@herodevs/cli 2.0.0-beta.11 → 2.0.0-beta.12

package/README.md

@@ -43,11 +43,11 @@ npm install -g @herodevs/cli@beta
 HeroDevs CLI is available as a binary installation, without requiring `npm`. To do that, you may either download and run the script manually, or use the following cURL or Wget command:
 
 ```sh
-curl -o- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.11/scripts/install.sh | bash
+curl -o- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.12/scripts/install.sh | bash
 ```
 
 ```sh
-wget -qO- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.11/scripts/install.sh | bash
+wget -qO- https://raw.githubusercontent.com/herodevs/cli/v2.0.0-beta.12/scripts/install.sh | bash
 ```
 
 ## Scanning Behavior
@@ -209,6 +209,8 @@ You can use `@herodevs/cli` in your CI/CD pipelines to automate EOL scanning.
 We provide a Docker image that's pre-configured to run EOL scans. Based on [`cdxgen`](https://github.com/CycloneDX/cdxgen),
 it contains build tools for most project types and will provide best results when generating an SBOM. Use these templates to generate a report and save it to your CI job artifact for analysis and processing after your scan runs.
 
+**Note:** There is a potential to run into permission issues writing out the report to your CI runner. Please ensure that your CI runner is setup to have proper read/write permissions for wherever your output files are being written to.
+
 #### GitHub Actions
 
 ```yaml
@@ -227,20 +229,22 @@ jobs:
     environment: demo
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v5
 
       - name: Run EOL Scan
         run: |
-          docker run --rm \
+          docker run --name eol-scanner \
             -v $GITHUB_WORKSPACE:/app \
             -w /app \
-            ghcr.io/herodevs/eol-scan --save
+            ghcr.io/herodevs/eol-scan --save --output /tmp/herodevs.report.json
+          docker cp eol-scanner:/tmp/herodevs.report.json ${{ runner.temp }}/herodevs.report.json
+          docker rm eol-scanner
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: my-eol-report
-          path: ./herodevs.report.json
+          path: ${{ runner.temp }}/herodevs.report.json
 ```
 
 #### GitLab CI/CD
@@ -283,10 +287,11 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
+      - uses: actions/checkout@v5
+
+      - uses: actions/setup-node@v6
         with:
-          node-version: '22'
+          node-version: '24'
 
       - run: echo # Prepare environment, install tooling, perform setup, etc.
 
@@ -294,7 +299,7 @@ jobs:
         run: npx @herodevs/cli@beta scan eol
 
       - name: Upload artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v5
         with:
           name: my-eol-report
           path: herodevs.report.json

package/dist/service/cdx.svc.d.ts

@@ -1,3 +1,5 @@
+import { createBom } from '@cyclonedx/cdxgen';
+import { postProcess } from '@cyclonedx/cdxgen/stages/postgen/postgen';
 import type { CdxBom } from '@herodevs/eol-shared';
 export declare const SBOM_DEFAULT__OPTIONS: {
     $0: string;
@@ -61,4 +63,10 @@ export declare const SBOM_DEFAULT__OPTIONS: {
  * Lazy loads cdxgen (for ESM purposes), scans
  * `directory`, and returns the `bomJson` property.
  */
-export declare function createSbom(directory: string): Promise<CdxBom>;
+type CreateSbomDependencies = {
+    createBom: typeof createBom;
+    postProcess: typeof postProcess;
+};
+export declare function createSbomFactory({ createBom: createBomDependency, postProcess: postProcessDependency, }?: Partial<CreateSbomDependencies>): (directory: string) => Promise<CdxBom>;
+export declare const createSbom: (directory: string) => Promise<CdxBom>;
+export {};

package/dist/service/cdx.svc.js

@@ -1,4 +1,5 @@
 import { createBom } from '@cyclonedx/cdxgen';
+import { postProcess } from '@cyclonedx/cdxgen/stages/postgen/postgen';
 import { debugLogger } from "./log.svc.js";
 const author = process.env.npm_package_author ?? 'HeroDevs, Inc.';
 export const SBOM_DEFAULT__OPTIONS = {
@@ -24,8 +25,8 @@ export const SBOM_DEFAULT__OPTIONS = {
     includeFormulation: false,
     'no-install-deps': true,
     noInstallDeps: true,
-    'min-confidence': 1,
-    minConfidence: 1,
+    'min-confidence': 0.1,
+    minConfidence: 0.1,
     multiProject: true,
     'no-banner': false,
     noBabel: false,
@@ -62,14 +63,18 @@ export const SBOM_DEFAULT__OPTIONS = {
     usagesSlicesFile: 'usages.slices.json',
     validate: true,
 };
-/**
- * Lazy loads cdxgen (for ESM purposes), scans
- * `directory`, and returns the `bomJson` property.
- */
-export async function createSbom(directory) {
-    const sbom = await createBom(directory, SBOM_DEFAULT__OPTIONS);
-    if (!sbom)
-        throw new Error('SBOM not generated');
-    debugLogger('Successfully generated SBOM');
-    return sbom.bomJson;
+export function createSbomFactory({ createBom: createBomDependency = createBom, postProcess: postProcessDependency = postProcess, } = {}) {
+    return async function createSbom(directory) {
+        const sbom = await createBomDependency(directory, SBOM_DEFAULT__OPTIONS);
+        if (!sbom) {
+            throw new Error('SBOM not generated');
+        }
+        const postProcessedSbom = postProcessDependency(sbom, SBOM_DEFAULT__OPTIONS);
+        if (!postProcessedSbom) {
+            throw new Error('SBOM not generated');
+        }
+        debugLogger('Successfully generated SBOM');
+        return postProcessedSbom.bomJson;
+    };
 }
+export const createSbom = createSbomFactory();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@herodevs/cli",
-  "version": "2.0.0-beta.11",
+  "version": "2.0.0-beta.12",
   "author": "HeroDevs, Inc",
   "bin": {
     "hd": "./bin/run.js"
@@ -39,16 +39,15 @@
     "herodevs cli"
   ],
   "dependencies": {
-    "@amplitude/analytics-node": "^1.5.14",
+    "@amplitude/analytics-node": "^1.5.20",
     "@apollo/client": "^3.13.8",
-    "@cyclonedx/cdxgen": "~11.4.4",
+    "@cyclonedx/cdxgen": "^11.11.0",
     "@herodevs/eol-shared": "github:herodevs/eol-shared#v0.1.11",
     "@oclif/core": "^4.5.3",
     "@oclif/plugin-help": "^6.2.32",
-    "@oclif/plugin-update": "^4.7.8",
-    "graphql": "^16.11.0",
+    "@oclif/plugin-update": "^4.7.13",
     "node-machine-id": "^1.1.12",
-    "ora": "^8.2.0",
+    "ora": "^9.0.0",
     "packageurl-js": "^2.0.1",
     "terminal-link": "^5.0.0",
     "update-notifier": "^7.3.1"
@@ -57,15 +56,15 @@
     "@biomejs/biome": "^2.2.2",
     "@oclif/test": "^4.1.13",
     "@types/inquirer": "^9.0.9",
-    "@types/node": "^24.7.0",
+    "@types/node": "^24.9.2",
     "@types/sinon": "^17.0.4",
     "@types/update-notifier": "^6.0.8",
     "globstar": "^1.0.0",
-    "oclif": "^4.22.29",
+    "oclif": "^4.22.38",
     "shx": "^0.4.0",
     "sinon": "^21.0.0",
     "ts-node": "^10.9.2",
-    "tsx": "^4.20.5",
+    "tsx": "^4.20.6",
     "typescript": "^5.9.3"
   },
   "engines": {

package/dist/service/sbom.worker.d.ts

@@ -1 +0,0 @@
-export {};

package/dist/service/sbom.worker.js

@@ -1,26 +0,0 @@
-import { writeFileSync } from 'node:fs';
-import { join } from 'node:path';
-import { createBom } from '@cyclonedx/cdxgen';
-import { filenamePrefix } from "../config/constants.js";
-import { SBOM_DEFAULT__OPTIONS } from "./cdx.svc.js";
-process.on('uncaughtException', (err) => {
-    console.error('Uncaught exception:', err.message);
-    process.exit(1);
-});
-process.on('unhandledRejection', (reason) => {
-    console.error('Unhandled rejection:', reason);
-    process.exit(1);
-});
-try {
-    console.log('Sbom worker started');
-    const options = JSON.parse(process.argv[2]);
-    const { path, opts } = options;
-    const { bomJson } = await createBom(path, { ...SBOM_DEFAULT__OPTIONS, ...opts });
-    const outputPath = join(path, `${filenamePrefix}.sbom.json`);
-    writeFileSync(outputPath, JSON.stringify(bomJson, null, 2));
-    process.exit(0);
-}
-catch (error) {
-    console.error('Error creating SBOM', error.message);
-    process.exit(1);
-}