From 5c34fb1edc6e0e249d08156e34fe1bbd2d232006 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 4 Sep 2024 17:58:47 +0200 Subject: [PATCH] tests: updated results from latest demo data Signed-off-by: Jan Kowalleck --- .../local-dependencies_from-setup.snap.json | 53 +---- .../local-dependencies_from-setup.snap.xml | 35 +-- ...encies_npm10_node18_macos-latest.snap.json | 29 ++- ...ncies_npm10_node18_ubuntu-latest.snap.json | 29 ++- ...cies_npm10_node18_windows-latest.snap.json | 29 ++- ...cies_npm10_node22_windows-latest.snap.json | 187 +++++++++++++++ ...encies_npm6_node14_ubuntu-latest.snap.json | 38 ++- ...ncies_npm6_node14_windows-latest.snap.json | 38 ++- ...dencies_npm6_node16_macos-latest.snap.json | 216 ++++++++++++++++++ ...ncies_npm6_node22_windows-latest.snap.json | 216 ++++++++++++++++++ ...encies_npm7_node14_ubuntu-latest.snap.json | 19 +- ...ncies_npm7_node14_windows-latest.snap.json | 19 +- ...dencies_npm7_node16_macos-latest.snap.json | 187 +++++++++++++++ ...ncies_npm7_node22_windows-latest.snap.json | 187 +++++++++++++++ ...encies_npm8_node14_ubuntu-latest.snap.json | 19 +- ...ncies_npm8_node14_windows-latest.snap.json | 19 +- ...dencies_npm8_node16_macos-latest.snap.json | 187 +++++++++++++++ ...ncies_npm8_node22_windows-latest.snap.json | 187 +++++++++++++++ ...dencies_npm9_node16_macos-latest.snap.json | 19 +- ...encies_npm9_node16_ubuntu-latest.snap.json | 19 +- ...ncies_npm9_node16_windows-latest.snap.json | 19 +- ...ncies_npm9_node22_windows-latest.snap.json | 187 +++++++++++++++ .../local-workspaces_from-setup.snap.json | 39 +++- .../bare/local-workspaces_from-setup.snap.xml | 23 ++ ...spaces_npm10_node18_macos-latest.snap.json | 36 ++- ...paces_npm10_node18_ubuntu-latest.snap.json | 36 ++- ...aces_npm10_node18_windows-latest.snap.json | 36 ++- ...aces_npm10_node22_windows-latest.snap.json | 207 +++++++++++++++++ ...spaces_npm7_node14_ubuntu-latest.snap.json | 36 ++- ...paces_npm7_node14_windows-latest.snap.json | 36 ++- ...kspaces_npm7_node16_macos-latest.snap.json | 207 +++++++++++++++++ ...paces_npm7_node22_windows-latest.snap.json | 207 +++++++++++++++++ ...spaces_npm8_node14_ubuntu-latest.snap.json | 36 ++- ...paces_npm8_node14_windows-latest.snap.json | 36 ++- ...kspaces_npm8_node16_macos-latest.snap.json | 207 +++++++++++++++++ ...paces_npm8_node22_windows-latest.snap.json | 207 +++++++++++++++++ ...kspaces_npm9_node16_macos-latest.snap.json | 36 ++- ...spaces_npm9_node16_ubuntu-latest.snap.json | 36 ++- ...paces_npm9_node16_windows-latest.snap.json | 36 ++- ...paces_npm9_node22_windows-latest.snap.json | 207 +++++++++++++++++ .../local-dependencies_from-setup.snap.json | 53 +---- .../local-dependencies_from-setup.snap.xml | 35 +-- ...encies_npm10_node18_macos-latest.snap.json | 29 ++- ...ncies_npm10_node18_ubuntu-latest.snap.json | 29 ++- ...cies_npm10_node18_windows-latest.snap.json | 29 ++- ...cies_npm10_node22_windows-latest.snap.json | 187 +++++++++++++++ ...encies_npm6_node14_ubuntu-latest.snap.json | 38 ++- ...ncies_npm6_node14_windows-latest.snap.json | 38 ++- ...dencies_npm6_node16_macos-latest.snap.json | 216 ++++++++++++++++++ ...ncies_npm6_node22_windows-latest.snap.json | 216 ++++++++++++++++++ ...encies_npm7_node14_ubuntu-latest.snap.json | 19 +- ...ncies_npm7_node14_windows-latest.snap.json | 19 +- ...dencies_npm7_node16_macos-latest.snap.json | 187 +++++++++++++++ ...ncies_npm7_node22_windows-latest.snap.json | 187 +++++++++++++++ ...encies_npm8_node14_ubuntu-latest.snap.json | 19 +- ...ncies_npm8_node14_windows-latest.snap.json | 19 +- ...dencies_npm8_node16_macos-latest.snap.json | 187 +++++++++++++++ ...ncies_npm8_node22_windows-latest.snap.json | 187 +++++++++++++++ ...dencies_npm9_node16_macos-latest.snap.json | 19 +- ...encies_npm9_node16_ubuntu-latest.snap.json | 19 +- ...ncies_npm9_node16_windows-latest.snap.json | 19 +- ...ncies_npm9_node22_windows-latest.snap.json | 187 +++++++++++++++ .../local-workspaces_from-setup.snap.json | 39 +++- .../local-workspaces_from-setup.snap.xml | 23 ++ ...spaces_npm10_node18_macos-latest.snap.json | 36 ++- ...paces_npm10_node18_ubuntu-latest.snap.json | 36 ++- ...aces_npm10_node18_windows-latest.snap.json | 36 ++- ...aces_npm10_node22_windows-latest.snap.json | 207 +++++++++++++++++ ...spaces_npm7_node14_ubuntu-latest.snap.json | 36 ++- ...paces_npm7_node14_windows-latest.snap.json | 36 ++- ...kspaces_npm7_node16_macos-latest.snap.json | 207 +++++++++++++++++ ...paces_npm7_node22_windows-latest.snap.json | 207 +++++++++++++++++ ...spaces_npm8_node14_ubuntu-latest.snap.json | 36 ++- ...paces_npm8_node14_windows-latest.snap.json | 36 ++- ...kspaces_npm8_node16_macos-latest.snap.json | 207 +++++++++++++++++ ...paces_npm8_node22_windows-latest.snap.json | 207 +++++++++++++++++ ...kspaces_npm9_node16_macos-latest.snap.json | 36 ++- ...spaces_npm9_node16_ubuntu-latest.snap.json | 36 ++- ...paces_npm9_node16_windows-latest.snap.json | 36 ++- ...paces_npm9_node22_windows-latest.snap.json | 207 +++++++++++++++++ 80 files changed, 6954 insertions(+), 250 deletions(-) create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node16_macos-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node22_windows-latest.snap.json create mode 100644 tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node22_windows-latest.snap.json diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json index e938f815..d82e79d8 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json @@ -187,56 +187,22 @@ }, { "type": "library", - "name": "my-noname", - "version": "0.0.0", - "bom-ref": "my-noname@0.0.0", - "description": "demo: with no/empty name", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "acknowledgement": "declared" - } - } - ], - "purl": "pkg:npm/my-noname@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname", - "externalReferences": [ - { - "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/my-noname" - }, - { - "name": "cdx:npm:package:private", - "value": "true" - } - ] + "name": "DummyComponent.InterferedDependency.my-noname", + "bom-ref": "DummyComponent.InterferedDependency.my-noname", + "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed." } ], "dependencies": [ { "ref": "demo-local-deps@0.0.0", "dependsOn": [ - "my-local-a@0.0.0", - "my-noname@0.0.0" + "DummyComponent.InterferedDependency.my-noname", + "my-local-a@0.0.0" ] }, + { + "ref": "DummyComponent.InterferedDependency.my-noname" + }, { "ref": "my-local-a@0.0.0", "dependsOn": [ @@ -245,9 +211,6 @@ }, { "ref": "my-local-b-off@0.0.0" - }, - { - "ref": "my-noname@0.0.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml index d6a29402..ccd10b71 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml @@ -134,45 +134,20 @@ true - - my-noname - 0.0.0 - demo: with no/empty name - - - Apache-2.0 - - - pkg:npm/my-noname@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname - - - https://github.com/CycloneDX/cyclonedx-node-npm/issues - as detected from PackageJson property "bugs.url" - - - git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname - as detected from PackageJson property "repository.url" and "repository.directory" - - - https://github.com/CycloneDX/cyclonedx-node-npm#readme - as detected from PackageJson property "homepage" - - - - node_modules/my-noname - true - + + DummyComponent.InterferedDependency.my-noname + This is a dummy component "InterferedDependency.my-noname" that fills the gap where the actual built failed. + - + - \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json index d48eb1d1..2b70b939 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -105,9 +122,9 @@ }, { "type": "library", - "name": "my-local-b", + "name": "my-local-b-off", "version": "0.0.0", - "bom-ref": "my-local-b@0.0.0", + "bom-ref": "my-local-b-off@0.0.0", "licenses": [ { "license": { @@ -116,7 +133,7 @@ } } ], - "purl": "pkg:npm/my-local-b@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0", "properties": [ { "name": "cdx:npm:package:path", @@ -157,11 +174,11 @@ { "ref": "my-local-a@0.0.0", "dependsOn": [ - "my-local-b@0.0.0" + "my-local-b-off@0.0.0" ] }, { - "ref": "my-local-b@0.0.0" + "ref": "my-local-b-off@0.0.0" }, { "ref": "my-noname@0.0.0" diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json index d48eb1d1..2b70b939 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -105,9 +122,9 @@ }, { "type": "library", - "name": "my-local-b", + "name": "my-local-b-off", "version": "0.0.0", - "bom-ref": "my-local-b@0.0.0", + "bom-ref": "my-local-b-off@0.0.0", "licenses": [ { "license": { @@ -116,7 +133,7 @@ } } ], - "purl": "pkg:npm/my-local-b@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0", "properties": [ { "name": "cdx:npm:package:path", @@ -157,11 +174,11 @@ { "ref": "my-local-a@0.0.0", "dependsOn": [ - "my-local-b@0.0.0" + "my-local-b-off@0.0.0" ] }, { - "ref": "my-local-b@0.0.0" + "ref": "my-local-b-off@0.0.0" }, { "ref": "my-noname@0.0.0" diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json index d48eb1d1..2b70b939 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -105,9 +122,9 @@ }, { "type": "library", - "name": "my-local-b", + "name": "my-local-b-off", "version": "0.0.0", - "bom-ref": "my-local-b@0.0.0", + "bom-ref": "my-local-b-off@0.0.0", "licenses": [ { "license": { @@ -116,7 +133,7 @@ } } ], - "purl": "pkg:npm/my-local-b@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0", "properties": [ { "name": "cdx:npm:package:path", @@ -157,11 +174,11 @@ { "ref": "my-local-a@0.0.0", "dependsOn": [ - "my-local-b@0.0.0" + "my-local-b-off@0.0.0" ] }, { - "ref": "my-local-b@0.0.0" + "ref": "my-local-b-off@0.0.0" }, { "ref": "my-noname@0.0.0" diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node22_windows-latest.snap.json new file mode 100644 index 00000000..2b70b939 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json index 1f522596..d82e79d8 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -139,7 +156,24 @@ } } ], - "purl": "pkg:npm/my-local-b-off@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json index 1f522596..d82e79d8 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -139,7 +156,24 @@ } } ], - "purl": "pkg:npm/my-local-b-off@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node16_macos-latest.snap.json new file mode 100644 index 00000000..d82e79d8 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node16_macos-latest.snap.json @@ -0,0 +1,216 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "description": "demo: my-local-a", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "description": "demo: my-local-b-off - a package with a different name than its dir", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "DummyComponent.InterferedDependency.my-noname", + "bom-ref": "DummyComponent.InterferedDependency.my-noname", + "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed." + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "DummyComponent.InterferedDependency.my-noname", + "my-local-a@0.0.0" + ] + }, + { + "ref": "DummyComponent.InterferedDependency.my-noname" + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node22_windows-latest.snap.json new file mode 100644 index 00000000..d82e79d8 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node22_windows-latest.snap.json @@ -0,0 +1,216 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "description": "demo: my-local-a", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "description": "demo: my-local-b-off - a package with a different name than its dir", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "DummyComponent.InterferedDependency.my-noname", + "bom-ref": "DummyComponent.InterferedDependency.my-noname", + "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed." + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "DummyComponent.InterferedDependency.my-noname", + "my-local-a@0.0.0" + ] + }, + { + "ref": "DummyComponent.InterferedDependency.my-noname" + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node16_macos-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node16_macos-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node22_windows-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node16_macos-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node16_macos-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node22_windows-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node22_windows-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json index d8fccdaf..25ca1ae6 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json @@ -187,6 +187,39 @@ "value": "true" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "description": "demo: my-local-e - a standalone package that is not dependency of root nor any other workspace", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e", + "externalReferences": [ + { + "url": "git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] } ], "dependencies": [ @@ -195,7 +228,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -213,6 +247,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml index 66d93361..328cd4d9 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml @@ -131,12 +131,34 @@ true + + my-local-e + 0.1.0 + demo: my-local-e - a standalone package that is not dependency of root nor any other workspace + + + Apache-2.0 + + + pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e + + + git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e + as detected from PackageJson property "repository.url" and "repository.directory" + + + + node_modules/my-local-e + true + + + @@ -146,5 +168,6 @@ + \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node16_macos-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node16_macos-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node16_macos-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node16_macos-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json index e938f815..d82e79d8 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json @@ -187,56 +187,22 @@ }, { "type": "library", - "name": "my-noname", - "version": "0.0.0", - "bom-ref": "my-noname@0.0.0", - "description": "demo: with no/empty name", - "licenses": [ - { - "license": { - "id": "Apache-2.0", - "acknowledgement": "declared" - } - } - ], - "purl": "pkg:npm/my-noname@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname", - "externalReferences": [ - { - "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", - "type": "issue-tracker", - "comment": "as detected from PackageJson property \"bugs.url\"" - }, - { - "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname", - "type": "vcs", - "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" - }, - { - "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", - "type": "website", - "comment": "as detected from PackageJson property \"homepage\"" - } - ], - "properties": [ - { - "name": "cdx:npm:package:path", - "value": "node_modules/my-noname" - }, - { - "name": "cdx:npm:package:private", - "value": "true" - } - ] + "name": "DummyComponent.InterferedDependency.my-noname", + "bom-ref": "DummyComponent.InterferedDependency.my-noname", + "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed." } ], "dependencies": [ { "ref": "demo-local-deps@0.0.0", "dependsOn": [ - "my-local-a@0.0.0", - "my-noname@0.0.0" + "DummyComponent.InterferedDependency.my-noname", + "my-local-a@0.0.0" ] }, + { + "ref": "DummyComponent.InterferedDependency.my-noname" + }, { "ref": "my-local-a@0.0.0", "dependsOn": [ @@ -245,9 +211,6 @@ }, { "ref": "my-local-b-off@0.0.0" - }, - { - "ref": "my-noname@0.0.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml index d6a29402..ccd10b71 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml @@ -134,45 +134,20 @@ true - - my-noname - 0.0.0 - demo: with no/empty name - - - Apache-2.0 - - - pkg:npm/my-noname@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname - - - https://github.com/CycloneDX/cyclonedx-node-npm/issues - as detected from PackageJson property "bugs.url" - - - git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-noname - as detected from PackageJson property "repository.url" and "repository.directory" - - - https://github.com/CycloneDX/cyclonedx-node-npm#readme - as detected from PackageJson property "homepage" - - - - node_modules/my-noname - true - + + DummyComponent.InterferedDependency.my-noname + This is a dummy component "InterferedDependency.my-noname" that fills the gap where the actual built failed. + - + - \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json index d48eb1d1..2b70b939 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -105,9 +122,9 @@ }, { "type": "library", - "name": "my-local-b", + "name": "my-local-b-off", "version": "0.0.0", - "bom-ref": "my-local-b@0.0.0", + "bom-ref": "my-local-b-off@0.0.0", "licenses": [ { "license": { @@ -116,7 +133,7 @@ } } ], - "purl": "pkg:npm/my-local-b@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0", "properties": [ { "name": "cdx:npm:package:path", @@ -157,11 +174,11 @@ { "ref": "my-local-a@0.0.0", "dependsOn": [ - "my-local-b@0.0.0" + "my-local-b-off@0.0.0" ] }, { - "ref": "my-local-b@0.0.0" + "ref": "my-local-b-off@0.0.0" }, { "ref": "my-noname@0.0.0" diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json index d48eb1d1..2b70b939 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -105,9 +122,9 @@ }, { "type": "library", - "name": "my-local-b", + "name": "my-local-b-off", "version": "0.0.0", - "bom-ref": "my-local-b@0.0.0", + "bom-ref": "my-local-b-off@0.0.0", "licenses": [ { "license": { @@ -116,7 +133,7 @@ } } ], - "purl": "pkg:npm/my-local-b@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0", "properties": [ { "name": "cdx:npm:package:path", @@ -157,11 +174,11 @@ { "ref": "my-local-a@0.0.0", "dependsOn": [ - "my-local-b@0.0.0" + "my-local-b-off@0.0.0" ] }, { - "ref": "my-local-b@0.0.0" + "ref": "my-local-b-off@0.0.0" }, { "ref": "my-noname@0.0.0" diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json index d48eb1d1..2b70b939 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -105,9 +122,9 @@ }, { "type": "library", - "name": "my-local-b", + "name": "my-local-b-off", "version": "0.0.0", - "bom-ref": "my-local-b@0.0.0", + "bom-ref": "my-local-b-off@0.0.0", "licenses": [ { "license": { @@ -116,7 +133,7 @@ } } ], - "purl": "pkg:npm/my-local-b@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0", "properties": [ { "name": "cdx:npm:package:path", @@ -157,11 +174,11 @@ { "ref": "my-local-a@0.0.0", "dependsOn": [ - "my-local-b@0.0.0" + "my-local-b-off@0.0.0" ] }, { - "ref": "my-local-b@0.0.0" + "ref": "my-local-b-off@0.0.0" }, { "ref": "my-noname@0.0.0" diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node22_windows-latest.snap.json new file mode 100644 index 00000000..2b70b939 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json index 1f522596..d82e79d8 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -139,7 +156,24 @@ } } ], - "purl": "pkg:npm/my-local-b-off@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json index 1f522596..d82e79d8 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -139,7 +156,24 @@ } } ], - "purl": "pkg:npm/my-local-b-off@0.0.0", + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node16_macos-latest.snap.json new file mode 100644 index 00000000..d82e79d8 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node16_macos-latest.snap.json @@ -0,0 +1,216 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "description": "demo: my-local-a", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "description": "demo: my-local-b-off - a package with a different name than its dir", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "DummyComponent.InterferedDependency.my-noname", + "bom-ref": "DummyComponent.InterferedDependency.my-noname", + "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed." + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "DummyComponent.InterferedDependency.my-noname", + "my-local-a@0.0.0" + ] + }, + { + "ref": "DummyComponent.InterferedDependency.my-noname" + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node22_windows-latest.snap.json new file mode 100644 index 00000000..d82e79d8 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node22_windows-latest.snap.json @@ -0,0 +1,216 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "description": "demo: my-local-a", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "description": "demo: my-local-b-off - a package with a different name than its dir", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + }, + { + "type": "library", + "name": "DummyComponent.InterferedDependency.my-noname", + "bom-ref": "DummyComponent.InterferedDependency.my-noname", + "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed." + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "DummyComponent.InterferedDependency.my-noname", + "my-local-a@0.0.0" + ] + }, + { + "ref": "DummyComponent.InterferedDependency.my-noname" + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node16_macos-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node16_macos-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node22_windows-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node16_macos-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node16_macos-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node22_windows-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json index d48eb1d1..98ba3007 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json @@ -68,7 +68,24 @@ } } ], - "purl": "pkg:npm/demo-local-deps@0.0.0", + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node22_windows-latest.snap.json new file mode 100644 index 00000000..98ba3007 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node22_windows-latest.snap.json @@ -0,0 +1,187 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-local-deps", + "version": "0.0.0", + "bom-ref": "demo-local-deps@0.0.0", + "description": "demo: demo-local-deps -- showcase how local dependencies look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.0.0", + "bom-ref": "my-local-a@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b", + "version": "0.0.0", + "bom-ref": "my-local-b@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-noname", + "version": "0.0.0", + "bom-ref": "my-noname@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-noname@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-noname" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-local-deps@0.0.0", + "dependsOn": [ + "my-local-a@0.0.0", + "my-noname@0.0.0" + ] + }, + { + "ref": "my-local-a@0.0.0", + "dependsOn": [ + "my-local-b@0.0.0" + ] + }, + { + "ref": "my-local-b@0.0.0" + }, + { + "ref": "my-noname@0.0.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json index d8fccdaf..25ca1ae6 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json @@ -187,6 +187,39 @@ "value": "true" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "description": "demo: my-local-e - a standalone package that is not dependency of root nor any other workspace", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e", + "externalReferences": [ + { + "url": "git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] } ], "dependencies": [ @@ -195,7 +228,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -213,6 +247,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml index 66d93361..328cd4d9 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml @@ -131,12 +131,34 @@ true + + my-local-e + 0.1.0 + demo: my-local-e - a standalone package that is not dependency of root nor any other workspace + + + Apache-2.0 + + + pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e + + + git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e + as detected from PackageJson property "repository.url" and "repository.directory" + + + + node_modules/my-local-e + true + + + @@ -146,5 +168,6 @@ + \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node16_macos-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node16_macos-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node16_macos-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node16_macos-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json index ba6ae482..584ae339 100644 --- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json @@ -68,7 +68,14 @@ } } ], - "purl": "pkg:npm/demo-workspaces@0.0.0", + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], "properties": [ { "name": "cdx:npm:package:path", @@ -144,6 +151,27 @@ "value": "node_modules/my-local-c" } ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] } ], "dependencies": [ @@ -152,7 +180,8 @@ "dependsOn": [ "my-local-a@0.1.0", "my-local-b-off@0.0.0", - "my-local-c@0.23.42" + "my-local-c@0.23.42", + "my-local-e@0.1.0" ] }, { @@ -170,6 +199,9 @@ "my-local-a@0.1.0", "my-local-b-off@0.0.0" ] + }, + { + "ref": "my-local-e@0.1.0" } ] } \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node22_windows-latest.snap.json new file mode 100644 index 00000000..584ae339 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node22_windows-latest.snap.json @@ -0,0 +1,207 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "npmVersion-testing" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-workspaces", + "version": "0.0.0", + "bom-ref": "demo-workspaces@0.0.0", + "description": "demo: demo-workspaces -- showcase how workspaces look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git", + "externalReferences": [ + { + "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "my-local-a", + "version": "0.1.0", + "bom-ref": "my-local-a@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-a@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-a" + } + ] + }, + { + "type": "library", + "name": "my-local-b-off", + "version": "0.0.0", + "bom-ref": "my-local-b-off@0.0.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-b-off@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-b-off" + } + ] + }, + { + "type": "library", + "name": "my-local-c", + "version": "0.23.42", + "bom-ref": "my-local-c@0.23.42", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-c@0.23.42", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-c" + } + ] + }, + { + "type": "library", + "name": "my-local-e", + "version": "0.1.0", + "bom-ref": "my-local-e@0.1.0", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/my-local-e@0.1.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/my-local-e" + } + ] + } + ], + "dependencies": [ + { + "ref": "demo-workspaces@0.0.0", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0", + "my-local-c@0.23.42", + "my-local-e@0.1.0" + ] + }, + { + "ref": "my-local-a@0.1.0", + "dependsOn": [ + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-b-off@0.0.0" + }, + { + "ref": "my-local-c@0.23.42", + "dependsOn": [ + "my-local-a@0.1.0", + "my-local-b-off@0.0.0" + ] + }, + { + "ref": "my-local-e@0.1.0" + } + ] +} \ No newline at end of file