@mongodb-js/sbom-tools 0.2.2 → 0.3.0

package/README.md

@@ -1,3 +1,226 @@
 # @mongodb-js/sbom-tools
 
 Utilities to generate sbom reports for webpack bundles.
+
+## Reporting of 3rd party vulnerabilities and licenses
+
+This package exports `WebpackDependenciesPlugin`, a shared webpack plugin that reports bundled dependencies and licenses as a json file for each bundle.
+
+And exposes a `mongodb-sbom-tools` binary providing the following commands:
+
+- `generate-vulnerability-report`: Generates a report of vulnerabilities from the output of snyk test and a dependencies json file containing all the dependencies.
+- `generate-3rd-party-notices`: Generates a 3rd party notices file based on the licenses information collected by the WebpackDependenciesPlugin. Also validates the licenses.
+- `scan-node-js`: A script to produce a list of vulnerabilities affecting a Node.js version in the same format as snyk test (useful as we are redistributing Node.js with mongosh).
+
+### `WebpackDependenciesPlugin`
+
+This plugin taps in the webpack compilation, collects the modules from 3rd party dependencies as they are resolved and writes an output file containing metadata about dependencies and licenses included in the bundle. The plugin ignores dependencies that are removed from the bundle via resolve: `{alias: {<dependency>: false}}`.
+
+Setting `includeExternalProductionDependencies` to true the plugin will also include recursively any production and optional dependencies listed in the `package.json`, regardless of their inclusion in the bundle.
+
+#### Usage
+
+```js
+// webpack.config.js
+
+const webpackDependenciesPlugin = new WebpackDependenciesPlugin({
+  outputFilename: 'dependencies.json',
+  includePackages: ['electron'],
+  includeExternalProductionDependencies: true,
+ });
+
+
+module.exports = { ..., plugins: [buildInfoPlugin] }
+```
+
+**Example Output**
+
+```json
+dependencies.json
+
+[{
+  "name": "@aws-sdk/client-cognito-identity",
+  "version": "3.267.0",
+  "name": "@aws-sdk/client-cognito-identity",
+  "version": "3.321.1",
+  "license": "Apache-2.0",
+  "path": ".../node_modules/@aws-sdk/client-cognito-identity",
+  "licenseFiles": [
+     {
+       "filename": "LICENSE",
+       "content": "..."
+     }
+  ]
+}, ...]
+```
+
+### `generate-vulnerability-report` command
+
+Outputs a markdown report of vulnerabilities given one or more `dependencies.json` files and the output of one or more multiple `snyk test`.
+
+#### Usage
+
+```
+Usage: bin generate-vulnerability-report [options]
+
+Generate vulnerabilities report
+
+Options:
+  --dependencies <paths>     Comma-separated list of dependency files (default: [])
+  --snyk-reports <paths>         Comma-separated list of snyk
+result files (default: [])
+  --fail-on [level]              Fail on the specified severity
+level
+
+  -h, --help                     display help for command
+```
+
+**Example output:**
+
+```md
+| dep@version  | id                    | score        | fixed in | origin               | ignored |
+| ------------ | --------------------- | ------------ | -------- | -------------------- | ------- |
+| jquery@2.2.4 | SNYK-JS-JQUERY-567880 | 6.5 (Medium) | 3.5.0    | -                    |
+| got@10.7.0   | SNYK-JS-GOT-2932019   | 5.4 (Medium) | 11.8.5   | Ignored. Reason: ... |
+```
+
+#### Ignored vulnerabilities
+
+The `generate-vulnerability-report` command must run from a directory containing a `.snyk` policy file. The Snyk’s policy rules are applied to determine if a vulnerability must be reported as ignored or not.
+
+Ignored vulnerabilities won’t cause the report to fail with an error when `--fail-on` is specified.
+
+#### Fail on
+
+`--fail-on` configures the command to fail with an error if the report contains a vulnerability that:
+
+- Does not have a known severity
+- Has a score greater or equal to the specified severity
+- Is not ignored
+- Has a know remediation path (the “fixed in” column is not empty)
+
+### `generate-3rd-party-notices` command
+
+Takes one or more dependencies.json files and generates a markdown report for 3rd party licenses. Validates that licenses are among the list of allowed licenses.
+
+When the command encounters a package with a license that is not allowed, the generation breaks. False positives can be ignored by excluding or overriding the license for specific packages or organizations.
+
+The following licenses are allowed:
+
+- `MIT`
+- `0BSD`
+- `BSD-2-Clause`
+- `BSD-3-Clause`
+- `BSD-4-Clause`
+- `Apache-2.0`
+- `ISC`
+- `CC-BY-4.0`
+- `WTFPL`
+- `OFL-1.1`
+- `Unlicense`
+
+The validation can be tweaked with a configuration file (by default `${cwd}/licenses.json`). The configuration allows ignoring certain orgs and packages, and overriding licenses for specific dependencies.
+
+Overrides and excluded packages are checked for existence inside the `dependencies.json` in order to avoid forgetting exceptions on removed dependencies.
+
+#### Usage
+
+```
+Usage: bin generate-3rd-party-notices [options]
+
+Generate third-party notices
+
+Options:
+  --product <productName>  Product name
+  --config [config]        Path of the configuration file (default:
+                           "licenses.json")
+  --dependencies <paths>   Comma-separated list of dependency files
+                           (default: [])
+  -h, --help               display help for command
+```
+
+**Example config:**
+
+```json
+{
+  // remove orgs and packages from the report
+  "ignoredOrgs": ["@mongodb-js", "@leafygreen-ui", "@mongosh"],
+  "ignoredPackages": ["package1"],
+  // include packages in the report, just skip validation
+  "doNotValidatePackages": ["package2"],
+  "additionalAllowedLicenses": ["PYTHON-2.0"],
+  "licenseOverrides": {
+    "@segment/loosely-validate-event@2.0.0": "MIT",
+    "component-event@0.1.4": "MIT",
+    "delegate-events@1.1.1": "MIT",
+    "events-mixin@1.3.0": "MIT",
+    "sprintf@0.1.3": "BSD-3-Clause"
+  }
+}
+```
+
+**Example output:**
+
+```md
+The following third-party software is used by and included in **Mongodb Compass**.
+This document was automatically generated on Sun May 14 2023.
+
+## List of dependencies
+
+| Package                                                                                                   | Version | License    |
+| --------------------------------------------------------------------------------------------------------- | ------- | ---------- |
+| **[@aws-sdk/client-cognito-identity](#5416a8cf83b6af5965b709a5538b4b4590f0a081e36cbd99a1af945d73034f1a)** | 3.321.1 | Apache-2.0 |
+
+...
+
+## Package details
+
+<a id="5416a8cf83b6af5965b709a5538b4b4590f0a081e36cbd99a1af945d73034f1a"></a>
+
+### [@aws-sdk/client-cognito-identity](https://www.npmjs.com/package/@aws-sdk/client-cognito-identity) (version 3.321.1)
+
+License tags: Apache-2.0
+
+License files:
+
+- LICENSE:
+
+                                      Apache License
+                                 Version 2.0, January 2004
+                              http://www.apache.org/licenses/
+
+         TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+...
+```
+
+### Scan-node-js command
+
+This command scans a Node.js version for known vulnerabilities and produces a report that is conforming to the snyk test output format and can be used with `generate-vulnerability-report`.
+
+`scan-node-js` fails with an error if the Node.js version is not officially supported anymore. Otherwise it builds a list of vulnerability scanning the database published by the Node.js `security-wg` https://raw.githubusercontent.com/nodejs/security-wg/main/vuln/core/index.json, and enriching it with cvss from the nvd.nist.gov database.
+
+The output reports vulnerabilities as they would have been found in a “fake” `.node.js` npm package, with the recommended `NSWG-COR-*`. That is useful in conjunction with `generate-vulnerability-report` as it allows the use of the same policies for ignoring vulnerabilities and includes Node.js in the report as any other package.
+
+#### Usage
+
+```
+Usage: bin scan-node-js [options]
+
+Scan node.js version for known vulnerabilities
+
+Options:
+  --version <version>  Path to the node.js security-wg core
+ database of vulnerabilities
+  -h, --help           display help for command
+```
+
+Use in conjunction with generate-vulnerability-report:
+
+```sh
+echo '[{name: ".node.js", version:"'"$NODE_JS_VERSION"'"}]' > node-js-dep.json
+mongodb-sbom-tools scan-node-js --version=$NODE_JS_VERSION > node-js-vuln.json
+
+mongodb-sbom-tools generate-vulnerability-report
+--dependencies=node-js-vuln.json --snyk-report=node-js-vuln.json
+```

package/bin/mongodb-sbom-tools.js

@@ -1,3 +1,4 @@
 #!/usr/bin/env node
 
-require('../dist/bin.js');
+const { main } = require('../dist/bin.js');
+main(process.argv);

package/dist/bin.d.ts

@@ -1,2 +1,2 @@
-export {};
+export declare function main(argv: string[]): void;
 //# sourceMappingURL=bin.d.ts.map

package/dist/bin.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"bin.d.ts","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":""}
+{"version":3,"file":"bin.d.ts","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":"AAKA,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,IAAI,CAKzC"}

package/dist/bin.js

@@ -1,46 +1,15 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.main = void 0;
 const commander_1 = require("commander");
 const generate_third_party_notices_1 = require("./commands/generate-third-party-notices");
 const generate_vulnerability_report_1 = require("./commands/generate-vulnerability-report");
 const scan_node_js_1 = require("./commands/scan-node-js");
-function commaSeparatedList(value) {
-    return value.split(',');
+function main(argv) {
+    commander_1.program.addCommand(generate_vulnerability_report_1.command);
+    commander_1.program.addCommand(generate_third_party_notices_1.command);
+    commander_1.program.addCommand(scan_node_js_1.command);
+    commander_1.program.parse(argv);
 }
-commander_1.program
-    .command('generate-vulnerability-report')
-    .description('Generate vulnerabilities report')
-    .option('--dependencies <paths>', 'Comma-separated list of dependency files', commaSeparatedList, [])
-    .option('--snyk-reports <paths>', 'Comma-separated list of snyk result files', commaSeparatedList, [])
-    .option('--fail-on [level]', 'Fail on the specified severity level')
-    .action(async (options) => {
-    await (0, generate_vulnerability_report_1.generateVulnerabilityReport)({
-        dependencyFiles: options.dependencies,
-        snykReports: options.snykReports,
-        failOn: options.failOn,
-    });
-});
-commander_1.program
-    .command('generate-3rd-party-notices')
-    .description('Generate third-party notices')
-    .option('--product <productName>', 'Product name')
-    .option('--config [config]', 'Path of the configuration file', 'licenses.json')
-    .option('--dependencies <paths>', 'Comma-separated list of dependency files', commaSeparatedList, [])
-    .action(async (options) => {
-    await (0, generate_third_party_notices_1.generate3rdPartyNotices)({
-        productName: options.product,
-        dependencyFiles: options.dependencies,
-        configPath: options.config,
-    });
-});
-commander_1.program
-    .command('scan-node-js')
-    .description('Scan node.js version for known vulnerabilities')
-    .option('--version <version>', 'Path to the node.js security-wg core database of vulnerabilities')
-    .action(async (options) => {
-    await (0, scan_node_js_1.scanNodeJs)({
-        version: options.version,
-    });
-});
-commander_1.program.parse(process.argv);
+exports.main = main;
 //# sourceMappingURL=bin.js.map

package/dist/bin.js.map

@@ -1 +1 @@
-{"version":3,"file":"bin.js","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":";;AAAA,yCAAoC;AACpC,0FAAkF;AAClF,4FAAuF;AACvF,0DAAqD;AAErD,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAED,mBAAO;KACJ,OAAO,CAAC,+BAA+B,CAAC;KACxC,WAAW,CAAC,iCAAiC,CAAC;KAC9C,MAAM,CACL,wBAAwB,EACxB,0CAA0C,EAC1C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CACL,wBAAwB,EACxB,2CAA2C,EAC3C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CAAC,mBAAmB,EAAE,sCAAsC,CAAC;KACnE,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,IAAA,2DAA2B,EAAC;QAChC,eAAe,EAAE,OAAO,CAAC,YAAY;QACrC,WAAW,EAAE,OAAO,CAAC,WAAW;QAChC,MAAM,EAAE,OAAO,CAAC,MAAM;KACvB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,4BAA4B,CAAC;KACrC,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,yBAAyB,EAAE,cAAc,CAAC;KACjD,MAAM,CACL,mBAAmB,EACnB,gCAAgC,EAChC,eAAe,CAChB;KACA,MAAM,CACL,wBAAwB,EACxB,0CAA0C,EAC1C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,IAAA,sDAAuB,EAAC;QAC5B,WAAW,EAAE,OAAO,CAAC,OAAO;QAC5B,eAAe,EAAE,OAAO,CAAC,YAAY;QACrC,UAAU,EAAE,OAAO,CAAC,MAAM;KAC3B,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,mBAAO;KACJ,OAAO,CAAC,cAAc,CAAC;KACvB,WAAW,CAAC,gDAAgD,CAAC;KAC7D,MAAM,CACL,qBAAqB,EACrB,kEAAkE,CACnE;KACA,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,IAAA,yBAAU,EAAC;QACf,OAAO,EAAE,OAAO,CAAC,OAAO;KACzB,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEL,mBAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}
+{"version":3,"file":"bin.js","sourceRoot":"","sources":["../src/bin.ts"],"names":[],"mappings":";;;AAAA,yCAAoC;AACpC,0FAA6F;AAC7F,4FAAkG;AAClG,0DAAgE;AAEhE,SAAgB,IAAI,CAAC,IAAc;IACjC,mBAAO,CAAC,UAAU,CAAC,uCAA2B,CAAC,CAAC;IAChD,mBAAO,CAAC,UAAU,CAAC,sCAAuB,CAAC,CAAC;IAC5C,mBAAO,CAAC,UAAU,CAAC,sBAAU,CAAC,CAAC;IAC/B,mBAAO,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC;AALD,oBAKC"}

package/dist/commands/generate-third-party-notices.d.ts

@@ -1,8 +1,11 @@
 import type { Package } from '../get-package-info';
+import { Command } from 'commander';
 export declare function printLicenseInformation(productName: string, packages: Package[]): string;
-export declare function generate3rdPartyNotices({ productName, dependencyFiles, configPath, }: {
+export declare function generate3rdPartyNotices({ productName, dependencyFiles, configPath, printResult, }: {
     productName: string;
     dependencyFiles: string[];
     configPath?: string;
+    printResult?: (result: string) => void;
 }): Promise<void>;
+export declare const command: Command;
 //# sourceMappingURL=generate-third-party-notices.d.ts.map

package/dist/commands/generate-third-party-notices.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generate-third-party-notices.d.ts","sourceRoot":"","sources":["../../src/commands/generate-third-party-notices.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AA6LnD,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,OAAO,EAAE,GAClB,MAAM,CAuDR;AAyCD,wBAAsB,uBAAuB,CAAC,EAC5C,WAAW,EACX,eAAe,EACf,UAAU,GACX,EAAE;IACD,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB,GAAG,OAAO,CAAC,IAAI,CAAC,CAQhB"}
+{"version":3,"file":"generate-third-party-notices.d.ts","sourceRoot":"","sources":["../../src/commands/generate-third-party-notices.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAC;AAEnD,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAoHpC,wBAAgB,uBAAuB,CACrC,WAAW,EAAE,MAAM,EACnB,QAAQ,EAAE,OAAO,EAAE,GAClB,MAAM,CAuDR;AAmDD,wBAAsB,uBAAuB,CAAC,EAC5C,WAAW,EACX,eAAe,EACf,UAAU,EACV,WAAW,GACZ,EAAE;IACD,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC,GAAG,OAAO,CAAC,IAAI,CAAC,CAShB;AAMD,eAAO,MAAM,OAAO,SAoBhB,CAAC"}

package/dist/commands/generate-third-party-notices.js

@@ -3,13 +3,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.generate3rdPartyNotices = exports.printLicenseInformation = void 0;
+exports.command = exports.generate3rdPartyNotices = exports.printLicenseInformation = void 0;
 const crypto_1 = __importDefault(require("crypto"));
 const spdx_satisfies_1 = __importDefault(require("spdx-satisfies"));
-const find_up_1 = __importDefault(require("find-up"));
 const fs_1 = require("fs");
 const load_dependency_files_1 = require("../load-dependency-files");
-const cross_spawn_1 = __importDefault(require("cross-spawn"));
+const commander_1 = require("commander");
 const ALLOWED_LICENSES = [
     'MIT',
     '0BSD',
@@ -23,38 +22,18 @@ const ALLOWED_LICENSES = [
     'OFL-1.1',
     'Unlicense',
 ];
-function checkOverrides(packagesToCheck, packageLockJson) {
-    const allDepsInLock = new Set();
-    const traverseDependencies = (dependencies) => {
-        for (const packageName in dependencies) {
-            const packageInfo = dependencies[packageName];
-            allDepsInLock.add(`${packageName}@${packageInfo.version}`);
-            if (packageInfo.dependencies) {
-                traverseDependencies(packageInfo.dependencies);
-            }
-        }
-    };
-    traverseDependencies(packageLockJson.dependencies);
+function checkOverrides(packagesToCheck, dependencies) {
+    const depsSet = new Set(dependencies.map(({ name, version }) => `${name}@${version}`));
     for (const packageName of packagesToCheck) {
-        if (!allDepsInLock.has(packageName)) {
-            throw new Error(`The package "${packageName}" is not installed, please remove it from the configured ignoredPackages or licenseOverrides.`);
+        if (!depsSet.has(packageName)) {
+            throw new Error(`The package "${packageName}" is not appearing in the dependencies, please remove it from the configured ignoredPackages or licenseOverrides.`);
         }
     }
 }
-async function readPackageLock() {
-    const packageLockJsonPath = await (0, find_up_1.default)('package-lock.json');
-    if (packageLockJsonPath) {
-        const packageLock = JSON.parse(await fs_1.promises.readFile(packageLockJsonPath, 'utf-8'));
-        if (packageLock.lockfileVersion !== 2) {
-            throw new Error('Invalid package-lock.json version: !== 2');
-        }
-        return { path: packageLockJsonPath, content: packageLock };
-    }
-}
 function id(pkg) {
     return crypto_1.default
         .createHash('sha256')
-        .update(`${pkg.name}@${pkg.version}`)
+        .update(packageNameAndVersion(pkg))
         .digest('hex');
 }
 function normalizeLicenseProperty(license) {
@@ -85,8 +64,8 @@ function licenseSpdx(pkg) {
 function indent(input, depth) {
     return input.replace(/^/gm, ' '.repeat(depth));
 }
-function validatePackage(pkg) {
-    return ALLOWED_LICENSES.some((allowedLicense) => {
+function validatePackage(pkg, config) {
+    return [...ALLOWED_LICENSES, ...config.additionalAllowedLicenses].some((allowedLicense) => {
         const spdx = licenseSpdx(pkg);
         try {
             return (0, spdx_satisfies_1.default)(allowedLicense, spdx);
@@ -96,41 +75,20 @@ function validatePackage(pkg) {
         }
     });
 }
-function getMonorepoPackages(packageLock) {
-    var _a, _b;
-    if (!((_b = (_a = packageLock === null || packageLock === void 0 ? void 0 : packageLock.packages) === null || _a === void 0 ? void 0 : _a[''].workspaces) === null || _b === void 0 ? void 0 : _b.length)) {
-        return [];
-    }
-    const output = cross_spawn_1.default.sync('npm', ['query', '.workspace'], {
-        encoding: 'utf-8',
-    });
-    if (output.error) {
-        console.error('Error executing command:', output.error);
-        process.exit(1);
-    }
-    const packages = JSON.parse(output.stdout);
-    return packages.map((pkg) => `${pkg.name}@${pkg.version}`);
-}
 async function readConfig(configPath) {
     var _a, _b, _c, _d, _e;
-    const packageLock = await readPackageLock();
-    const monorepoPackages = getMonorepoPackages(packageLock === null || packageLock === void 0 ? void 0 : packageLock.content);
     const originalConfig = JSON.parse(await fs_1.promises.readFile(configPath, 'utf-8'));
-    if (packageLock === null || packageLock === void 0 ? void 0 : packageLock.content) {
-        checkOverrides([
-            ...((_a = originalConfig.ignoredPackages) !== null && _a !== void 0 ? _a : []),
-            ...Object.keys((_b = originalConfig.licenseOverrides) !== null && _b !== void 0 ? _b : {}),
-        ], packageLock.content);
-    }
     return Promise.resolve({
-        ignoredOrgs: [...((_c = originalConfig.ignoredOrgs) !== null && _c !== void 0 ? _c : [])],
-        ignoredPackages: [
-            ...((_d = originalConfig.ignoredPackages) !== null && _d !== void 0 ? _d : []),
-            ...(monorepoPackages !== null && monorepoPackages !== void 0 ? monorepoPackages : []),
+        ignoredOrgs: [...((_a = originalConfig.ignoredOrgs) !== null && _a !== void 0 ? _a : [])],
+        ignoredPackages: [...((_b = originalConfig.ignoredPackages) !== null && _b !== void 0 ? _b : [])],
+        licenseOverrides: { ...((_c = originalConfig.licenseOverrides) !== null && _c !== void 0 ? _c : {}) },
+        doNotValidatePackages: [...((_d = originalConfig.doNotValidatePackages) !== null && _d !== void 0 ? _d : [])],
+        additionalAllowedLicenses: [
+            ...((_e = originalConfig.additionalAllowedLicenses) !== null && _e !== void 0 ? _e : []),
         ],
-        licenseOverrides: { ...((_e = originalConfig.licenseOverrides) !== null && _e !== void 0 ? _e : {}) },
     });
 }
+const packageNameAndVersion = (pkg) => `${pkg.name}@${pkg.version}`;
 function printLicenseInformation(productName, packages) {
     var _a, _b;
     let output = `\
@@ -182,34 +140,56 @@ ${packages
     return output;
 }
 exports.printLicenseInformation = printLicenseInformation;
-function validatePackages(packages) {
-    const invalidPackages = packages.filter((pkg) => !validatePackage(pkg));
+function validatePackages(packages, config) {
+    const invalidPackages = packages
+        .filter((pkg) => !config.doNotValidatePackages.includes(packageNameAndVersion(pkg)))
+        .filter((pkg) => !validatePackage(pkg, config));
     if (invalidPackages.length) {
-        console.error(`Generation failed, found ${invalidPackages.length} invalid packages:`);
-        for (const pkg of invalidPackages) {
-            console.error(`${pkg.name}@${pkg.version}:`, licenseSpdx(pkg));
-        }
-        process.exit(1);
+        throw new Error([
+            `Generation failed, found ${invalidPackages.length} invalid packages:`,
+            ...invalidPackages.map((pkg) => `- ${pkg.name}@${pkg.version}: ${licenseSpdx(pkg)}`),
+        ].join('\n'));
     }
 }
-async function loadPackages(dependencyFiles, config) {
-    return (await (0, load_dependency_files_1.loadDependencyFiles)(dependencyFiles))
+function applyConfig(dependencies, config) {
+    checkOverrides([
+        ...config.ignoredPackages,
+        ...config.doNotValidatePackages,
+        ...Object.keys(config.licenseOverrides),
+    ], dependencies);
+    return dependencies
         .filter((pkg) => !(config.ignoredOrgs || []).some((org) => pkg.name.startsWith(org + '/')))
-        .filter((pkg) => !(config.ignoredPackages || []).includes(`${pkg.name}@${pkg.version}`))
+        .filter((pkg) => !(config.ignoredPackages || []).includes(packageNameAndVersion(pkg)))
         .map((pkg) => {
         var _a;
         return ({
             ...pkg,
-            license: (_a = (config.licenseOverrides || {})[`${pkg.name}@${pkg.version}`]) !== null && _a !== void 0 ? _a : pkg.license,
+            license: (_a = (config.licenseOverrides || {})[packageNameAndVersion(pkg)]) !== null && _a !== void 0 ? _a : pkg.license,
         });
     });
 }
-async function generate3rdPartyNotices({ productName, dependencyFiles, configPath, }) {
+async function generate3rdPartyNotices({ productName, dependencyFiles, configPath, printResult, }) {
     const config = await readConfig(configPath !== null && configPath !== void 0 ? configPath : 'licenses.json');
-    const packages = await loadPackages(dependencyFiles, config);
-    validatePackages(packages);
+    const allPackages = await (0, load_dependency_files_1.loadDependencyFiles)(dependencyFiles);
+    const packages = applyConfig(allPackages, config);
+    validatePackages(packages, config);
     const markdown = printLicenseInformation(productName, packages);
-    console.info(markdown);
+    (printResult !== null && printResult !== void 0 ? printResult : console.info)(markdown);
 }
 exports.generate3rdPartyNotices = generate3rdPartyNotices;
+function commaSeparatedList(value) {
+    return value.split(',');
+}
+exports.command = new commander_1.Command('generate-3rd-party-notices')
+    .description('Generate third-party notices')
+    .option('--product <productName>', 'Product name')
+    .option('--config [config]', 'Path of the configuration file', 'licenses.json')
+    .option('--dependencies <paths>', 'Comma-separated list of dependency files', commaSeparatedList, [])
+    .action(async (options) => {
+    await generate3rdPartyNotices({
+        productName: options.product,
+        dependencyFiles: options.dependencies,
+        configPath: options.config,
+    });
+});
 //# sourceMappingURL=generate-third-party-notices.js.map

package/dist/commands/generate-third-party-notices.js.map

@@ -1 +1 @@
-{"version":3,"file":"generate-third-party-notices.js","sourceRoot":"","sources":["../../src/commands/generate-third-party-notices.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,oEAA2C;AAC3C,sDAA6B;AAC7B,2BAAoC;AAGpC,oEAA+D;AAC/D,8DAAqC;AAsBrC,MAAM,gBAAgB,GAAG;IACvB,KAAK;IACL,MAAM;IACN,cAAc;IACd,cAAc;IACd,cAAc;IACd,YAAY;IACZ,KAAK;IACL,WAAW;IACX,OAAO;IACP,SAAS;IACT,WAAW;CACZ,CAAC;AAEF,SAAS,cAAc,CACrB,eAAyB,EACzB,eAAgC;IAEhC,MAAM,aAAa,GAAG,IAAI,GAAG,EAAE,CAAC;IAChC,MAAM,oBAAoB,GAAG,CAC3B,YAA6C,EAC7C,EAAE;QACF,KAAK,MAAM,WAAW,IAAI,YAAY,EAAE;YACtC,MAAM,WAAW,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;YAC9C,aAAa,CAAC,GAAG,CAAC,GAAG,WAAW,IAAI,WAAW,CAAC,OAAO,EAAE,CAAC,CAAC;YAE3D,IAAI,WAAW,CAAC,YAAY,EAAE;gBAC5B,oBAAoB,CAAC,WAAW,CAAC,YAAY,CAAC,CAAC;aAChD;SACF;IACH,CAAC,CAAC;IAEF,oBAAoB,CAAC,eAAe,CAAC,YAAY,CAAC,CAAC;IAEnD,KAAK,MAAM,WAAW,IAAI,eAAe,EAAE;QACzC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;YACnC,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,+FAA+F,CAC3H,CAAC;SACH;KACF;AACH,CAAC;AAED,KAAK,UAAU,eAAe;IAG5B,MAAM,mBAAmB,GAAG,MAAM,IAAA,iBAAM,EAAC,mBAAmB,CAAC,CAAC;IAE9D,IAAI,mBAAmB,EAAE;QACvB,MAAM,WAAW,GAAoB,IAAI,CAAC,KAAK,CAC7C,MAAM,aAAE,CAAC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC,CAChD,CAAC;QAEF,IAAI,WAAW,CAAC,eAAe,KAAK,CAAC,EAAE;YACrC,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;SAC7D;QAED,OAAO,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,WAAW,EAAE,CAAC;KAC5D;AACH,CAAC;AAGD,SAAS,EAAE,CAAC,GAAY;IACtB,OAAO,gBAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;SACpC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAkC;IAClE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;KAC3B;IAED,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC;KAChB;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,GAAY;;IAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAA,GAAG,CAAC,QAAQ,mCAAI,EAAE,CAAC;SACtD,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,wBAAwB,CAAC,CAAC;AACnC,CAAC;AAGD,SAAS,WAAW,CAAC,GAAY;IAC/B,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;QACpB,OAAO,EAAE,CAAC;KACX;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;KACpB;IAED,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;AAC3D,CAAC;AAED,SAAS,MAAM,CAAC,KAAa,EAAE,KAAa;IAC1C,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,eAAe,CAAC,GAAY;IACnC,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,cAAc,EAAE,EAAE;QAC9C,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI;YACF,OAAO,IAAA,wBAAa,EAAC,cAAc,EAAE,IAAI,CAAC,CAAC;SAC5C;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,cAAc,KAAK,IAAI,CAAC;SAChC;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,mBAAmB,CAAC,WAAwC;;IACnE,IAAI,CAAC,CAAA,MAAA,MAAA,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,QAAQ,0CAAG,EAAE,EAAE,UAAU,0CAAE,MAAM,CAAA,EAAE;QACnD,OAAO,EAAE,CAAC;KACX;IAED,MAAM,MAAM,GAAG,qBAAU,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,YAAY,CAAC,EAAE;QAC7D,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC;IAEH,IAAI,MAAM,CAAC,KAAK,EAAE;QAChB,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACjB;IAED,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3C,OAAO,QAAQ,CAAC,GAAG,CACjB,CAAC,GAAsC,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CACzE,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,UAAkB;;IAC1C,MAAM,WAAW,GAAG,MAAM,eAAe,EAAE,CAAC;IAC5C,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,OAAO,CAAC,CAAC;IAEnE,MAAM,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,aAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC,CAAC;IAE1E,IAAI,WAAW,aAAX,WAAW,uBAAX,WAAW,CAAE,OAAO,EAAE;QACxB,cAAc,CACZ;YACE,GAAG,CAAC,MAAA,cAAc,CAAC,eAAe,mCAAI,EAAE,CAAC;YACzC,GAAG,MAAM,CAAC,IAAI,CAAC,MAAA,cAAc,CAAC,gBAAgB,mCAAI,EAAE,CAAC;SACtD,EACD,WAAW,CAAC,OAAO,CACpB,CAAC;KACH;IAED,OAAO,OAAO,CAAC,OAAO,CAAC;QACrB,WAAW,EAAE,CAAC,GAAG,CAAC,MAAA,cAAc,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC;QACpD,eAAe,EAAE;YACf,GAAG,CAAC,MAAA,cAAc,CAAC,eAAe,mCAAI,EAAE,CAAC;YACzC,GAAG,CAAC,gBAAgB,aAAhB,gBAAgB,cAAhB,gBAAgB,GAAI,EAAE,CAAC;SAC5B;QACD,gBAAgB,EAAE,EAAE,GAAG,CAAC,MAAA,cAAc,CAAC,gBAAgB,mCAAI,EAAE,CAAC,EAAE;KACjE,CAAC,CAAC;AACL,CAAC;AAID,SAAgB,uBAAuB,CACrC,WAAmB,EACnB,QAAmB;;IAEnB,IAAI,MAAM,GAAG;kEACmD,WAAW;+CAC9B,IAAI,IAAI,EAAE,CAAC,YAAY,EAAE;;;;;;EAMtE,QAAQ;SACP,GAAG,CACF,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,OAAO,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAC7E;SACA,IAAI,CAAC,IAAI,CAAC;;;CAGZ,CAAC;IAEA,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE;QAC1B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,iBAAiB,GAAG,GAAG,CAAC,OAAO;YACnC,CAAC,CAAC,GAAG,CAAC,IAAI;YACV,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,mCAAmC,GAAG,CAAC,IAAI,GAAG,CAAC;QAC/D,MAAM,IAAI;SACL,EAAE,CAAC,GAAG,CAAC;MACV,iBAAiB,aAAa,GAAG,CAAC,OAAO;CAC9C,CAAC;QACE,IAAI,GAAG,CAAC,WAAW,EAAE;YACnB,MAAM,IAAI,KAAK,GAAG,CAAC,WAAW,MAAM,CAAC;SACtC;QAED,MAAM,IAAI,iBAAiB,IAAI,MAAM,CAAC;QAEtC,IAAI,MAAA,GAAG,CAAC,YAAY,0CAAE,MAAM,EAAE;YAC5B,MAAM,IAAI,kBAAkB,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,YAAY,EAAE;gBACnC,MAAM,IAAI,KAAK,IAAI,CAAC,QAAQ,QAAQ,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;aACnE;SACF;QAED,IAAI,MAAA,GAAG,CAAC,YAAY,0CAAE,MAAM,EAAE;YAC5B,MAAM,IAAI,YAAY,CAAC;YACvB,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,YAAY,EAAE;gBACrC,MAAM,IAAI,GACR,OAAO,MAAM,KAAK,QAAQ;oBACxB,CAAC,CAAC,MAAM;oBACR,CAAC,CAAC,MAAM,CAAC,IAAI;wBACX,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpD,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7C,MAAM,IAAI,KAAK,IAAI,IAAI,CAAC;aACzB;YACD,MAAM,IAAI,IAAI,CAAC;SAChB;KACF;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AA1DD,0DA0DC;AAED,SAAS,gBAAgB,CAAC,QAAmB;IAC3C,MAAM,eAAe,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;IAExE,IAAI,eAAe,CAAC,MAAM,EAAE;QAC1B,OAAO,CAAC,KAAK,CACX,4BAA4B,eAAe,CAAC,MAAM,oBAAoB,CACvE,CAAC;QAEF,KAAK,MAAM,GAAG,IAAI,eAAe,EAAE;YACjC,OAAO,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,GAAG,EAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;SAChE;QAED,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;KACjB;AACH,CAAC;AAED,KAAK,UAAU,YAAY,CACzB,eAAyB,EACzB,MAAc;IAEd,OAAO,CAAC,MAAM,IAAA,2CAAmB,EAAU,eAAe,CAAC,CAAC;SACzD,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACvC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,CAC/B,CACJ;SACA,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,CACzE;SACA,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;;QAAC,OAAA,CAAC;YACb,GAAG,GAAG;YACN,OAAO,EACL,MAAA,CAAC,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,mCAC7D,GAAG,CAAC,OAAO;SACd,CAAC,CAAA;KAAA,CAAC,CAAC;AACR,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAAC,EAC5C,WAAW,EACX,eAAe,EACf,UAAU,GAKX;IACC,MAAM,MAAM,GAAW,MAAM,UAAU,CAAC,UAAU,aAAV,UAAU,cAAV,UAAU,GAAI,eAAe,CAAC,CAAC;IACvE,MAAM,QAAQ,GAAc,MAAM,YAAY,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAExE,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IAE3B,MAAM,QAAQ,GAAG,uBAAuB,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACzB,CAAC;AAhBD,0DAgBC"}
+{"version":3,"file":"generate-third-party-notices.js","sourceRoot":"","sources":["../../src/commands/generate-third-party-notices.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAC5B,oEAA2C;AAE3C,2BAAoC;AAGpC,oEAA+D;AAC/D,yCAAoC;AAUpC,MAAM,gBAAgB,GAAG;IACvB,KAAK;IACL,MAAM;IACN,cAAc;IACd,cAAc;IACd,cAAc;IACd,YAAY;IACZ,KAAK;IACL,WAAW;IACX,OAAO;IACP,SAAS;IACT,WAAW;CACZ,CAAC;AAEF,SAAS,cAAc,CAAC,eAAyB,EAAE,YAAuB;IACxE,MAAM,OAAO,GAAG,IAAI,GAAG,CACrB,YAAY,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,GAAG,IAAI,IAAI,OAAO,EAAE,CAAC,CAC9D,CAAC;IAEF,KAAK,MAAM,WAAW,IAAI,eAAe,EAAE;QACzC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE;YAC7B,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,mHAAmH,CAC/I,CAAC;SACH;KACF;AACH,CAAC;AAGD,SAAS,EAAE,CAAC,GAAY;IACtB,OAAO,gBAAM;SACV,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC;SAClC,MAAM,CAAC,KAAK,CAAC,CAAC;AACnB,CAAC;AAED,SAAS,wBAAwB,CAAC,OAAkC;IAClE,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC;KAC3B;IAED,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE;QAC/B,OAAO,OAAO,CAAC;KAChB;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,WAAW,CAAC,GAAY;;IAC/B,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,MAAA,GAAG,CAAC,QAAQ,mCAAI,EAAE,CAAC;SACtD,MAAM,CAAC,OAAO,CAAC;SACf,GAAG,CAAC,wBAAwB,CAAC,CAAC;AACnC,CAAC;AAGD,SAAS,WAAW,CAAC,GAAY;IAC/B,MAAM,QAAQ,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;IAElC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE;QACpB,OAAO,EAAE,CAAC;KACX;IAED,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE;QACzB,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;KACpB;IAED,OAAO,GAAG,GAAG,QAAQ,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC;AAC3D,CAAC;AAED,SAAS,MAAM,CAAC,KAAa,EAAE,KAAa;IAC1C,OAAO,KAAK,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,eAAe,CAAC,GAAY,EAAE,MAAc;IACnD,OAAO,CAAC,GAAG,gBAAgB,EAAE,GAAG,MAAM,CAAC,yBAAyB,CAAC,CAAC,IAAI,CACpE,CAAC,cAAc,EAAE,EAAE;QACjB,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC9B,IAAI;YACF,OAAO,IAAA,wBAAa,EAAC,cAAc,EAAE,IAAI,CAAC,CAAC;SAC5C;QAAC,OAAO,KAAK,EAAE;YACd,OAAO,cAAc,KAAK,IAAI,CAAC;SAChC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,UAAU,CAAC,UAAkB;;IAC1C,MAAM,cAAc,GAAoB,IAAI,CAAC,KAAK,CAChD,MAAM,aAAE,CAAC,QAAQ,CAAC,UAAU,EAAE,OAAO,CAAC,CACvC,CAAC;IAEF,OAAO,OAAO,CAAC,OAAO,CAAC;QACrB,WAAW,EAAE,CAAC,GAAG,CAAC,MAAA,cAAc,CAAC,WAAW,mCAAI,EAAE,CAAC,CAAC;QACpD,eAAe,EAAE,CAAC,GAAG,CAAC,MAAA,cAAc,CAAC,eAAe,mCAAI,EAAE,CAAC,CAAC;QAC5D,gBAAgB,EAAE,EAAE,GAAG,CAAC,MAAA,cAAc,CAAC,gBAAgB,mCAAI,EAAE,CAAC,EAAE;QAChE,qBAAqB,EAAE,CAAC,GAAG,CAAC,MAAA,cAAc,CAAC,qBAAqB,mCAAI,EAAE,CAAC,CAAC;QACxE,yBAAyB,EAAE;YACzB,GAAG,CAAC,MAAA,cAAc,CAAC,yBAAyB,mCAAI,EAAE,CAAC;SACpD;KACF,CAAC,CAAC;AACL,CAAC;AAED,MAAM,qBAAqB,GAAG,CAAC,GAAY,EAAE,EAAE,CAAC,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC;AAI7E,SAAgB,uBAAuB,CACrC,WAAmB,EACnB,QAAmB;;IAEnB,IAAI,MAAM,GAAG;kEACmD,WAAW;+CAC9B,IAAI,IAAI,EAAE,CAAC,YAAY,EAAE;;;;;;EAMtE,QAAQ;SACP,GAAG,CACF,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,OAAO,IAAI,WAAW,CAAC,GAAG,CAAC,EAAE,CAC7E;SACA,IAAI,CAAC,IAAI,CAAC;;;CAGZ,CAAC;IAEA,KAAK,MAAM,GAAG,IAAI,QAAQ,EAAE;QAC1B,MAAM,IAAI,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC;QAC9B,MAAM,iBAAiB,GAAG,GAAG,CAAC,OAAO;YACnC,CAAC,CAAC,GAAG,CAAC,IAAI;YACV,CAAC,CAAC,IAAI,GAAG,CAAC,IAAI,mCAAmC,GAAG,CAAC,IAAI,GAAG,CAAC;QAC/D,MAAM,IAAI;SACL,EAAE,CAAC,GAAG,CAAC;MACV,iBAAiB,aAAa,GAAG,CAAC,OAAO;CAC9C,CAAC;QACE,IAAI,GAAG,CAAC,WAAW,EAAE;YACnB,MAAM,IAAI,KAAK,GAAG,CAAC,WAAW,MAAM,CAAC;SACtC;QAED,MAAM,IAAI,iBAAiB,IAAI,MAAM,CAAC;QAEtC,IAAI,MAAA,GAAG,CAAC,YAAY,0CAAE,MAAM,EAAE;YAC5B,MAAM,IAAI,kBAAkB,CAAC;YAC7B,KAAK,MAAM,IAAI,IAAI,GAAG,CAAC,YAAY,EAAE;gBACnC,MAAM,IAAI,KAAK,IAAI,CAAC,QAAQ,QAAQ,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;aACnE;SACF;QAED,IAAI,MAAA,GAAG,CAAC,YAAY,0CAAE,MAAM,EAAE;YAC5B,MAAM,IAAI,YAAY,CAAC;YACvB,KAAK,MAAM,MAAM,IAAI,GAAG,CAAC,YAAY,EAAE;gBACrC,MAAM,IAAI,GACR,OAAO,MAAM,KAAK,QAAQ;oBACxB,CAAC,CAAC,MAAM;oBACR,CAAC,CAAC,MAAM,CAAC,IAAI;wBACX,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,MAAM,CAAC,KAAK,YAAY,CAAC,CAAC,CAAC,EAAE,CAAC;wBACpD,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,MAAM,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;gBAC7C,MAAM,IAAI,KAAK,IAAI,IAAI,CAAC;aACzB;YACD,MAAM,IAAI,IAAI,CAAC;SAChB;KACF;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AA1DD,0DA0DC;AAED,SAAS,gBAAgB,CAAC,QAAmB,EAAE,MAAc;IAC3D,MAAM,eAAe,GAAG,QAAQ;SAC7B,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,MAAM,CAAC,qBAAqB,CAAC,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CACrE;SACA,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,eAAe,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC;IAElD,IAAI,eAAe,CAAC,MAAM,EAAE;QAC1B,MAAM,IAAI,KAAK,CACb;YACE,4BAA4B,eAAe,CAAC,MAAM,oBAAoB;YACtE,GAAG,eAAe,CAAC,GAAG,CACpB,CAAC,GAAG,EAAE,EAAE,CAAC,KAAK,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,OAAO,KAAK,WAAW,CAAC,GAAG,CAAC,EAAE,CAC7D;SACF,CAAC,IAAI,CAAC,IAAI,CAAC,CACb,CAAC;KACH;AACH,CAAC;AAED,SAAS,WAAW,CAAC,YAAuB,EAAE,MAAc;IAC1D,cAAc,CACZ;QACE,GAAG,MAAM,CAAC,eAAe;QACzB,GAAG,MAAM,CAAC,qBAAqB;QAC/B,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,gBAAgB,CAAC;KACxC,EACD,YAAY,CACb,CAAC;IAEF,OAAO,YAAY;SAChB,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,CAAC,MAAM,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,GAAG,EAAE,EAAE,CACvC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,GAAG,GAAG,GAAG,CAAC,CAC/B,CACJ;SACA,MAAM,CACL,CAAC,GAAG,EAAE,EAAE,CACN,CAAC,CAAC,MAAM,CAAC,eAAe,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,CACvE;SACA,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;;QAAC,OAAA,CAAC;YACb,GAAG,GAAG;YACN,OAAO,EACL,MAAA,CAAC,MAAM,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC,qBAAqB,CAAC,GAAG,CAAC,CAAC,mCAC3D,GAAG,CAAC,OAAO;SACd,CAAC,CAAA;KAAA,CAAC,CAAC;AACR,CAAC;AAEM,KAAK,UAAU,uBAAuB,CAAC,EAC5C,WAAW,EACX,eAAe,EACf,UAAU,EACV,WAAW,GAMZ;IACC,MAAM,MAAM,GAAW,MAAM,UAAU,CAAC,UAAU,aAAV,UAAU,cAAV,UAAU,GAAI,eAAe,CAAC,CAAC;IACvE,MAAM,WAAW,GAAG,MAAM,IAAA,2CAAmB,EAAU,eAAe,CAAC,CAAC;IACxE,MAAM,QAAQ,GAAc,WAAW,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;IAE7D,gBAAgB,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAEnC,MAAM,QAAQ,GAAG,uBAAuB,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC;IAChE,CAAC,WAAW,aAAX,WAAW,cAAX,WAAW,GAAI,OAAO,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;AAC1C,CAAC;AAnBD,0DAmBC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC1B,CAAC;AAEY,QAAA,OAAO,GAAG,IAAI,mBAAO,CAAC,4BAA4B,CAAC;KAC7D,WAAW,CAAC,8BAA8B,CAAC;KAC3C,MAAM,CAAC,yBAAyB,EAAE,cAAc,CAAC;KACjD,MAAM,CACL,mBAAmB,EACnB,gCAAgC,EAChC,eAAe,CAChB;KACA,MAAM,CACL,wBAAwB,EACxB,0CAA0C,EAC1C,kBAAkB,EAClB,EAAE,CACH;KACA,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,MAAM,uBAAuB,CAAC;QAC5B,WAAW,EAAE,OAAO,CAAC,OAAO;QAC5B,eAAe,EAAE,OAAO,CAAC,YAAY;QACrC,UAAU,EAAE,OAAO,CAAC,MAAM;KAC3B,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/commands/generate-vulnerability-report.d.ts

@@ -1,24 +1,12 @@
-import type { KnownSeverity } from './severity';
+import type { KnownSeverity, SnykTestProjectResult } from '../snyk-vulnerability';
+import { Command } from 'commander';
 export declare function loadReports(files: string[]): Promise<SnykTestProjectResult[]>;
-declare type SnykTestProjectResult = {
-    vulnerabilities: SnykVulnerability[];
-};
-declare type SnykVulnerability = {
-    moduleName: string;
-    from: string[];
-    name: string;
-    version: string;
-    cvssScore: number;
-    severity: KnownSeverity;
-    id: string;
-    url: string;
-    title: string;
-    fixedIn: string[];
-};
 export declare function generateVulnerabilityReport(options: {
     dependencyFiles: string[];
     snykReports: string[];
-    failOn: KnownSeverity;
+    snykPolicyPath?: string;
+    failOn?: KnownSeverity;
+    printResult?: (result: string) => void;
 }): Promise<void>;
-export {};
+export declare const command: Command;
 //# sourceMappingURL=generate-vulnerability-report.d.ts.map

package/dist/commands/generate-vulnerability-report.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"generate-vulnerability-report.d.ts","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAGhD,wBAAsB,WAAW,CAC/B,KAAK,EAAE,MAAM,EAAE,GACd,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAUlC;AAED,aAAK,qBAAqB,GAAG;IAC3B,eAAe,EAAE,iBAAiB,EAAE,CAAC;CACtC,CAAC;AAEF,aAAK,iBAAiB,GAAG;IACvB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,EAAE,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,aAAa,CAAC;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB,CAAC;AAoHF,wBAAsB,2BAA2B,CAAC,OAAO,EAAE;IACzD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,MAAM,EAAE,aAAa,CAAC;CACvB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiBhB"}
+{"version":3,"file":"generate-vulnerability-report.d.ts","sourceRoot":"","sources":["../../src/commands/generate-vulnerability-report.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,aAAa,EACb,qBAAqB,EAEtB,MAAM,uBAAuB,CAAC;AAE/B,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAEpC,wBAAsB,WAAW,CAC/B,KAAK,EAAE,MAAM,EAAE,GACd,OAAO,CAAC,qBAAqB,EAAE,CAAC,CAUlC;AAiJD,wBAAsB,2BAA2B,CAAC,OAAO,EAAE;IACzD,eAAe,EAAE,MAAM,EAAE,CAAC;IAC1B,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,WAAW,CAAC,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,IAAI,CAAC;CACxC,GAAG,OAAO,CAAC,IAAI,CAAC,CAuBhB;AAMD,eAAO,MAAM,OAAO,SAyBhB,CAAC"}