Merge branch 'main' into feat/tools-as-components

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
CycloneDX · Nov 23, 2024 · d25182b · d25182b
2 parents 44ff725 + cb429b5
commit d25182b
Show file tree

Hide file tree

Showing 5 changed files with 35 additions and 8 deletions.
diff --git a/HISTORY.md b/HISTORY.md
@@ -6,11 +6,14 @@ All notable changes to this project will be documented in this file.
 
 <!-- unreleased changes go here -->
 
+* Dependencies
+  * No longer depend on `packageurlk-js` (via [#1237])
 * Build
   * Use _TypeScript_ `v5.6.2` now, was `v5.5.3` (via [#1209], [#1218])
 
 [#1209]: https://github.com/CycloneDX/cyclonedx-node-npm/pull/1209
 [#1218]: https://github.com/CycloneDX/cyclonedx-node-npm/pull/1218
+[#1237]: https://github.com/CycloneDX/cyclonedx-node-npm/pull/1237
 
 ## 1.19.3 -- 2024-07-15
 

diff --git a/package.json b/package.json
@@ -50,7 +50,6 @@
     "@cyclonedx/cyclonedx-library": "^7.0.0-beta.2",
     "commander": "^10.0.0",
     "normalize-package-data": "^3||^4||^5||^6",
-    "packageurl-js": "^2.0.0",
     "xmlbuilder2": "^3.0.2"
   },
   "devDependencies": {

diff --git a/src/builders.ts b/src/builders.ts
@@ -20,7 +20,6 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 import { type Builders, Enums, type Factories, Models, Utils } from '@cyclonedx/cyclonedx-library'
 import { existsSync } from 'fs'
 import * as normalizePackageData from 'normalize-package-data'
-import { type PackageURL } from 'packageurl-js'
 import * as path from 'path'
 
 import { isString, loadJsonFile, tryRemoveSecretsFromUrl } from './_helpers'
@@ -541,7 +540,7 @@ export class BomBuilder {
     return component
   }
 
-  private makePurl (component: Models.Component): PackageURL | undefined {
+  private makePurl (component: Models.Component): ReturnType<BomBuilder['purlFactory']['makeFromComponent']> {
     const purl = this.purlFactory.makeFromComponent(component, this.reproducible)
     if (purl === undefined) {
       return undefined

diff --git a/tests/_data/npm-ls_demo-results/index.js b/tests/_data/npm-ls_demo-results/index.js
@@ -20,14 +20,24 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 const { sync: glob } = require('fast-glob')
 
 const fileGlob = '*/CI_results/*.json'
+
 const filePattern = /\/(?<subject>[^/]+?)\/CI_results\/npm-ls(?<args>.*?)_npm(?<npm>.+?)_node(?<node>.+?)_(?<os>.+?).json$/i
+/** @typedef fileMatch
+ * @prop {string} path
+ * @prop {string} subject
+ * @prop {string} args
+ * @prop {string} npm
+ * @prop {string} node
+ * @prop {string} os
+ */
+
 /** @type {import('fast-glob').OptionsInternal} */
 const globOptions = { absolute: true, caseSensitiveMatch: false, cwd: __dirname, deep: 3, onlyFiles: true, unique: true }
 
 let cached
 
 /**
- * @return {{path:string, subject?:string, args?:string, npm?:string, node?:string, os?:string}[]}
+ * @return {Array<fileMatch>}
  */
 function index () {
   if (cached === undefined) {

diff --git a/tests/integration/cli.from-collected.test.js b/tests/integration/cli.from-collected.test.js
@@ -32,18 +32,34 @@ describe('integration.cli.from-collected', () => {
   const tmpRoot = mkTemp('cli.from-collected')
 
   describe('with prepared npm-ls', () => {
+    const LATETS_NPM = '10'
+
     const tmpRootRun = join(tmpRoot, 'with-prepared')
     mkdirSync(tmpRootRun)
 
+    const _allDemoCases = indexNpmLsDemoData()
     const useCases = [
-      { subject: 'bare', args: [] },
-      { subject: 'flatten-components', args: ['--flatten-components'] }
+      {
+        subject: 'bare',
+        args: [],
+        demoCases: _allDemoCases
+      },
+      {
+        subject: 'flatten-components',
+        args: ['--flatten-components'],
+        demoCases: _allDemoCases.filter((c) => {
+          if (c.npm !== LATETS_NPM) { return false }
+          if (c.subject === 'juice-shop') { return true }
+          if (c.subject === 'bundled-dependencies') { return true }
+          return false
+        })
+      }
     ]
-    const demoCases = indexNpmLsDemoData()
+
     describe.each(useCases)('$subject', (ud) => {
       mkdirSync(join(tmpRootRun, ud.subject))
 
-      test.each(demoCases)('$subject $args npm$npm node$node $os', async (dd) => {
+      test.each(ud.demoCases)('$subject $args npm$npm node$node $os', async (dd) => {
         const expectedOutSnap = join(demoResultsRoot, ud.subject, `${dd.subject}${dd.args}_npm${dd.npm}_node${dd.node}_${dd.os}.snap.json`)
         const logFileBase = join(tmpRootRun, ud.subject, `${dd.subject}${dd.args}_npm${dd.npm}_node${dd.node}_${dd.os}`)
         const cwd = dummyProjectsRoot