@herodevs/cli 2.0.0-beta.4 → 2.0.0-beta.5

package/dist/commands/scan/eol.js

@@ -1,153 +1,212 @@
-import fs from 'node:fs';
-import path from 'node:path';
-import { Command, Flags, ux } from '@oclif/core';
-import terminalLink from 'terminal-link';
-import { batchSubmitPurls } from "../../api/nes/nes.client.js";
+import { trimCdxBom } from '@herodevs/eol-shared';
+import { Command, Flags } from '@oclif/core';
+import ora from 'ora';
+import { submitScan } from "../../api/nes.client.js";
 import { config, filenamePrefix } from "../../config/constants.js";
-import { getErrorMessage, isErrnoException } from "../../service/error.svc.js";
-import { extractPurls, parsePurlsFile } from "../../service/purls.svc.js";
-import { INDICATORS, SCAN_ID_KEY, STATUS_COLORS } from "../../ui/shared.ui.js";
-import ScanSbom from "./sbom.js";
+import { track } from "../../service/analytics.svc.js";
+import { createSbom } from "../../service/cdx.svc.js";
+import { countComponentsByStatus, formatScanResults, formatWebReportUrl } from "../../service/display.svc.js";
+import { readSbomFromFile, saveReportToFile, saveSbomToFile, validateDirectory } from "../../service/file.svc.js";
+import { getErrorMessage } from "../../service/log.svc.js";
 export default class ScanEol extends Command {
-    static description = 'Scan a given sbom for EOL data';
+    static description = 'Scan a given SBOM for EOL data';
     static enableJsonFlag = true;
     static examples = [
-        '<%= config.bin %> <%= command.id %> --dir=./my-project',
-        '<%= config.bin %> <%= command.id %> --file=path/to/sbom.json',
-        '<%= config.bin %> <%= command.id %> --purls=path/to/purls.json',
-        '<%= config.bin %> <%= command.id %> -a --dir=./my-project',
+        { description: 'Default behavior (no command or flags specified)', command: '<%= config.bin %>' },
+        { description: 'Equivalent to', command: '<%= config.bin %> <%= command.id %> --dir .' },
+        {
+            description: 'Skip SBOM generation and specify an existing file',
+            command: '<%= config.bin %> <%= command.id %> --file /path/to/sbom.json',
+        },
+        {
+            description: 'Save the report or SBOM to a file',
+            command: '<%= config.bin %> <%= command.id %> --save --saveSbom',
+        },
+        {
+            description: 'Output the report in JSON format (for APIs, CI, etc.)',
+            command: '<%= config.bin %> <%= command.id %> --json',
+        },
     ];
     static flags = {
         file: Flags.string({
             char: 'f',
-            description: 'The file path of an existing cyclonedx sbom to scan for EOL',
-        }),
-        purls: Flags.string({
-            char: 'p',
-            description: 'The file path of a list of purls to scan for EOL',
+            description: 'The file path of an existing cyclonedx SBOM to scan for EOL',
+            exclusive: ['dir'],
         }),
         dir: Flags.string({
             char: 'd',
-            description: 'The directory to scan in order to create a cyclonedx sbom',
+            default: process.cwd(),
+            defaultHelp: async () => '<current directory>',
+            description: 'The directory to scan in order to create a cyclonedx SBOM',
+            exclusive: ['file'],
         }),
         save: Flags.boolean({
             char: 's',
             default: false,
             description: `Save the generated report as ${filenamePrefix}.report.json in the scanned directory`,
         }),
+        saveSbom: Flags.boolean({
+            aliases: ['save-sbom'],
+            default: false,
+            description: `Save the generated SBOM as ${filenamePrefix}.sbom.json in the scanned directory`,
+        }),
     };
     async run() {
         const { flags } = await this.parse(ScanEol);
-        const scan = await this.getScan(flags, this.config);
-        const components = Array.from(scan.components.values());
-        ux.action.stop();
+        track('CLI EOL Scan Started', (context) => ({
+            command: context.command,
+            command_flags: context.command_flags,
+            scan_location: flags.dir,
+        }));
+        const sbomStartTime = performance.now();
+        const sbom = await this.loadSbom();
+        const sbomEndTime = performance.now();
+        if (!flags.file) {
+            track('CLI SBOM Generated', (context) => ({
+                command: context.command,
+                command_flags: context.command_flags,
+                scan_location: flags.dir,
+                sbom_generation_time: (sbomEndTime - sbomStartTime) / 1000,
+            }));
+        }
+        if (!sbom.components?.length) {
+            track('CLI EOL Scan Ended, No Components Found', (context) => ({
+                command: context.command,
+                command_flags: context.command_flags,
+                scan_location: flags.dir,
+            }));
+            this.log('No components found in scan. Report not generated.');
+            return;
+        }
+        const scanStartTime = performance.now();
+        const scan = await this.scanSbom(sbom);
+        const scanEndTime = performance.now();
+        const componentCounts = countComponentsByStatus(scan);
+        track('CLI EOL Scan Completed', (context) => ({
+            command: context.command,
+            command_flags: context.command_flags,
+            eol_true_count: componentCounts.EOL,
+            eol_unknown_count: componentCounts.UNKNOWN,
+            nes_available_count: componentCounts.NES_AVAILABLE,
+            number_of_packages: componentCounts.TOTAL,
+            sbom_created: !flags.file,
+            scan_location: flags.dir,
+            scan_load_time: (scanEndTime - scanStartTime) / 1000,
+            scanned_ecosystems: componentCounts.ECOSYSTEMS,
+            web_report_link: scan.id ? `${config.eolReportUrl}/${scan.id}` : undefined,
+        }));
         if (flags.save) {
-            await this.saveReport(components, scan.createdOn);
+            const reportPath = this.saveReport(scan, flags.dir);
+            this.log(`Report saved to ${reportPath}`);
+            track('CLI JSON Scan Output Saved', (context) => ({
+                command: context.command,
+                command_flags: context.command_flags,
+                report_output_path: reportPath,
+            }));
+        }
+        if (flags.saveSbom && !flags.file) {
+            const sbomPath = this.saveSbom(flags.dir, sbom);
+            this.log(`SBOM saved to ${sbomPath}`);
+            track('CLI SBOM Output Saved', (context) => ({
+                command: context.command,
+                command_flags: context.command_flags,
+                sbom_output_path: sbomPath,
+            }));
         }
         if (!this.jsonEnabled()) {
-            this.displayResults(components);
-            if (scan.scanId) {
-                this.printWebReportUrl(scan.scanId);
-            }
-            this.log('* Use --json to output the report payload');
-            this.log(`* Use --save to save the report to ${filenamePrefix}.report.json`);
-            this.log('* Use --help for more commands or options');
+            this.displayResults(scan);
         }
-        return { components, createdOn: scan.createdOn ?? '' };
+        return scan;
     }
-    async getScan(flags, config) {
-        if (flags.purls) {
-            ux.action.start(`Scanning purls from ${flags.purls}`);
-            const purls = this.getPurlsFromFile(flags.purls);
-            return batchSubmitPurls(purls);
-        }
-        const sbom = await ScanSbom.loadSbom(flags, config);
-        return this.scanSbom(sbom);
+    async loadSbom() {
+        const { flags } = await this.parse(ScanEol);
+        const spinner = ora();
+        spinner.start(flags.file ? 'Loading SBOM file' : 'Generating SBOM');
+        const sbom = flags.file ? this.getSbomFromFile(flags.file) : await this.getSbomFromScan(flags.dir);
+        if (!sbom) {
+            spinner.fail(flags.file ? 'Failed to load SBOM file' : 'Failed to generate SBOM');
+            throw new Error('SBOM not generated');
+        }
+        spinner.succeed(flags.file ? 'Loaded SBOM file' : 'Generated SBOM');
+        return sbom;
     }
-    getPurlsFromFile(filePath) {
+    async scanSbom(sbom) {
+        const spinner = ora().start('Scanning for EOL packages');
         try {
-            const purlsFileString = fs.readFileSync(filePath, 'utf8');
-            return parsePurlsFile(purlsFileString);
+            const scan = await submitScan({ sbom: trimCdxBom(sbom) });
+            spinner.succeed('Scan completed');
+            return scan;
         }
         catch (error) {
-            this.error(`Failed to read purls file. ${getErrorMessage(error)}`);
+            spinner.fail('Scanning failed');
+            const errorMessage = getErrorMessage(error);
+            track('CLI EOL Scan Failed', (context) => ({
+                command: context.command,
+                command_flags: context.command_flags,
+                scan_location: context.scan_location,
+                scan_failure_reason: errorMessage,
+            }));
+            this.error(`Failed to submit scan to NES. ${errorMessage}`);
         }
     }
-    printWebReportUrl(scanId) {
-        this.log(ux.colorize('bold', '-'.repeat(40)));
-        const id = scanId.split(SCAN_ID_KEY)[1];
-        const reportCardUrl = config.eolReportUrl;
-        const url = ux.colorize('blue', terminalLink(new URL(reportCardUrl).hostname, `${reportCardUrl}/${id}`, { fallback: (_, url) => url }));
-        this.log(`🌐 View your full EOL report at: ${url}\n`);
-    }
-    async scanSbom(sbom) {
-        let scan;
-        let purls;
+    saveReport(report, dir) {
         try {
-            purls = await extractPurls(sbom);
+            return saveReportToFile(dir, report);
         }
         catch (error) {
-            this.error(`Failed to extract purls from sbom. ${getErrorMessage(error)}`);
+            const errorMessage = getErrorMessage(error);
+            track('CLI Error Encountered', () => ({ error: errorMessage }));
+            this.error(errorMessage);
         }
+    }
+    saveSbom(dir, sbom) {
         try {
-            scan = await batchSubmitPurls(purls);
+            return saveSbomToFile(dir, sbom);
         }
         catch (error) {
-            this.error(`Failed to submit scan to NES from sbom. ${getErrorMessage(error)}`);
+            const errorMessage = getErrorMessage(error);
+            track('CLI Error Encountered', () => ({ error: errorMessage }));
+            this.error(errorMessage);
         }
-        return scan;
     }
-    async saveReport(components, createdOn) {
-        const { flags } = await this.parse(ScanEol);
-        const reportPath = path.join(flags.dir || process.cwd(), `${filenamePrefix}.report.json`);
-        try {
-            fs.writeFileSync(reportPath, JSON.stringify({ components, createdOn }, null, 2));
-            this.log(`Report saved to ${filenamePrefix}.report.json`);
+    displayResults(report) {
+        const lines = formatScanResults(report);
+        for (const line of lines) {
+            this.log(line);
         }
-        catch (error) {
-            if (!isErrnoException(error)) {
-                this.error(`Failed to save report: ${getErrorMessage(error)}`);
-            }
-            if (error.code === 'EACCES') {
-                this.error(`Permission denied. Unable to save report to ${filenamePrefix}.report.json`);
-            }
-            else if (error.code === 'ENOSPC') {
-                this.error(`No space left on device. Unable to save report to ${filenamePrefix}.report.json`);
-            }
-            else {
-                this.error(`Failed to save report: ${getErrorMessage(error)}`);
+        if (report.id) {
+            const lines = formatWebReportUrl(report.id, config.eolReportUrl);
+            for (const line of lines) {
+                this.log(line);
             }
         }
+        this.log('* Use --json to output the report payload');
+        this.log(`* Use --save to save the report to ${filenamePrefix}.report.json`);
+        this.log('* Use --help for more commands or options');
     }
-    displayResults(components) {
-        const { UNKNOWN, OK, EOL_UPCOMING, EOL, NES_AVAILABLE } = countComponentsByStatus(components);
-        if (!UNKNOWN && !OK && !EOL_UPCOMING && !EOL) {
-            this.log(ux.colorize('yellow', 'No components found in scan.'));
-            return;
+    async getSbomFromScan(dirPath) {
+        try {
+            validateDirectory(dirPath);
+            const sbom = await createSbom(dirPath);
+            if (!sbom) {
+                this.error(`SBOM failed to generate for dir: ${dirPath}`);
+            }
+            return sbom;
+        }
+        catch (error) {
+            const errorMessage = getErrorMessage(error);
+            track('CLI Error Encountered', () => ({ error: errorMessage }));
+            this.error(`Failed to scan directory: ${errorMessage}`);
         }
-        this.log(ux.colorize('bold', 'Scan results:'));
-        this.log(ux.colorize('bold', '-'.repeat(40)));
-        this.log(ux.colorize('bold', `${components.length.toLocaleString()} total packages scanned`));
-        this.log(ux.colorize(STATUS_COLORS.EOL, `${INDICATORS.EOL} ${EOL.toLocaleString().padEnd(5)} End-of-Life (EOL)`));
-        this.log(ux.colorize(STATUS_COLORS.EOL_UPCOMING, `${INDICATORS.EOL_UPCOMING}${EOL_UPCOMING.toLocaleString().padEnd(5)} EOL Upcoming`));
-        this.log(ux.colorize(STATUS_COLORS.OK, `${INDICATORS.OK} ${OK.toLocaleString().padEnd(5)} OK`));
-        this.log(ux.colorize(STATUS_COLORS.UNKNOWN, `${INDICATORS.UNKNOWN} ${UNKNOWN.toLocaleString().padEnd(5)} Unknown Status`));
-        this.log(ux.colorize(STATUS_COLORS.UNKNOWN, `${INDICATORS.UNKNOWN} ${NES_AVAILABLE.toLocaleString().padEnd(5)} HeroDevs NES Remediation${NES_AVAILABLE !== 1 ? 's' : ''} Available`));
     }
-}
-export function countComponentsByStatus(components) {
-    const grouped = {
-        UNKNOWN: 0,
-        OK: 0,
-        EOL_UPCOMING: 0,
-        EOL: 0,
-        NES_AVAILABLE: 0,
-    };
-    for (const component of components) {
-        grouped[component.info.status]++;
-        if (component.info.nesAvailable) {
-            grouped.NES_AVAILABLE++;
+    getSbomFromFile(filePath) {
+        try {
+            return readSbomFromFile(filePath);
+        }
+        catch (error) {
+            const errorMessage = getErrorMessage(error);
+            track('CLI Error Encountered', () => ({ error: errorMessage }));
+            this.error(errorMessage);
         }
     }
-    return grouped;
 }

package/dist/config/constants.d.ts

@@ -1,10 +1,15 @@
-export declare const EOL_REPORT_URL = "https://eol-report-card.apps.herodevs.com/reports";
-export declare const GRAPHQL_HOST = "https://api.nes.herodevs.com";
+export declare const EOL_REPORT_URL = "https://apps.herodevs.com/eol/reports";
+export declare const GRAPHQL_HOST = "https://gateway.prod.apps.herodevs.io";
 export declare const GRAPHQL_PATH = "/graphql";
+export declare const ANALYTICS_URL = "https://apps.herodevs.com/api/eol/track";
+export declare const CONCURRENT_PAGE_REQUESTS = 3;
+export declare const PAGE_SIZE = 500;
 export declare const config: {
     eolReportUrl: string;
     graphqlHost: string;
     graphqlPath: string;
-    showVulnCount: boolean;
+    analyticsUrl: string;
+    concurrentPageRequests: number;
+    pageSize: number;
 };
 export declare const filenamePrefix = "herodevs";

package/dist/config/constants.js

@@ -1,10 +1,25 @@
-export const EOL_REPORT_URL = 'https://eol-report-card.apps.herodevs.com/reports';
-export const GRAPHQL_HOST = 'https://api.nes.herodevs.com';
+export const EOL_REPORT_URL = 'https://apps.herodevs.com/eol/reports';
+export const GRAPHQL_HOST = 'https://gateway.prod.apps.herodevs.io';
 export const GRAPHQL_PATH = '/graphql';
+export const ANALYTICS_URL = 'https://apps.herodevs.com/api/eol/track';
+export const CONCURRENT_PAGE_REQUESTS = 3;
+export const PAGE_SIZE = 500;
+let concurrentPageRequests = CONCURRENT_PAGE_REQUESTS;
+const parsed = Number.parseInt(process.env.CONCURRENT_PAGE_REQUESTS ?? '0', 10);
+if (parsed > 0) {
+    concurrentPageRequests = parsed;
+}
+let pageSize = PAGE_SIZE;
+const parsedPageSize = Number.parseInt(process.env.PAGE_SIZE ?? '0', 10);
+if (parsedPageSize > 0) {
+    pageSize = parsedPageSize;
+}
 export const config = {
     eolReportUrl: process.env.EOL_REPORT_URL || EOL_REPORT_URL,
     graphqlHost: process.env.GRAPHQL_HOST || GRAPHQL_HOST,
     graphqlPath: process.env.GRAPHQL_PATH || GRAPHQL_PATH,
-    showVulnCount: true,
+    analyticsUrl: process.env.ANALYTICS_URL || ANALYTICS_URL,
+    concurrentPageRequests,
+    pageSize,
 };
 export const filenamePrefix = 'herodevs';

package/dist/hooks/finally.d.ts

@@ -0,0 +1,3 @@
+import type { Hook } from '@oclif/core';
+declare const hook: Hook<'finally'>;
+export default hook;

package/dist/hooks/finally.js

@@ -0,0 +1,14 @@
+import ora from 'ora';
+import { track } from "../service/analytics.svc.js";
+const hook = async (opts) => {
+    const spinner = ora().start('Cleaning up');
+    const event = track('CLI Session Ended', (context) => ({
+        cli_version: context.cli_version,
+        ended_at: new Date(),
+    })).promise;
+    if (!opts.argv.includes('--help')) {
+        await event;
+    }
+    spinner.stop();
+};
+export default hook;

package/dist/hooks/prerun.js

@@ -1,5 +1,17 @@
+import { parseArgs } from 'node:util';
 import debug from 'debug';
+import { initializeAnalytics, track } from "../service/analytics.svc.js";
 const hook = async (opts) => {
+    const args = parseArgs({ allowPositionals: true, strict: false });
+    initializeAnalytics();
+    track('CLI Command Submitted', (context) => ({
+        command: args.positionals.join(' ').trim(),
+        command_flags: Object.entries(args.values).flat().join(' '),
+        app_used: context.app_used,
+        ci_provider: context.ci_provider,
+        cli_version: context.cli_version,
+        started_at: context.started_at,
+    }));
     // If JSON flag is enabled, silence debug logging
     if (opts.Command.prototype.jsonEnabled()) {
         debug.disable();

package/dist/service/analytics.svc.d.ts

@@ -0,0 +1,28 @@
+import { Types } from '@amplitude/analytics-node';
+interface AnalyticsContext {
+    locale?: string;
+    os_platform?: string;
+    os_release?: string;
+    started_at?: Date;
+    ended_at?: Date;
+    app_used?: string;
+    ci_provider?: string;
+    cli_version?: string;
+    command?: string;
+    command_flags?: string;
+    error?: string;
+    scan_location?: string;
+    eol_true_count?: number;
+    eol_unknown_count?: number;
+    nes_available_count?: number;
+    nes_remediation_count?: number;
+    number_of_packages?: number;
+    sbom_created?: boolean;
+    scan_load_time?: number;
+    scanned_ecosystems?: string[];
+    scan_failure_reason?: string;
+    web_report_link?: string;
+}
+export declare function initializeAnalytics(): void;
+export declare function track(event: string, getProperties?: (context: AnalyticsContext) => Partial<AnalyticsContext>): Types.AmplitudeReturn<Types.Result>;
+export {};

package/dist/service/analytics.svc.js

@@ -0,0 +1,112 @@
+import os from 'node:os';
+import { track as _track, Identify, identify, init, setOptOut, Types } from '@amplitude/analytics-node';
+import NodeMachineId from 'node-machine-id';
+import { config } from "../config/constants.js";
+const device_id = NodeMachineId.machineIdSync(true);
+const started_at = new Date();
+const session_id = started_at.getTime();
+const defaultAnalyticsContext = {
+    locale: Intl.DateTimeFormat().resolvedOptions().locale,
+    os_platform: os.platform(),
+    os_release: os.release(),
+    cli_version: process.env.npm_package_version ?? 'unknown',
+    ci_provider: getCIProvider(),
+    app_used: getTerminal(),
+    started_at,
+};
+let analyticsContext = defaultAnalyticsContext;
+export function initializeAnalytics() {
+    init('0', {
+        flushQueueSize: 2,
+        flushIntervalMillis: 250,
+        logLevel: Types.LogLevel.None,
+        serverUrl: config.analyticsUrl,
+    });
+    setOptOut(process.env.TRACKING_OPT_OUT === 'true');
+    identify(new Identify(), {
+        device_id,
+        platform: analyticsContext.os_platform,
+        os_name: getOSName(analyticsContext.os_platform ?? ''),
+        os_version: analyticsContext.os_release,
+        session_id,
+        app_version: analyticsContext.cli_version,
+    });
+}
+export function track(event, getProperties) {
+    const localContext = getProperties?.(analyticsContext);
+    if (localContext) {
+        analyticsContext = { ...analyticsContext, ...localContext };
+    }
+    return _track(event, localContext, { device_id, session_id });
+}
+function getCIProvider(env = process.env) {
+    if (env.GITHUB_ACTIONS)
+        return 'github';
+    if (env.GITLAB_CI)
+        return 'gitlab';
+    if (env.CIRCLECI)
+        return 'circleci';
+    if (env.TF_BUILD)
+        return 'azure';
+    if (env.BITBUCKET_COMMIT || env.BITBUCKET_BUILD_NUMBER)
+        return 'bitbucket';
+    if (env.JENKINS_URL)
+        return 'jenkins';
+    if (env.BUILDKITE)
+        return 'buildkite';
+    if (env.TRAVIS)
+        return 'travis';
+    if (env.TEAMCITY_VERSION)
+        return 'teamcity';
+    if (env.CODEBUILD_BUILD_ID)
+        return 'codebuild';
+    if (env.CI)
+        return 'unknown_ci';
+    return undefined;
+}
+function getTerminal(env = process.env) {
+    if (env.TERM_PROGRAM === 'vscode' || env.VSCODE_PID)
+        return 'vscode';
+    if (env.TERM_PROGRAM === 'iTerm.app' || env.ITERM_SESSION_ID)
+        return 'iterm';
+    if (env.TERM_PROGRAM === 'Apple_Terminal')
+        return 'apple_terminal';
+    if (env.TERM_PROGRAM === 'WarpTerminal' || env.WARP_IS_LOCAL_SHELL_SESSION)
+        return 'warp';
+    if (env.TERM_PROGRAM === 'ghostty' || env.GHOSTTY_RESOURCES_DIR || env.GHOSTTY_CONFIG_DIR)
+        return 'ghostty';
+    if (env.TERM_PROGRAM === 'WezTerm' || env.WEZTERM_EXECUTABLE || env.WEZTERM_PANE)
+        return 'wezterm';
+    if (env.TERM === 'alacritty' || env.ALACRITTY_LOG || env.ALACRITTY_SOCKET)
+        return 'alacritty';
+    if (env.TERM === 'xterm-kitty' || env.KITTY_WINDOW_ID)
+        return 'kitty';
+    if (env.WT_SESSION || env.WT_PROFILE_ID)
+        return 'windows_terminal';
+    if (env.ConEmuPID || env.ConEmuDir || env.CONEMU_BUILD)
+        return 'conemu';
+    if (env.TERM_PROGRAM === 'mintty' || env.MINTTY_SHORTCUT)
+        return 'mintty';
+    if (env.TILIX_ID)
+        return 'tilix';
+    if (env.GNOME_TERMINAL_SCREEN || env.GNOME_TERMINAL_SERVICE || env.VTE_VERSION)
+        return 'gnome';
+    if (env.KONSOLE_VERSION)
+        return 'konsole';
+    if (env.TERM_PROGRAM === 'Hyper')
+        return 'hyper';
+    return 'unknown_terminal';
+}
+function getOSName(platform) {
+    if (platform === 'darwin')
+        return 'macOS';
+    if (platform === 'win32')
+        return 'Windows';
+    if (platform === 'linux')
+        return 'Linux';
+    if (platform === 'android')
+        return 'Android';
+    if (platform === 'ios')
+        return 'iOS';
+    return platform;
+}

package/dist/service/{eol/cdx.svc.d.ts → cdx.svc.d.ts}

@@ -1,18 +1,4 @@
-import type { CdxGenOptions } from './eol.svc.ts';
-export interface SbomDependency {
-    ref: string;
-    dependsOn: string[];
-}
-export interface SbomEntry {
-    group: string;
-    name: string;
-    purl: string;
-    version: string;
-}
-export interface Sbom {
-    components: SbomEntry[];
-    dependencies: SbomDependency[];
-}
+import type { CdxBom } from '@herodevs/eol-shared';
 export declare const SBOM_DEFAULT__OPTIONS: {
     $0: string;
     _: never[];
@@ -44,6 +30,7 @@ export declare const SBOM_DEFAULT__OPTIONS: {
     o: string;
     output: string;
     outputFormat: string;
+    author: string[];
     profile: string;
     project: undefined;
     'project-version': string;
@@ -61,6 +48,11 @@ export declare const SBOM_DEFAULT__OPTIONS: {
     skipDtTlsCheck: boolean;
     'spec-version': number;
     specVersion: number;
+    tools: {
+        name: string;
+        publisher: string;
+        version: string;
+    }[];
     'usages-slices-file': string;
     usagesSlicesFile: string;
     validate: boolean;
@@ -69,4 +61,4 @@ export declare const SBOM_DEFAULT__OPTIONS: {
  * Lazy loads cdxgen (for ESM purposes), scans
  * `directory`, and returns the `bomJson` property.
  */
-export declare function createBomFromDir(directory: string, opts?: CdxGenOptions): Promise<any>;
+export declare function createSbom(directory: string): Promise<CdxBom>;

package/dist/service/{eol/cdx.svc.js → cdx.svc.js}

@@ -1,5 +1,6 @@
 import { createBom } from '@cyclonedx/cdxgen';
-import { debugLogger } from "../../service/log.svc.js";
+import { debugLogger } from "./log.svc.js";
+const author = process.env.npm_package_author ?? 'HeroDevs, Inc.';
 export const SBOM_DEFAULT__OPTIONS = {
     $0: 'cdxgen',
     _: [],
@@ -23,8 +24,8 @@ export const SBOM_DEFAULT__OPTIONS = {
     includeFormulation: false,
     'no-install-deps': true,
     noInstallDeps: true,
-    'min-confidence': 0,
-    minConfidence: 0,
+    'min-confidence': 1,
+    minConfidence: 1,
     multiProject: true,
     'no-banner': false,
     noBabel: false,
@@ -32,7 +33,7 @@ export const SBOM_DEFAULT__OPTIONS = {
     o: 'bom.json',
     output: 'bom.json',
     outputFormat: 'json', // or "xml"
-    // author: ['OWASP Foundation'],
+    author: [author],
     profile: 'generic',
     project: undefined,
     'project-version': '',
@@ -50,6 +51,13 @@ export const SBOM_DEFAULT__OPTIONS = {
     skipDtTlsCheck: true,
     'spec-version': 1.6,
     specVersion: 1.6,
+    tools: [
+        {
+            name: '@herodevs/cli',
+            publisher: author,
+            version: process.env.npm_package_version ?? 'unknown',
+        },
+    ],
     'usages-slices-file': 'usages.slices.json',
     usagesSlicesFile: 'usages.slices.json',
     validate: true,
@@ -58,8 +66,10 @@ export const SBOM_DEFAULT__OPTIONS = {
  * Lazy loads cdxgen (for ESM purposes), scans
  * `directory`, and returns the `bomJson` property.
  */
-export async function createBomFromDir(directory, opts = {}) {
-    const sbom = await createBom(directory, { ...SBOM_DEFAULT__OPTIONS, ...opts });
+export async function createSbom(directory) {
+    const sbom = await createBom(directory, SBOM_DEFAULT__OPTIONS);
+    if (!sbom)
+        throw new Error('SBOM not generated');
     debugLogger('Successfully generated SBOM');
-    return sbom?.bomJson;
+    return sbom.bomJson;
 }