ack */
     for (let i = sortedSelf.length - 1; i >= 0; --i) {
       const iCompared = this[compareObjectsSymbol](sortedSelf[i], sortedOther[i])
       if (iCompared !== 0) {

package/src/_helpers/uri.ts

@@ -47,7 +47,7 @@ export function escapeUri<T extends (string | undefined)> (value: T): T {
   }
   for (const [s, r] of _ESCAPES) {
     /* @ts-expect-error -- TS does not properly detect that value is to be forced as string, here */
-    value = value.replace(s, r)
+    value = value.replace(s, r) /* eslint-disable-line  no-param-reassign -- ack */
   }
   return value
 }

package/src/enums/externalReferenceType.ts

@@ -60,6 +60,10 @@ export enum ExternalReferenceType {
   ElectronicSignature = 'electronic-signature',
   DigitalSignature = 'digital-signature',
   RFC9116 = 'rfc-9116',
+  Citation = 'citation',
+  Patent = 'patent',
+  PatentAssertion = 'patent-assertion',
+  PatentFamily = 'patent-family',
 
   // --
 

package/src/enums/hashAlogorithm.ts

@@ -30,4 +30,6 @@ export enum HashAlgorithm {
   'BLAKE2b-384' = 'BLAKE2b-384',
   'BLAKE2b-512' = 'BLAKE2b-512',
   BLAKE3 = 'BLAKE3',
+  'Streebog-256' = 'Streebog-256',
+  'Streebog-512' = 'Streebog-512',
 }

package/src/factories/fromNodePackageJson.node.ts

@@ -158,6 +158,7 @@ export class PackageUrlFactory extends PlainPackageUrlFactory<'npm'> {
    * - "checksum" is stripped, unless a "download_url" or "vcs_url" is given.
    */
   #finalizeQualifiers(purl: PackageURL): PackageURL {
+    /* eslint-disable no-param-reassign -- intended */
     const qualifiers = new Map(Object.entries(purl.qualifiers ?? {}))
 
     const downloadUrl = qualifiers.get(PurlQualifierNames.DownloadUrl)
@@ -180,5 +181,6 @@ export class PackageUrlFactory extends PlainPackageUrlFactory<'npm'> {
     }
 
     return purl
+    /* eslint-enable no-param-reassign */
   }
 }

package/src/resources.node.ts

@@ -31,6 +31,7 @@ export const SCHEMA_ROOT = resolve(ROOT, 'schema')
 export const FILES = Object.freeze({
   CDX: Object.freeze({
     XML_SCHEMA: Object.freeze({
+      [Version.v1dot7]: resolve(SCHEMA_ROOT, 'bom-1.7.SNAPSHOT.xsd'),
       [Version.v1dot6]: resolve(SCHEMA_ROOT, 'bom-1.6.SNAPSHOT.xsd'),
       [Version.v1dot5]: resolve(SCHEMA_ROOT, 'bom-1.5.SNAPSHOT.xsd'),
       [Version.v1dot4]: resolve(SCHEMA_ROOT, 'bom-1.4.SNAPSHOT.xsd'),
@@ -41,6 +42,7 @@ export const FILES = Object.freeze({
 
     }),
     JSON_SCHEMA: Object.freeze({
+      [Version.v1dot7]: resolve(SCHEMA_ROOT, 'bom-1.7.SNAPSHOT.schema.json'),
       [Version.v1dot6]: resolve(SCHEMA_ROOT, 'bom-1.6.SNAPSHOT.schema.json'),
       [Version.v1dot5]: resolve(SCHEMA_ROOT, 'bom-1.5.SNAPSHOT.schema.json'),
       [Version.v1dot4]: resolve(SCHEMA_ROOT, 'bom-1.4.SNAPSHOT.schema.json'),
@@ -51,6 +53,7 @@ export const FILES = Object.freeze({
       [Version.v1dot0]: undefined
     }),
     JSON_STRICT_SCHEMA: Object.freeze({
+      [Version.v1dot7]: resolve(SCHEMA_ROOT, 'bom-1.7.SNAPSHOT.schema.json'),
       [Version.v1dot6]: resolve(SCHEMA_ROOT, 'bom-1.6.SNAPSHOT.schema.json'),
       [Version.v1dot5]: resolve(SCHEMA_ROOT, 'bom-1.5.SNAPSHOT.schema.json'),
       [Version.v1dot4]: resolve(SCHEMA_ROOT, 'bom-1.4.SNAPSHOT.schema.json'),
@@ -66,6 +69,9 @@ export const FILES = Object.freeze({
     XML_SCHEMA: resolve(SCHEMA_ROOT, 'spdx.SNAPSHOT.xsd'),
     JSON_SCHEMA: resolve(SCHEMA_ROOT, 'spdx.SNAPSHOT.schema.json')
   }),
+  CryptoDefs: Object.freeze({
+    JSON_SCHEMA: resolve(SCHEMA_ROOT, 'cryptography-defs.SNAPSHOT.schema.json')
+  }),
   JSF: Object.freeze({
     JSON_SCHEMA: resolve(SCHEMA_ROOT, 'jsf-0.82.SNAPSHOT.schema.json')
   })

package/src/serialize/json/normalize.ts

@@ -157,6 +157,7 @@ export class Factory {
 }
 
 const schemaUrl: ReadonlyMap<SpecVersion, string> = new Map([
+  [SpecVersion.v1dot7, 'http://cyclonedx.org/schema/bom-1.7.schema.json'],
   [SpecVersion.v1dot6, 'http://cyclonedx.org/schema/bom-1.6.schema.json'],
   [SpecVersion.v1dot5, 'http://cyclonedx.org/schema/bom-1.5.schema.json'],
   [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom-1.4.schema.json'],

package/src/serialize/xml/normalize.ts

@@ -160,6 +160,7 @@ export class Factory {
 }
 
 const xmlNamespace: ReadonlyMap<SpecVersion, string> = new Map([
+  [SpecVersion.v1dot7, 'http://cyclonedx.org/schema/bom/1.7'],
   [SpecVersion.v1dot6, 'http://cyclonedx.org/schema/bom/1.6'],
   [SpecVersion.v1dot5, 'http://cyclonedx.org/schema/bom/1.5'],
   [SpecVersion.v1dot4, 'http://cyclonedx.org/schema/bom/1.4'],