ts-node-client 1.8.4 → 1.8.7

package/README.md

@@ -8,14 +8,12 @@
 
 [![npm package](https://nodei.co/npm/ts-node-client.png?downloads=true&downloadRank=true&stars=true)](https://nodei.co/npm/ts-node-client/)
 
-TrustSource node client
-
-> node module to transfer dependency information to TrustSource server.
+> TrustSource node client - node module to transfer dependency information to TrustSource server.
 
 ## Requirements
-
 * node >= 8.9.0
-* npm < 8.0.0
+* npm < 8.0.0 use **ts-node-client@1.***
+* npm >= 8.0.0 use **ts-node-client@2.***
 
 ## Installation
 Run: `npm install --save-dev ts-node-client` or `yarn add --dev ts-node-client`
@@ -48,8 +46,8 @@ You also may initiate transfer to TrustSource server manually by executing follo
 
 ```
 node_modules/.bin/ts-node-client
-node_modules/.bin/ts-node-client -k apiKey -p Project
-node_modules/.bin/ts-node-client -c config.json
+node_modules/.bin/ts-node-client -k apiKey -p Project --breakOnWarnings false --breakOnViolations true
+node_modules/.bin/ts-node-client -c config.json 
 ```
 ```
 npm / node module to transfer dependency information to TrustSource server.
@@ -65,7 +63,7 @@ Options:
   --proxy         Proxy url like 'https://user:password@host:port'   [default: null]
   --version, -v   Prints a version                                   [default: false]
   --saveAs, -o              Save as file (file name prefix)          [default: null]
-  --saveAsFormat, --of      Save as format (scan / cydx / spdx)      [default: null]
+  --saveAsFormat, -of      Save as format (scan / cydx / spdx)       [default: null]
   --debug                                                            [default: null]
   --simulate                                                         [default: null]
   --includeDevDependencies                                           [default: null]
@@ -73,7 +71,12 @@ Options:
   --breakOnWarnings                                                  [default: null]
   --breakOnViolations                                                [default: null]
   --help          Prints a usage statement                           [boolean]
+
 ```
+PLEASE NOTE: if you want to pass param into function
+you should add value, for example:
+
+`--breakOnViolations true` or `--saveAs sbom`
 
 ## Software bill of materials
 
@@ -83,94 +86,72 @@ Options:
 ## Known problems
 
 ####  Error: The programmatic API was removed in npm v8.0.0
-You should upgrade to later versions of ts-node-client
+You should upgrade to 2.* versions of ts-node-client
 
 ## Changelog
 
+#### 2.0
+- Support new scan tool and fix problem with programmatic API for >= npm@8.0.0
+
 #### 1.8.*
 - SBOM
 - **--saveAs** and **--saveAsFormat**
 - Bump minimist from 1.2.5 to 1.2.6
 - Bump urijs from 1.19.10 to 1.19.11
+- replace packageurl-js with simple local function
+- improve docs
 
 #### 1.7.*
 - request -> axios
 - fix dependencies
 - doc fixes
 
-#### 1.6.0
+#### 1.6.*
 - **--breakOnWarnings** and **--breakOnViolations**
 - Bump devDependencies
 
-#### 1.5.2
+#### 1.5.*
 - Describe `Error: The programmatic API was removed in npm v8.0.0`
-
-#### 1.5.1
 - Bump devDependencies
 - Introduce sonarjs
 
-#### 1.4.3
+#### 1.4.*
 - Bump glob-parent from 5.1.1 to 5.1.2
 - Bump path-parse from 1.0.6 to 1.0.7
-
-#### 1.4.2
 - Bump lodash from 4.17.19 to 4.17.21
-
-#### 1.4.1
 - Bump y18n from 4.0.0 to 4.0.1
-
-#### 1.4.0
 - Added:
     - option **--includeDevDependencies**. It is allow to scan dev dependencies
 
-#### 1.3.1
+#### 1.3.*
 - Use [`global-npm`](https://github.com/dracupid/global-npm) (meaning `npm` is no longer a dependency of `ts-node-client`)
 
-#### 1.2.3
+#### 1.2.*
 - Added:
     - option **--brakeOnViolations**. It is fail build in case any violations after scan transferred.
     - option **--brakeOnWarnings**. It is fail build in case any warning after scan transferred.
 
-#### 1.1.2
+#### 1.1.*
 - userName is not required param for scans
 - Support usage of scan meta param binaryLinks inside Options definition
 
-
-#### 1.0.0
+#### 1.0.*
 - Node JS and dependencies updates "node": ">= 8.12.0"
 
-#### 0.3.4 - 0.3.6
+#### 0.3.*
 - Improve variable usage and tasks migration
-
-#### 0.3.3
 - Support usage of scan meta params: branch and tag inside Options definition
-
-#### 0.3.2
 - Skip npmDependency without names
-
-#### 0.3.1
 - Update travis config
-
-#### 0.3.0
 - Update dependency to resolve vulnerabilities
 
-#### 0.2.5
+#### 0.2.*
 - Added proxy support and config
-
-#### 0.2.4
 - Update travis config
-
-#### 0.2.3
 - Updated README.md with `app.trustsource.io`
-
-#### 0.2.2
 - Updated default url to `app.trustsource.io`
-
-#### 0.2.1
 - Added windows support
 - Fixed json 
-
-#### 0.2.0
 - **Removed:**
     - options: **--credentials** and **--credentialsFile** instead you should use **--config**.
     - option **--baseUrl** instead you should use **--url**.

package/lib/convertor.js

@@ -5,7 +5,7 @@
  * SPDX-License-Identifier:  Apache-2.0
  *********************************************************/
 /* eslint-enable */
-const PackageURL = require('packageurl-js');
+const PackageURL = require('./pkg');
 
 const Convertor = {};
 
@@ -65,8 +65,7 @@ function getPackageUrl(componentKey, version) {
         const org = parts.length > 1 ? parts[0] : null;
         const key = parts.length > 1 ? parts[1] : parts[0];
         if (key) {
-            const packageUrl = new PackageURL(result.manager, org, key, version);
-            return packageUrl.toString();
+            return PackageURL.get(result.manager, org, key, version);
         }
         return null;
     }

package/lib/pkg.js

@@ -0,0 +1,32 @@
+/* eslint-disable */
+/**********************************************************
+ * Copyright (c) 2022. Enterprise Architecture Group, EACG
+ *
+ * SPDX-License-Identifier:  Apache-2.0
+ *********************************************************/
+/* eslint-enable */
+
+const PackageURL = {};
+
+PackageURL.get = function get(manager, org, key, version) {
+    // scheme:type/namespace/name@version?qualifiers#subpath
+    const parts = [];
+    let partVersion;
+    if (manager) {
+        parts.push(encodeURI(manager));
+    }
+    if (org) {
+        parts.push(encodeURI(org).replace('%3A', ':'));
+    }
+    if (key) {
+        parts.push(encodeURI(key).replace('%3A', ':'));
+    }
+    if (version) {
+        partVersion = `@${encodeURI(version).replace('%3A', ':')}`;
+    }
+    return `pkg:${parts.join('/')}${partVersion}`;
+};
+
+
+module.exports = PackageURL;
+

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "ts-node-client",
   "description": "npm / node module to transfer dependency information to TrustSource server.",
-  "version": "1.8.4",
+  "version": "1.8.7",
   "private": false,
   "homepage": "https://app.trustsource.io/",
   "author": {
@@ -23,8 +23,9 @@
   },
   "scripts": {
     "scan": "node ./bin/ts-node-client.js",
-    "scan-with-brakes": "ts-node-client --breakOnViolations true --breakOnWarnings true",
-    "scan-prod": "ts-node-client --debug true",
+    "scan-with-brakes": "node ./bin/ts-node-client.js --breakOnViolations true --breakOnWarnings true",
+    "scan-to-file": "node ./bin/ts-node-client.js --saveAsFormat cydx --saveAs test",
+    "scan-prod": "node ./bin/ts-node-client.js --debug true",
     "lint": "eslint bin lib test",
     "lint-fix": "eslint bin lib test --fix",
     "test": "mocha test",
@@ -35,8 +36,7 @@
     "debuglog": "1.0.1",
     "global-npm": "0.5.0",
     "semver": "7.3.5",
-    "yargs": "^15.4.1",
-    "packageurl-js": "github:eacg-gmbh/packageurl-js#v0.1.1"
+    "yargs": "^15.4.1"
   },
   "devDependencies": {
     "eslint": "^7.32.0",
@@ -44,8 +44,7 @@
     "eslint-plugin-import": "^2.25.2",
     "eslint-plugin-sonarjs": "^0.10.0",
     "mocha": "^9.2.2",
-    "nock": "^12.0.3",
-    "ts-node-client": "1.8.3"
+    "nock": "^12.0.3"
   },
   "keywords": [
     "node",