@trustify-da/trustify-da-javascript-client 0.3.0-ea.daa4d82 → 0.3.0-ea.de12f6a

package/dist/src/providers/golang_gomodules.d.ts

@@ -3,9 +3,10 @@ declare namespace _default {
     export { validateLockFile };
     export { provideComponent };
     export { provideStack };
+    export { readLicenseFromManifest };
 }
 export default _default;
-export type Provided = import('../provider').Provided;
+export type Provided = import("../provider").Provided;
 export type Package = {
     name: string;
     version: string;
@@ -18,25 +19,31 @@ export type Dependency = {
     ignore: boolean;
 };
 /**
- * @param {string} manifestName - the subject manifest name-type
- * @returns {boolean} - return true if `pom.xml` is the manifest name-type
- */
+ * @param {string} manifestName the subject manifest name-type
+ * @returns {boolean} return true if `pom.xml` is the manifest name-type
+*/
 declare function isSupported(manifestName: string): boolean;
 /**
- * @param {string} manifestDir - the directory where the manifest lies
+ * @param {string} manifestDir the directory where the manifest lies
  */
 declare function validateLockFile(): boolean;
 /**
  * Provide content and content type for maven-maven component analysis.
- * @param {string} manifest - path to go.mod for component report
- * @param {{}} [opts={}] - optional various options to pass along the application
- * @returns {Provided}
+ * @param {string} manifest path to go.mod for component report
+ * @param {{}} [opts={}] optional various options to pass along the application
+ * @returns {Promise<Provided>}
  */
-declare function provideComponent(manifest: string, opts?: {} | undefined): Provided;
+declare function provideComponent(manifest: string, opts?: {}): Promise<Provided>;
 /**
  * Provide content and content type for maven-maven stack analysis.
- * @param {string} manifest - the manifest path or name
- * @param {{}} [opts={}] - optional various options to pass along the application
- * @returns {Provided}
+ * @param {string} manifest the manifest path or name
+ * @param {{}} [opts={}] optional various options to pass along the application
+ * @returns {Promise<Provided>}
  */
-declare function provideStack(manifest: string, opts?: {} | undefined): Provided;
+declare function provideStack(manifest: string, opts?: {}): Promise<Provided>;
+/**
+ * Go modules have no standard license field in go.mod
+ * @param {string} manifestPath path to go.mod
+ * @returns {string|null}
+*/
+declare function readLicenseFromManifest(manifestPath: string): string | null;

package/dist/src/providers/golang_gomodules.js

@@ -1,10 +1,11 @@
 import fs from 'node:fs';
 import path from 'node:path';
-import { EOL } from "os";
 import { PackageURL } from 'packageurl-js';
+import { readLicenseFile } from '../license/license_utils.js';
 import Sbom from '../sbom.js';
 import { getCustom, getCustomPath, invokeCommand } from "../tools.js";
-export default { isSupported, validateLockFile, provideComponent, provideStack };
+import { getParser, getRequireQuery } from './gomod_parser.js';
+export default { isSupported, validateLockFile, provideComponent, provideStack, readLicenseFromManifest };
 /** @typedef {import('../provider').Provider} */
 /** @typedef {import('../provider').Provided} Provided */
 /** @typedef {{name: string, version: string}} Package */
@@ -12,43 +13,50 @@ export default { isSupported, validateLockFile, provideComponent, provideStack }
 /**
  * @type {string} ecosystem for npm-npm is 'maven'
  * @private
- */
+*/
 const ecosystem = 'golang';
 const defaultMainModuleVersion = "v0.0.0";
 /**
- * @param {string} manifestName - the subject manifest name-type
- * @returns {boolean} - return true if `pom.xml` is the manifest name-type
- */
+ * @param {string} manifestName the subject manifest name-type
+ * @returns {boolean} return true if `pom.xml` is the manifest name-type
+*/
 function isSupported(manifestName) {
     return 'go.mod' === manifestName;
 }
 /**
- * @param {string} manifestDir - the directory where the manifest lies
+ * Go modules have no standard license field in go.mod
+ * @param {string} manifestPath path to go.mod
+ * @returns {string|null}
+*/
+// eslint-disable-next-line no-unused-vars
+function readLicenseFromManifest(manifestPath) { return readLicenseFile(manifestPath); }
+/**
+ * @param {string} manifestDir the directory where the manifest lies
  */
 function validateLockFile() { return true; }
 /**
  * Provide content and content type for maven-maven stack analysis.
- * @param {string} manifest - the manifest path or name
- * @param {{}} [opts={}] - optional various options to pass along the application
- * @returns {Provided}
+ * @param {string} manifest the manifest path or name
+ * @param {{}} [opts={}] optional various options to pass along the application
+ * @returns {Promise<Provided>}
  */
-function provideStack(manifest, opts = {}) {
+async function provideStack(manifest, opts = {}) {
     return {
         ecosystem,
-        content: getSBOM(manifest, opts, true),
+        content: await getSBOM(manifest, opts, true),
         contentType: 'application/vnd.cyclonedx+json'
     };
 }
 /**
  * Provide content and content type for maven-maven component analysis.
- * @param {string} manifest - path to go.mod for component report
- * @param {{}} [opts={}] - optional various options to pass along the application
- * @returns {Provided}
+ * @param {string} manifest path to go.mod for component report
+ * @param {{}} [opts={}] optional various options to pass along the application
+ * @returns {Promise<Provided>}
  */
-function provideComponent(manifest, opts = {}) {
+async function provideComponent(manifest, opts = {}) {
     return {
         ecosystem,
-        content: getSBOM(manifest, opts, false),
+        content: await getSBOM(manifest, opts, false),
         contentType: 'application/vnd.cyclonedx+json'
     };
 }
@@ -69,50 +77,52 @@ function getChildVertexFromEdge(edge) {
     return edge.split(" ")[1];
 }
 /**
- *
- * @param line one row from go.mod file
- * @return {boolean} whether line from go.mod should be considered as ignored or not
+ * Check whether a require_spec has a valid exhortignore marker.
+ * For direct dependencies: `//exhortignore` or `// exhortignore`
+ * For indirect dependencies: `// indirect; exhortignore` (semicolon-separated)
+ * @param {import('web-tree-sitter').SyntaxNode} specNode
+ * @return {boolean}
  */
-function ignoredLine(line) {
-    let result = false;
-    if (line.match(".*exhortignore.*")) {
-        if (line.match(".+//\\s*exhortignore") || line.match(".+//\\sindirect (//)?\\s*exhortignore")) {
-            let trimmedRow = line.trim();
-            if (!trimmedRow.startsWith("module ") && !trimmedRow.startsWith("go ") && !trimmedRow.startsWith("require (") && !trimmedRow.startsWith("require(")
-                && !trimmedRow.startsWith("exclude ") && !trimmedRow.startsWith("replace ") && !trimmedRow.startsWith("retract ") && !trimmedRow.startsWith("use ")
-                && !trimmedRow.includes("=>")) {
-                if (trimmedRow.startsWith("require ") || trimmedRow.match("^[a-z.0-9/-]+\\s{1,2}[vV][0-9]\\.[0-9](\\.[0-9]){0,2}.*")) {
-                    result = true;
-                }
-            }
+function hasExhortIgnore(specNode) {
+    // Ideally this would be the following tree-sitter query instead, but for some
+    // reason it throws an error here but not in the playground.
+    // (require_spec) ((module_path) @path (version) (comment) @comment (#match? @comment "^//.*exhortignore"))
+    // QueryError: Bad pattern structure at offset 53: '(comment) @comment (#match? @comment "^//.*exhortignore")) @spec'...
+    let comments = specNode.children.filter(c => c.type === 'comment');
+    for (let comment of comments) {
+        let text = comment.text;
+        if (/^\/\/\s*indirect;\s*exhortignore/.test(text)) {
+            return true;
+        }
+        if (/^\/\/\s*exhortignore/.test(text)) {
+            return true;
         }
     }
-    return result;
-}
-/**
- * extract package name from go.mod line that contains exhortignore comment.
- * @param line a row contains exhortignore as part of a comment
- * @return {string} the full package name + group/namespace + version
- * @private
- */
-function extractPackageName(line) {
-    let trimmedRow = line.trim();
-    let firstRemarkNotationOccurrence = trimmedRow.indexOf("//");
-    return trimmedRow.substring(0, firstRemarkNotationOccurrence).trim();
+    return false;
 }
 /**
  *
- * @param {string } manifest - path to manifest
- * @return {[PackageURL]} list of ignored dependencies d
+ * @param {string} manifestContent go.mod file contents
+ * @param {import('web-tree-sitter').Parser} parser
+ * @param {import('web-tree-sitter').Query} requireQuery
+ * @return {PackageURL[]} list of ignored dependencies
  */
-function getIgnoredDeps(manifest) {
-    let goMod = fs.readFileSync(manifest).toString().trim();
-    let lines = goMod.split(getLineSeparatorGolang());
-    return lines.filter(line => ignoredLine(line)).map(line => extractPackageName(line)).map(dep => toPurl(dep, /[ ]{1,3}/));
+function getIgnoredDeps(manifestContent, parser, requireQuery) {
+    let tree = parser.parse(manifestContent);
+    return requireQuery.matches(tree.rootNode)
+        .filter(match => {
+        let specNode = match.captures.find(c => c.name === 'spec').node;
+        return hasExhortIgnore(specNode);
+    })
+        .map(match => {
+        let name = match.captures.find(c => c.name === 'name').node.text;
+        let version = match.captures.find(c => c.name === 'version').node.text;
+        return toPurl(`${name} ${version}`, /[ ]{1,3}/);
+    });
 }
 /**
  *
- * @param {[PackageURL]}allIgnoredDeps - list of purls of all dependencies that should be ignored
+ * @param {PackageURL[]} allIgnoredDeps list of purls of all dependencies that should be ignored
  * @param {PackageURL} purl object to be checked if needed to be ignored
  * @return {boolean}
  */
@@ -131,59 +141,29 @@ function enforceRemovingIgnoredDepsInCaseOfAutomaticVersionUpdate(ignoredDeps, s
 }
 /**
  *
- * @param {[string]} lines - array of lines of go.mod manifest
- * @param {string} goMod - content of go.mod manifest
- * @return {[string]} all dependencies from go.mod file as array
+ * @param {string} manifestContent go.mod file contents
+ * @param {import('web-tree-sitter').Parser} parser
+ * @param {import('web-tree-sitter').Query} requireQuery
+ * @return {string[]} all dependencies from go.mod file as "name version" strings
  */
-function collectAllDepsFromManifest(lines, goMod) {
-    let result;
-    // collect all deps that starts with require keyword
-    result = lines.filter((line) => line.trim().startsWith("require") && !line.includes("(")).map((dep) => dep.substring("require".length).trim());
-    // collect all deps that are inside `require` blocks
-    let currentSegmentOfGoMod = goMod;
-    let requirePositionObject = decideRequireBlockIndex(currentSegmentOfGoMod);
-    while (requirePositionObject.index > -1) {
-        let depsInsideRequirementsBlock = currentSegmentOfGoMod.substring(requirePositionObject.index + requirePositionObject.startingOffeset).trim();
-        let endOfBlockIndex = depsInsideRequirementsBlock.indexOf(")");
-        let currentIndex = 0;
-        while (currentIndex < endOfBlockIndex) {
-            let endOfLinePosition = depsInsideRequirementsBlock.indexOf(EOL, currentIndex);
-            let dependency = depsInsideRequirementsBlock.substring(currentIndex, endOfLinePosition);
-            result.push(dependency.trim());
-            currentIndex = endOfLinePosition + 1;
-        }
-        currentSegmentOfGoMod = currentSegmentOfGoMod.substring(endOfBlockIndex + 1).trim();
-        requirePositionObject = decideRequireBlockIndex(currentSegmentOfGoMod);
-    }
-    function decideRequireBlockIndex(goMod) {
-        let object = {};
-        let index = goMod.indexOf("require(");
-        object.startingOffeset = "require(".length;
-        if (index === -1) {
-            index = goMod.indexOf("require (");
-            object.startingOffeset = "require (".length;
-            if (index === -1) {
-                index = goMod.indexOf("require  (");
-                object.startingOffeset = "require  (".length;
-            }
-        }
-        object.index = index;
-        return object;
-    }
-    return result;
+function collectAllDepsFromManifest(manifestContent, parser, requireQuery) {
+    let tree = parser.parse(manifestContent);
+    return requireQuery.matches(tree.rootNode).map(match => {
+        let name = match.captures.find(c => c.name === 'name').node.text;
+        let version = match.captures.find(c => c.name === 'version').node.text;
+        return `${name} ${version}`;
+    });
 }
 /**
  *
  * @param {string} rootElementName the rootElementName element of go mod graph, to compare only direct deps from go mod graph against go.mod manifest
- * @param{[string]} goModGraphOutputRows the goModGraphOutputRows from go mod graph' output
- * @param {string }manifest path to go.mod manifest on file system
+ * @param {string[]} goModGraphOutputRows the goModGraphOutputRows from go mod graph' output
+ * @param {string} manifestContent go.mod file contents
  * @private
  */
-function performManifestVersionsCheck(rootElementName, goModGraphOutputRows, manifest) {
-    let goMod = fs.readFileSync(manifest).toString().trim();
-    let lines = goMod.split(getLineSeparatorGolang());
+function performManifestVersionsCheck(rootElementName, goModGraphOutputRows, manifestContent, parser, requireQuery) {
     let comparisonLines = goModGraphOutputRows.filter((line) => line.startsWith(rootElementName)).map((line) => getChildVertexFromEdge(line));
-    let manifestDeps = collectAllDepsFromManifest(lines, goMod);
+    let manifestDeps = collectAllDepsFromManifest(manifestContent, parser, requireQuery);
     try {
         comparisonLines.forEach((dependency) => {
             let parts = dependency.split("@");
@@ -195,7 +175,7 @@ function performManifestVersionsCheck(rootElementName, goModGraphOutputRows, man
                 let currentVersion = components[1];
                 if (currentDepName === depName) {
                     if (currentVersion !== version) {
-                        throw new Error(`versions mismatch for dependency name ${depName}, manifest version=${currentVersion}, installed Version=${version}, if you want to allow version mismatch for analysis between installed and requested packages, set environment variable/setting - MATCH_MANIFEST_VERSIONS=false`);
+                        throw new Error(`version mismatch for dependency "${depName}", manifest version=${currentVersion}, installed version=${version}, if you want to allow version mismatch for analysis between installed and requested packages, set environment variable/setting MATCH_MANIFEST_VERSIONS=false`);
                     }
                 }
             });
@@ -211,10 +191,10 @@ function performManifestVersionsCheck(rootElementName, goModGraphOutputRows, man
  * @param {string} manifest - path for go.mod
  * @param {{}} [opts={}] - optional various options to pass along the application
  * @param {boolean} includeTransitive - whether the sbom should contain transitive dependencies of the main module or not.
- * @returns {string} the SBOM json content
+ * @returns {Promise<string>} the SBOM json content
  * @private
  */
-function getSBOM(manifest, opts = {}, includeTransitive) {
+async function getSBOM(manifest, opts = {}, includeTransitive) {
     // get custom goBin path
     let goBin = getCustomPath('go', opts);
     // verify goBin is accessible
@@ -240,17 +220,29 @@ function getSBOM(manifest, opts = {}, includeTransitive) {
     catch (error) {
         throw new Error('failed to determine root module name', { cause: error });
     }
-    let ignoredDeps = getIgnoredDeps(manifest);
+    let manifestContent = fs.readFileSync(manifest).toString();
+    let [parser, requireQuery] = await Promise.all([getParser(), getRequireQuery()]);
+    let ignoredDeps = getIgnoredDeps(manifestContent, parser, requireQuery);
     let allIgnoredDeps = ignoredDeps.map((dep) => dep.toString());
     let sbom = new Sbom();
     let rows = goGraphOutput.split(getLineSeparatorGolang()).filter(line => !line.includes(' go@'));
-    let root = getParentVertexFromEdge(goModEditOutput['Module']['Path']);
+    let root = goModEditOutput['Module']['Path'];
+    // Build set of direct dependency paths from go mod edit -json
+    let directDepPaths = new Set();
+    if (goModEditOutput['Require']) {
+        goModEditOutput['Require'].forEach(req => {
+            if (!req['Indirect']) {
+                directDepPaths.add(req['Path']);
+            }
+        });
+    }
     let matchManifestVersions = getCustom("MATCH_MANIFEST_VERSIONS", "false", opts);
     if (matchManifestVersions === "true") {
-        performManifestVersionsCheck(root, rows, manifest);
+        performManifestVersionsCheck(root, rows, manifestContent, parser, requireQuery);
     }
     const mainModule = toPurl(root, "@");
-    sbom.addRoot(mainModule);
+    const license = readLicenseFromManifest(manifest);
+    sbom.addRoot(mainModule, license);
     const exhortGoMvsLogicEnabled = getCustom("TRUSTIFY_DA_GO_MVS_LOGIC_ENABLED", "true", opts);
     if (includeTransitive && exhortGoMvsLogicEnabled === "true") {
         rows = getFinalPackagesVersionsForModule(rows, manifest, goBin);
@@ -264,7 +256,11 @@ function getSBOM(manifest, opts = {}, includeTransitive) {
                 currentParent = getParentVertexFromEdge(row);
                 source = toPurl(currentParent, "@");
             }
-            let target = toPurl(getChildVertexFromEdge(row), "@");
+            let child = getChildVertexFromEdge(row);
+            let target = toPurl(child, "@");
+            if (getParentVertexFromEdge(row) === root && !directDepPaths.has(getPackageName(child))) {
+                return;
+            }
             sbom.addDependency(source, target);
         });
         // at the end, filter out all ignored dependencies including versions.
@@ -274,10 +270,12 @@ function getSBOM(manifest, opts = {}, includeTransitive) {
     else {
         let directDependencies = rows.filter(row => row.startsWith(root));
         directDependencies.forEach(pair => {
-            let dependency = getChildVertexFromEdge(pair);
-            let depPurl = toPurl(dependency, "@");
-            if (dependencyNotIgnored(ignoredDeps, depPurl)) {
-                sbom.addDependency(mainModule, depPurl);
+            let child = getChildVertexFromEdge(pair);
+            let target = toPurl(child, "@");
+            if (dependencyNotIgnored(ignoredDeps, target)) {
+                if (directDepPaths.has(getPackageName(child))) {
+                    sbom.addDependency(mainModule, target);
+                }
             }
         });
         enforceRemovingIgnoredDepsInCaseOfAutomaticVersionUpdate(ignoredDeps, sbom);
@@ -287,7 +285,7 @@ function getSBOM(manifest, opts = {}, includeTransitive) {
 /**
  * Utility function for creating Purl String
 
- * @param {string }dependency the name of the artifact, can include a namespace(group) or not - namespace/artifactName.
+ * @param {string} dependency the name of the artifact, can include a namespace(group) or not - namespace/artifactName.
  * @param {RegExp} delimiter delimiter between name of dependency and version
  * @private
  * @returns {PackageURL|null} PackageUrl Object ready to be used in SBOM
@@ -312,12 +310,12 @@ function toPurl(dependency, delimiter) {
     }
     return pkg;
 }
-/** This function gets rows from go mod graph , and go.mod graph, and selecting for all
+/** This function gets rows from go mod graph, and go.mod graph, and selecting for all
  * packages the has more than one minor the final versions as selected by golang MVS algorithm.
- * @param {[string]}rows all the rows from go modules dependency tree
+ * @param {string[]} rows all the rows from go modules dependency tree
  * @param {string} manifestPath the path of the go.mod file
  * @param {string} path to go binary
- * @return {[string]} rows that contains final versions.
+ * @return {string[]} rows that contains final versions.
  */
 function getFinalPackagesVersionsForModule(rows, manifestPath, goBin) {
     let manifestDir = path.dirname(manifestPath);
@@ -372,7 +370,7 @@ function getFinalPackagesVersionsForModule(rows, manifestPath, goBin) {
 /**
  *
  * @param {string} fullPackage - full package with its name and version
- * @return -{string} package name only
+ * @return {string} package name only
  * @private
  */
 function getPackageName(fullPackage) {
@@ -390,7 +388,7 @@ function isSpecialGoModule(moduleName) {
 /**
  *
  * @param {string} fullPackage - full package with its name and version
- * @return -{string} package version only
+ * @return {string|undefined} package version only
  * @private
  */
 function getVersionOfPackage(fullPackage) {

package/dist/src/providers/gomod_parser.d.ts

@@ -0,0 +1,4 @@
+export function getParser(): Promise<Parser>;
+export function getRequireQuery(): Promise<Query>;
+import { Parser } from 'web-tree-sitter';
+import { Query } from 'web-tree-sitter';

package/dist/src/providers/gomod_parser.js

@@ -0,0 +1,16 @@
+import { readFile } from 'node:fs/promises';
+import { Language, Parser, Query } from 'web-tree-sitter';
+const wasmUrl = new URL('./tree-sitter-gomod.wasm', import.meta.url);
+async function init() {
+    await Parser.init();
+    const wasmBytes = new Uint8Array(await readFile(wasmUrl));
+    return await Language.load(wasmBytes);
+}
+export async function getParser() {
+    const language = await init();
+    return new Parser().setLanguage(language);
+}
+export async function getRequireQuery() {
+    const language = await init();
+    return new Query(language, '(require_spec (module_path) @name (version) @version) @spec');
+}

package/dist/src/providers/java_gradle.d.ts

@@ -15,21 +15,27 @@ export default class Java_gradle extends Base_java {
      * @param {string} manifestDir - the directory where the manifest lies
      */
     validateLockFile(): boolean;
+    /**
+     * Gradle manifests (build.gradle, build.gradle.kts) have no standard license field.
+     * @param {string} manifestPath - path to manifest
+     * @returns {null}
+     */
+    readLicenseFromManifest(manifestPath: string): null;
     /**
      * Provide content and content type for stack analysis.
      * @param {string} manifest - the manifest path or name
      * @param {{}} [opts={}] - optional various options to pass along the application
      * @returns {Provided}
      */
-    provideStack(manifest: string, opts?: {} | undefined): Provided;
+    provideStack(manifest: string, opts?: {}): Provided;
     /**
      * Provide content and content type for maven-maven component analysis.
      * @param {string} manifest - path to pom.xml for component report
      * @param {{}} [opts={}] - optional various options to pass along the application
      * @returns {Provided}
      */
-    provideComponent(manifest: string, opts?: {} | undefined): Provided;
+    provideComponent(manifest: string, opts?: {}): Provided;
     #private;
 }
-export type Provided = import('../provider.js').Provided;
+export type Provided = import("../provider.js").Provided;
 import Base_java from "./base_java.js";

package/dist/src/providers/java_gradle.js

@@ -2,6 +2,7 @@ import fs from 'node:fs';
 import path from 'node:path';
 import { EOL } from 'os';
 import TOML from 'fast-toml';
+import { readLicenseFile } from '../license/license_utils.js';
 import Sbom from '../sbom.js';
 import Base_java, { ecosystem_gradle } from "./base_java.js";
 /** @typedef {import('../provider.js').Provider} */
@@ -49,6 +50,13 @@ export default class Java_gradle extends Base_java {
      * @param {string} manifestDir - the directory where the manifest lies
      */
     validateLockFile() { return true; }
+    /**
+     * Gradle manifests (build.gradle, build.gradle.kts) have no standard license field.
+     * @param {string} manifestPath - path to manifest
+     * @returns {null}
+     */
+    // eslint-disable-next-line no-unused-vars
+    readLicenseFromManifest(manifestPath) { return readLicenseFile(manifestPath); }
     /**
      * Provide content and content type for stack analysis.
      * @param {string} manifest - the manifest path or name
@@ -158,7 +166,8 @@ export default class Java_gradle extends Base_java {
         let sbom = new Sbom();
         let root = `${properties.group}:${properties[ROOT_PROJECT_KEY_NAME].match(/Root project '(.+)'/)[1]}:jar:${properties.version}`;
         let rootPurl = this.parseDep(root);
-        sbom.addRoot(rootPurl);
+        const license = this.readLicenseFromManifest(manifestPath);
+        sbom.addRoot(rootPurl, license);
         let ignoredDeps = this.#getIgnoredDeps(manifestPath);
         const [runtimeConfig, compileConfig] = this.#extractConfigurations(content);
         const processedDeps = new Set();
@@ -298,7 +307,8 @@ export default class Java_gradle extends Base_java {
         let sbom = new Sbom();
         let root = `${properties.group}:${properties[ROOT_PROJECT_KEY_NAME].match(/Root project '(.+)'/)[1]}:jar:${properties.version}`;
         let rootPurl = this.parseDep(root);
-        sbom.addRoot(rootPurl);
+        const license = this.readLicenseFromManifest(manifestPath);
+        sbom.addRoot(rootPurl, license);
         let ignoredDeps = this.#getIgnoredDeps(manifestPath);
         const [runtimeConfig, compileConfig] = this.#extractConfigurations(content);
         let directDependencies = new Map();

package/dist/src/providers/java_gradle_groovy.d.ts

@@ -3,5 +3,5 @@ export default class Java_gradle_groovy extends Java_gradle {
     _parseAliasForLibsNotation(alias: any): any;
     _extractDepToBeIgnored(dep: any): any;
 }
-export type Provided = import('../provider').Provided;
+export type Provided = import("../provider").Provided;
 import Java_gradle from './java_gradle.js';

package/dist/src/providers/java_gradle_kotlin.d.ts

@@ -7,5 +7,5 @@ export default class Java_gradle_kotlin extends Java_gradle {
     _parseAliasForLibsNotation(alias: any): any;
     _extractDepToBeIgnored(dep: any): string | null;
 }
-export type Provided = import('../provider').Provided;
+export type Provided = import("../provider").Provided;
 import Java_gradle from './java_gradle.js';

package/dist/src/providers/java_maven.d.ts

@@ -19,25 +19,32 @@ export default class Java_maven extends Base_java {
      * @param {{}} [opts={}] - optional various options to pass along the application
      * @returns {Provided}
      */
-    provideStack(manifest: string, opts?: {} | undefined): Provided;
+    provideStack(manifest: string, opts?: {}): Provided;
     /**
      * Provide content and content type for maven-maven component analysis.
      * @param {string} manifest - path to the manifest file
      * @param {{}} [opts={}] - optional various options to pass along the application
      * @returns {Provided}
      */
-    provideComponent(manifest: string, opts?: {} | undefined): Provided;
+    provideComponent(manifest: string, opts?: {}): Provided;
+    /**
+     * Read license from pom.xml manifest, with fallback to LICENSE file
+     * @param {string} manifestPath - path to pom.xml
+     * @returns {string|null}
+     */
+    readLicenseFromManifest(manifestPath: string): string | null;
     /**
      *
      * @param {String} textGraphList Text graph String of the manifest
      * @param {[String]} ignoredDeps List of ignored dependencies to be omitted from sbom
+     * @param {String} manifestPath Path to the pom.xml manifest
      * @return {String} formatted sbom Json String with all dependencies
      */
-    createSbomFileFromTextFormat(textGraphList: string, ignoredDeps: [string], opts: any): string;
+    createSbomFileFromTextFormat(textGraphList: string, ignoredDeps: [string], opts: any, manifestPath: string): string;
     #private;
 }
-export type Java_maven = import('../provider').Provider;
-export type Provided = import('../provider').Provided;
+export type Java_maven = import("../provider").Provider;
+export type Provided = import("../provider").Provided;
 export type Package = {
     name: string;
     version: string;