@trustify-da/trustify-da-javascript-client 0.2.4-ea.13

package/config/config.properties

@@ -0,0 +1 @@
+TRUSTIFY_DA_DEV_MODE=false

package/dist/package.json

@@ -0,0 +1,106 @@
+{
+    "name": "@trustify-da/trustify-da-javascript-client",
+    "version": "0.2.4-ea.13",
+    "description": "Code-Ready Dependency Analytics JavaScript API.",
+    "license": "Apache-2.0",
+    "homepage": "https://github.com/guacsec/trustify-da-javascript-client#README.md",
+    "bugs": "https://github.com/guacsec/trustify-da-javascript-client/issues",
+    "repository": "github:guacsec/trustify-da-javascript-client",
+    "keywords": [
+        "analysis",
+        "codeready",
+        "exhort",
+        "secure",
+        "supply-chain",
+        "vulnerability"
+    ],
+    "engines": {
+        "node": ">= 18.0.0",
+        "npm": ">= 9.0.0"
+    },
+    "type": "module",
+    "bin": "dist/src/cli.js",
+    "main": "dist/src/index.js",
+    "module": "dist/src/index.js",
+    "types": "dist/src/index.d.ts",
+    "files": [
+        "!*",
+        "dist/**/*",
+        "config/**/*"
+    ],
+    "scripts": {
+        "lint": "eslint src test --ext js",
+        "lint:fix": "eslint src test --ext js --fix",
+        "test": "c8 npm run tests",
+        "tests": "mocha --config .mocharc.json --grep \"Integration Tests|.*analysis module.*\" --invert",
+        "tests:rep": "mocha --reporter-option maxDiffSize=0 --reporter json > unit-tests-result.json",
+        "integration-tests": "mocha --grep \"Integration Tests\"",
+        "precompile": "rm -rf dist",
+        "compile": "tsc -p tsconfig.json"
+    },
+    "dependencies": {
+        "@babel/core": "^7.23.2",
+        "@cyclonedx/cyclonedx-library": "~1.13.3",
+        "fast-toml": "^0.5.4",
+        "fast-xml-parser": "^4.5.3",
+        "help": "^3.0.2",
+        "https-proxy-agent": "^7.0.6",
+        "node-fetch": "^2.7.0",
+        "packageurl-js": "^1.0.2",
+        "yargs": "^17.7.2"
+    },
+    "devDependencies": {
+        "@babel/core": "^7.23.2",
+        "@trustify-da/trustify-da-api-model": "^2.0.1",
+        "@types/node": "^20.17.30",
+        "@types/which": "^3.0.4",
+        "babel-plugin-rewire": "^1.2.0",
+        "c8": "^8.0.0",
+        "chai": "^4.3.7",
+        "eslint": "^8.42.0",
+        "eslint-plugin-editorconfig": "^4.0.3",
+        "eslint-plugin-import": "^2.29.1",
+        "esmock": "^2.6.2",
+        "mocha": "^10.2.0",
+        "msw": "^1.3.2",
+        "sinon": "^15.1.2",
+        "sinon-chai": "^3.7.0",
+        "typescript": "^5.1.3",
+        "which": "^5.0.0"
+    },
+    "mocha": {
+        "check-leaks": false,
+        "color": true,
+        "extension": "js",
+        "fail-zero": true,
+        "recursive": true,
+        "ui": "tdd"
+    },
+    "c8": {
+        "all": true,
+        "check-coverage": true,
+        "clean": true,
+        "include": [
+            "src/**"
+        ],
+        "exclude": [
+            "src/cli.js",
+            "src/index.js",
+            "src/analysis.js",
+            "src/providers/java_maven.js",
+            "src/providers/javascript_npm.js"
+        ],
+        "lines": 82,
+        "reporter": [
+            "html",
+            "json",
+            "text"
+        ]
+    },
+    "eslintIgnore": [
+        "index.js"
+    ],
+    "resolutions": {
+        "@hapi/joi": "17.1.1"
+    }
+}

package/dist/src/analysis.d.ts

@@ -0,0 +1,43 @@
+declare namespace _default {
+    export { requestComponent };
+    export { requestStack };
+    export { requestImages };
+    export { validateToken };
+}
+export default _default;
+/**
+ * Send a component analysis request and get the report as 'application/json'.
+ * @param {import('./provider').Provider} provider - the provided data for constructing the request
+ * @param {string} manifest - path for the manifest
+ * @param {string} url - the backend url to send the request to
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {Promise<import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>}
+ */
+declare function requestComponent(provider: import('./provider').Provider, manifest: string, url: string, opts?: import("index.js").Options | undefined): Promise<import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>;
+/**
+ * Send a stack analysis request and get the report as 'text/html' or 'application/json'.
+ * @param {import('./provider').Provider} provider - the provided data for constructing the request
+ * @param {string} manifest - path for the manifest
+ * @param {string} url - the backend url to send the request to
+ * @param {boolean} [html=false] - true will return 'text/html', false will return 'application/json'
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {Promise<string|import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>}
+ */
+declare function requestStack(provider: import('./provider').Provider, manifest: string, url: string, html?: boolean | undefined, opts?: import("index.js").Options | undefined): Promise<string | import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>;
+/**
+ *
+ * @param {Array<string>} imageRefs
+ * @param {string} url
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {Promise<string|Object.<string, import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>>}
+ */
+declare function requestImages(imageRefs: Array<string>, url: string, html?: boolean, opts?: import("index.js").Options | undefined): Promise<string | {
+    [x: string]: import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport;
+}>;
+/**
+ *
+ * @param url the backend url to send the request to
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass headers for t he validateToken Request
+ * @return {Promise<number>} return the HTTP status Code of the response from the validate token request.
+ */
+declare function validateToken(url: any, opts?: import("index.js").Options | undefined): Promise<number>;

package/dist/src/analysis.js

@@ -0,0 +1,252 @@
+import fs from "node:fs";
+import path from "node:path";
+import { EOL } from "os";
+import { HttpsProxyAgent } from "https-proxy-agent";
+import { generateImageSBOM, parseImageRef } from "./oci_image/utils.js";
+import { RegexNotToBeLogged, getCustom } from "./tools.js";
+export default { requestComponent, requestStack, requestImages, validateToken };
+const rhdaTokenHeader = "rhda-token";
+const rhdaTelemetryId = "rhda-telemetry-id";
+const rhdaSourceHeader = "rhda-source";
+const rhdaOperationTypeHeader = "rhda-operation-type";
+const rhdaPackageManagerHeader = "rhda-pkg-manager";
+/**
+ * Adds proxy agent configuration to fetch options if a proxy URL is specified
+ * @param {RequestInit} options - The base fetch options
+ * @param {import("index.js").Options} opts - The exhort options that may contain proxy configuration
+ * @returns {RequestInit} The fetch options with proxy agent if applicable
+ */
+function addProxyAgent(options, opts) {
+    const proxyUrl = getCustom('TRUSTIFY_DA_PROXY_URL', null, opts);
+    if (proxyUrl) {
+        options.agent = new HttpsProxyAgent(proxyUrl);
+    }
+    return options;
+}
+/**
+ * Send a stack analysis request and get the report as 'text/html' or 'application/json'.
+ * @param {import('./provider').Provider} provider - the provided data for constructing the request
+ * @param {string} manifest - path for the manifest
+ * @param {string} url - the backend url to send the request to
+ * @param {boolean} [html=false] - true will return 'text/html', false will return 'application/json'
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {Promise<string|import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>}
+ */
+async function requestStack(provider, manifest, url, html = false, opts = {}) {
+    opts["source-manifest"] = Buffer.from(fs.readFileSync(manifest).toString()).toString('base64');
+    opts["manifest-type"] = path.parse(manifest).base;
+    let provided = provider.provideStack(manifest, opts); // throws error if content providing failed
+    opts["source-manifest"] = "";
+    opts[rhdaOperationTypeHeader.toUpperCase().replaceAll("-", "_")] = "stack-analysis";
+    let startTime = new Date();
+    let endTime;
+    if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+        console.log("Starting time of sending stack analysis request to exhort server= " + startTime);
+    }
+    opts[rhdaPackageManagerHeader.toUpperCase().replaceAll("-", "_")] = provided.ecosystem;
+    const fetchOptions = addProxyAgent({
+        method: 'POST',
+        headers: {
+            'Accept': html ? 'text/html' : 'application/json',
+            'Content-Type': provided.contentType,
+            ...getTokenHeaders(opts),
+        },
+        body: provided.content
+    }, opts);
+    const finalUrl = new URL(`${url}/api/v4/analysis`);
+    if (opts['TRUSTIFY_DA_RECOMMENDATIONS_ENABLED'] === 'false') {
+        finalUrl.searchParams.append('recommend', 'false');
+    }
+    let resp = await fetch(finalUrl, fetchOptions);
+    let result;
+    if (resp.status === 200) {
+        if (!html) {
+            result = await resp.json();
+        }
+        else {
+            result = await resp.text();
+        }
+        if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+            let exRequestId = resp.headers.get("ex-request-id");
+            if (exRequestId) {
+                console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId);
+            }
+            endTime = new Date();
+            console.log("Response body received from exhort server : " + EOL + EOL);
+            console.log(console.log(JSON.stringify(result, null, 4)));
+            console.log("Ending time of sending stack analysis request to exhort server= " + endTime);
+            let time = (endTime - startTime) / 1000;
+            console.log("Total Time in seconds: " + time);
+        }
+    }
+    else {
+        throw new Error(`Got error response from exhort backend - http return code : ${resp.status},  error message =>  ${await resp.text()}`);
+    }
+    return Promise.resolve(result);
+}
+/**
+ * Send a component analysis request and get the report as 'application/json'.
+ * @param {import('./provider').Provider} provider - the provided data for constructing the request
+ * @param {string} manifest - path for the manifest
+ * @param {string} url - the backend url to send the request to
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {Promise<import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>}
+ */
+async function requestComponent(provider, manifest, url, opts = {}) {
+    opts["source-manifest"] = Buffer.from(fs.readFileSync(manifest).toString()).toString('base64');
+    let provided = provider.provideComponent(manifest, opts); // throws error if content providing failed
+    opts["source-manifest"] = "";
+    opts[rhdaOperationTypeHeader.toUpperCase().replaceAll("-", "_")] = "component-analysis";
+    if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+        console.log("Starting time of sending component analysis request to exhort server= " + new Date());
+    }
+    opts[rhdaPackageManagerHeader.toUpperCase().replaceAll("-", "_")] = provided.ecosystem;
+    const fetchOptions = addProxyAgent({
+        method: 'POST',
+        headers: {
+            'Accept': 'application/json',
+            'Content-Type': provided.contentType,
+            ...getTokenHeaders(opts),
+        },
+        body: provided.content
+    }, opts);
+    const finalUrl = new URL(`${url}/api/v4/analysis`);
+    if (opts['TRUSTIFY_DA_RECOMMENDATIONS_ENABLED'] === 'false') {
+        finalUrl.searchParams.append('recommend', 'false');
+    }
+    let resp = await fetch(finalUrl, fetchOptions);
+    let result;
+    if (resp.status === 200) {
+        result = await resp.json();
+        if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+            let exRequestId = resp.headers.get("ex-request-id");
+            if (exRequestId) {
+                console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId);
+            }
+            console.log("Response body received from exhort server : " + EOL + EOL);
+            console.log(JSON.stringify(result, null, 4));
+            console.log("Ending time of sending component analysis request to exhort server= " + new Date());
+        }
+    }
+    else {
+        throw new Error(`Got error response from exhort backend - http return code : ${resp.status}, ex-request-id: ${resp.headers.get("ex-request-id")}  error message =>  ${await resp.text()}`);
+    }
+    return Promise.resolve(result);
+}
+/**
+ *
+ * @param {Array<string>} imageRefs
+ * @param {string} url
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {Promise<string|Object.<string, import('@trustify-da/trustify-da-api-model/model/v5/AnalysisReport').AnalysisReport>>}
+ */
+async function requestImages(imageRefs, url, html = false, opts = {}) {
+    const imageSboms = {};
+    for (const image of imageRefs) {
+        const parsedImageRef = parseImageRef(image, opts);
+        imageSboms[parsedImageRef.getPackageURL().toString()] = generateImageSBOM(parsedImageRef, opts);
+    }
+    const finalUrl = new URL(`${url}/api/v4/batch-analysis`);
+    if (opts['TRUSTIFY_DA_RECOMMENDATIONS_ENABLED'] === 'false') {
+        finalUrl.searchParams.append('recommend', 'false');
+    }
+    const resp = await fetch(finalUrl, {
+        method: 'POST',
+        headers: {
+            'Accept': html ? 'text/html' : 'application/json',
+            'Content-Type': 'application/vnd.cyclonedx+json',
+            ...getTokenHeaders(opts)
+        },
+        body: JSON.stringify(imageSboms),
+    });
+    if (resp.status === 200) {
+        let result;
+        if (!html) {
+            result = await resp.json();
+        }
+        else {
+            result = await resp.text();
+        }
+        if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+            let exRequestId = resp.headers.get("ex-request-id");
+            if (exRequestId) {
+                console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId);
+            }
+            console.log("Response body received from exhort server : " + EOL + EOL);
+            console.log(JSON.stringify(result, null, 4));
+            console.log("Ending time of sending component analysis request to exhort server= " + new Date());
+        }
+        return result;
+    }
+    else {
+        throw new Error(`Got error response from exhort backend - http return code : ${resp.status}, ex-request-id: ${resp.headers.get("ex-request-id")}  error message =>  ${await resp.text()}`);
+    }
+}
+/**
+ *
+ * @param url the backend url to send the request to
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass headers for t he validateToken Request
+ * @return {Promise<number>} return the HTTP status Code of the response from the validate token request.
+ */
+async function validateToken(url, opts = {}) {
+    const fetchOptions = addProxyAgent({
+        method: 'GET',
+        headers: {
+            ...getTokenHeaders(opts),
+        }
+    }, opts);
+    let resp = await fetch(`${url}/api/v4/token`, fetchOptions);
+    if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+        let exRequestId = resp.headers.get("ex-request-id");
+        if (exRequestId) {
+            console.log("Unique Identifier associated with this request - ex-request-id=" + exRequestId);
+        }
+    }
+    return resp.status;
+}
+/**
+ *
+ * @param {string} headerName - the header name to populate in request
+ * @param headers
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @private
+ */
+function setRhdaHeader(headerName, headers, opts) {
+    let rhdaHeaderValue = getCustom(headerName.toUpperCase().replaceAll("-", "_"), null, opts);
+    if (rhdaHeaderValue) {
+        headers[headerName] = rhdaHeaderValue;
+    }
+}
+/**
+ * Utility function for fetching vendor tokens
+ * @param {import("index.js").Options} [opts={}] - optional various options to pass along the application
+ * @returns {{}}
+ */
+function getTokenHeaders(opts = {}) {
+    let supportedTokens = ['snyk', 'oss-index'];
+    let headers = {};
+    supportedTokens.forEach(vendor => {
+        let token = getCustom(`TRUSTIFY_DA_${vendor.replace("-", "_").toUpperCase()}_TOKEN`, null, opts);
+        if (token) {
+            headers[`ex-${vendor}-token`] = token;
+        }
+        let user = getCustom(`TRUSTIFY_DA_${vendor.replace("-", "_").toUpperCase()}_USER`, null, opts);
+        if (user) {
+            headers[`ex-${vendor}-user`] = user;
+        }
+    });
+    setRhdaHeader(rhdaTokenHeader, headers, opts);
+    setRhdaHeader(rhdaSourceHeader, headers, opts);
+    setRhdaHeader(rhdaOperationTypeHeader, headers, opts);
+    setRhdaHeader(rhdaPackageManagerHeader, headers, opts);
+    setRhdaHeader(rhdaTelemetryId, headers, opts);
+    if (process.env["TRUSTIFY_DA_DEBUG"] === "true") {
+        console.log("Headers Values to be sent to exhort:" + EOL);
+        for (const headerKey in headers) {
+            if (!headerKey.match(RegexNotToBeLogged)) {
+                console.log(`${headerKey}: ${headers[headerKey]}`);
+            }
+        }
+    }
+    return headers;
+}

package/dist/src/cli.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/src/cli.js

@@ -0,0 +1,102 @@
+#!/usr/bin/env node
+import * as path from "path";
+import yargs from 'yargs';
+import { hideBin } from 'yargs/helpers';
+import exhort from './index.js';
+// command for component analysis take manifest type and content
+const component = {
+    command: 'component </path/to/manifest>',
+    desc: 'produce component report for manifest path',
+    builder: yargs => yargs.positional('/path/to/manifest', {
+        desc: 'manifest path for analyzing',
+        type: 'string',
+        normalize: true,
+    }),
+    handler: async (args) => {
+        let manifestName = args['/path/to/manifest'];
+        let res = await exhort.componentAnalysis(manifestName);
+        console.log(JSON.stringify(res, null, 2));
+    }
+};
+const validateToken = {
+    command: 'validate-token <token-provider> [--token-value thevalue]',
+    desc: 'Validates input token if authentic and authorized',
+    builder: yargs => yargs.positional('token-provider', {
+        desc: 'the token provider',
+        type: 'string',
+        choices: ['snyk', 'oss-index'],
+    }).options({
+        tokenValue: {
+            alias: 'value',
+            desc: 'the actual token value to be checked',
+            type: 'string',
+        }
+    }),
+    handler: async (args) => {
+        let tokenProvider = args['token-provider'].toUpperCase();
+        let opts = {};
+        if (args['tokenValue'] !== undefined && args['tokenValue'].trim() !== "") {
+            let tokenValue = args['tokenValue'].trim();
+            opts[`TRUSTIFY_DA_${tokenProvider}_TOKEN`] = tokenValue;
+        }
+        let res = await exhort.validateToken(opts);
+        console.log(res);
+    }
+};
+// command for stack analysis takes a manifest path
+const stack = {
+    command: 'stack </path/to/manifest> [--html|--summary]',
+    desc: 'produce stack report for manifest path',
+    builder: yargs => yargs.positional('/path/to/manifest', {
+        desc: 'manifest path for analyzing',
+        type: 'string',
+        normalize: true,
+    }).options({
+        html: {
+            alias: 'r',
+            desc: 'Get the report as HTML instead of JSON',
+            type: 'boolean',
+            conflicts: 'summary'
+        },
+        summary: {
+            alias: 's',
+            desc: 'For JSON report, get only the \'summary\'',
+            type: 'boolean',
+            conflicts: 'html'
+        }
+    }),
+    handler: async (args) => {
+        let manifest = args['/path/to/manifest'];
+        let html = args['html'];
+        let summary = args['summary'];
+        let theProvidersSummary = new Map();
+        let theProvidersObject = {};
+        let res = await exhort.stackAnalysis(manifest, html);
+        if (summary) {
+            for (let provider in res.providers) {
+                if (res.providers[provider].sources !== undefined) {
+                    for (let source in res.providers[provider].sources) {
+                        if (res.providers[provider].sources[source].summary) {
+                            theProvidersSummary.set(source, res.providers[provider].sources[source].summary);
+                        }
+                    }
+                }
+            }
+            for (let [provider, providerSummary] of theProvidersSummary) {
+                theProvidersObject[provider] = providerSummary;
+            }
+        }
+        console.log(html ? res : JSON.stringify(!html && summary ? theProvidersObject : res, null, 2));
+    }
+};
+// parse and invoke the command
+yargs(hideBin(process.argv))
+    .usage(`Usage: ${process.argv[0].includes("node") ? path.parse(process.argv[1]).base : path.parse(process.argv[0]).base} {component|stack|validate-token}`)
+    .command(stack)
+    .command(component)
+    .command(validateToken)
+    .scriptName('')
+    .version(false)
+    .demandCommand(1)
+    .wrap(null)
+    .parse();

package/dist/src/cyclone_dx_sbom.d.ts

@@ -0,0 +1,77 @@
+/// <reference types="packageurl-js/src/package-url" />
+export default class CycloneDxSbom {
+    sbomObject: any;
+    rootComponent: any;
+    components: any[];
+    dependencies: any[];
+    sourceManifestForAuditTrail: any;
+    /**
+     * @param {PackageURL} root - add main/root component for sbom
+     * @return {CycloneDxSbom} the CycloneDxSbom Sbom Object
+     */
+    addRoot(root: PackageURL): CycloneDxSbom;
+    /**
+     * @return {{{"bom-ref": string, name, purl: string, type, version}}} root component of sbom.
+     */
+    getRoot(): {};
+    /**
+     * Adds a dependency relationship between two components in the SBOM
+     * @param {PackageURL} sourceRef - The source component (parent)
+     * @param {PackageURL} targetRef - The target component (dependency)
+     * @return {CycloneDxSbom} The updated SBOM
+     */
+    addDependency(sourceRef: PackageURL, targetRef: PackageURL, scope: any): CycloneDxSbom;
+    /** @param {{}} opts - various options, settings and configuration of application.
+     * @return String CycloneDx Sbom json object in a string format
+     */
+    getAsJsonString(opts: {}): string;
+    /**
+     *
+     * @param {String} dependency - purl string of the component.
+     * @return {int} - the index of the dependency in dependencies Array, returns -1 if not found.
+     */
+    getDependencyIndex(dependency: string): int;
+    /**
+     *
+     * @param {component} theComponent - Component Object with purl field.
+     * @return {int} index of the found component entry, if not found returns -1.
+     * @private
+     */
+    private getComponentIndex;
+    /** This method gets a PackageUrl, and returns a Component of CycloneDx Sbom
+     * @param purl {PackageURL}
+     * @return component
+     */
+    purlToComponent(purl: PackageURL): {
+        "bom-ref": string;
+        name: any;
+        purl: string;
+        type: any;
+        version: any;
+        scope: any;
+    };
+    /**
+     * This method gets an array of dependencies to be ignored, and remove all of them from CycloneDx Sbom
+     * @param {Array[PackageURL]} dependencies to be removed from sbom
+     * @return {CycloneDxSbom} without ignored dependencies
+     */
+    filterIgnoredDeps(deps: any): CycloneDxSbom;
+    /**
+     * This method gets an array of dependencies with versions( purl string format) to be ignored, and remove all of them from CycloneDx Sbom
+     * @param {Array} dependencies to be removed from sbom
+     * @return {CycloneDxSbom} without ignored dependencies
+     */
+    filterIgnoredDepsIncludingVersion(deps: any): CycloneDxSbom;
+    /** This method gets a component object, and a string name, and checks if the name is a substring of the component' purl.
+     * @param {} component to search in its dependencies
+     * @param {String} name to be checked.
+     *
+     * @return {boolean}
+     */
+    checkIfPackageInsideDependsOnList(component: any, name: string): boolean;
+    /** Removes the root component from the sbom
+     */
+    removeRootComponent(): void;
+    setSourceManifest(manifestData: any): void;
+}
+import { PackageURL } from "packageurl-js";