cyclonedx-node-yarn
cyclonedx-node-yarn copied to clipboard
CycloneDX
Create CycloneDX Software Bill of Materials (SBOM) from Node.js Yarn projects.
Bumps the eslint group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `6.21.0` |...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [packageurl-js](https://github.com/package-url/packageurl-js) from 1.2.1 to 2.0.0. Changelog Sourced from packageurl-js's changelog. 2.0.0 Significant refactor based on code from @jdalton Numerous bug fixes and improvements the community was asking for See...
Bumps [rimraf](https://github.com/isaacs/rimraf) from 5.0.9 to 6.0.1. Changelog Sourced from rimraf's changelog. 6.0 Drop support for nodes before v20 Add --version to CLI 5.0 No default export, only named exports 4.4...
Bumps [normalize-package-data](https://github.com/npm/normalize-package-data) from 6.0.1 to 6.0.2. Release notes Sourced from normalize-package-data's releases. v6.0.2 6.0.2 (2024-06-25) Dependencies 43bab20 #224 replace is-core-module with node builtin (#224) (@SuperchupuDev, @wraithgar) Changelog Sourced from normalize-package-data's...
Currently this plugin will only resolve the dependencies/components for a single workspace at a time, which can introduce additional complexity/complication when working in a multi-workspace monorepo. Enhancing the plugin to...
## goal add a CycloneDX property that indicates, that a component is a dev-dependency. yarn utilizes all the criteria defined by `npm`/npmjs. lets use the exsiting properties ... `cdx:npm:package:development` --...
## Describe the bug When attempting to generate the SBOM and a package.json contains for example `"version": "1.0-dev" `it now crashes in a function called `Object.fixVersionField`. This concerns me as...
caused by #22 similar to - https://github.com/CycloneDX/cyclonedx-python/issues/570 - https://github.com/CycloneDX/cyclonedx-node-npm/issues/256 ---- ## Is your feature request related to a problem? Please describe. For legal documentation, we need the original text of...
## Is your feature request related to a problem? Please describe. Per CycloneDX specification, the components' scope means (see [docs](https://cyclonedx.org/docs/1.6/json/#components_items_scope)) - "required": The component is required for runtime - "optional":...
validate SBOM result. shoudl be able to disable vi CLI option `--no-validate`. (enable via `--validate`)