diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json
index e938f815..72919e06 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.json
@@ -144,9 +144,9 @@
},
{
"type": "library",
- "name": "my-local-b-off",
+ "name": "my-local-b",
"version": "0.0.0",
- "bom-ref": "my-local-b-off@0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
"description": "demo: my-local-b-off - a package with a different name than its dir",
"licenses": [
{
@@ -156,7 +156,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "purl": "pkg:npm/my-local-b@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
"externalReferences": [
{
"url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
@@ -240,11 +240,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b-off@0.0.0"
+ "my-local-b@0.0.0"
]
},
{
- "ref": "my-local-b-off@0.0.0"
+ "ref": "my-local-b@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml
index d6a29402..1b89af22 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_from-setup.snap.xml
@@ -105,8 +105,8 @@
true
-
- my-local-b-off
+
+ my-local-b
0.0.0
demo: my-local-b-off - a package with a different name than its dir
@@ -114,7 +114,7 @@
Apache-2.0
- pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b
+ pkg:npm/my-local-b@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b
https://github.com/CycloneDX/cyclonedx-node-npm/issues
@@ -170,9 +170,9 @@
-
+
-
+
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json
index d48eb1d1..2b70b939 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_macos-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -105,9 +122,9 @@
},
{
"type": "library",
- "name": "my-local-b",
+ "name": "my-local-b-off",
"version": "0.0.0",
- "bom-ref": "my-local-b@0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
"licenses": [
{
"license": {
@@ -116,7 +133,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
"properties": [
{
"name": "cdx:npm:package:path",
@@ -157,11 +174,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b@0.0.0"
+ "my-local-b-off@0.0.0"
]
},
{
- "ref": "my-local-b@0.0.0"
+ "ref": "my-local-b-off@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json
index d48eb1d1..2b70b939 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -105,9 +122,9 @@
},
{
"type": "library",
- "name": "my-local-b",
+ "name": "my-local-b-off",
"version": "0.0.0",
- "bom-ref": "my-local-b@0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
"licenses": [
{
"license": {
@@ -116,7 +133,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
"properties": [
{
"name": "cdx:npm:package:path",
@@ -157,11 +174,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b@0.0.0"
+ "my-local-b-off@0.0.0"
]
},
{
- "ref": "my-local-b@0.0.0"
+ "ref": "my-local-b-off@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json
index d48eb1d1..2b70b939 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node18_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -105,9 +122,9 @@
},
{
"type": "library",
- "name": "my-local-b",
+ "name": "my-local-b-off",
"version": "0.0.0",
- "bom-ref": "my-local-b@0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
"licenses": [
{
"license": {
@@ -116,7 +133,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
"properties": [
{
"name": "cdx:npm:package:path",
@@ -157,11 +174,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b@0.0.0"
+ "my-local-b-off@0.0.0"
]
},
{
- "ref": "my-local-b@0.0.0"
+ "ref": "my-local-b-off@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node22_windows-latest.snap.json
new file mode 100644
index 00000000..2b70b939
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm10_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json
index 1f522596..d82e79d8 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -139,7 +156,24 @@
}
}
],
- "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json
index 1f522596..d82e79d8 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node14_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -139,7 +156,24 @@
}
}
],
- "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node16_macos-latest.snap.json
new file mode 100644
index 00000000..d82e79d8
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node16_macos-latest.snap.json
@@ -0,0 +1,216 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "description": "demo: my-local-a",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "description": "demo: my-local-b-off - a package with a different name than its dir",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "DummyComponent.InterferedDependency.my-noname",
+ "bom-ref": "DummyComponent.InterferedDependency.my-noname",
+ "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed."
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "DummyComponent.InterferedDependency.my-noname",
+ "my-local-a@0.0.0"
+ ]
+ },
+ {
+ "ref": "DummyComponent.InterferedDependency.my-noname"
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node22_windows-latest.snap.json
new file mode 100644
index 00000000..d82e79d8
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm6_node22_windows-latest.snap.json
@@ -0,0 +1,216 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "description": "demo: my-local-a",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "description": "demo: my-local-b-off - a package with a different name than its dir",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "DummyComponent.InterferedDependency.my-noname",
+ "bom-ref": "DummyComponent.InterferedDependency.my-noname",
+ "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed."
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "DummyComponent.InterferedDependency.my-noname",
+ "my-local-a@0.0.0"
+ ]
+ },
+ {
+ "ref": "DummyComponent.InterferedDependency.my-noname"
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node14_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node16_macos-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node16_macos-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node22_windows-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm7_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node14_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node16_macos-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node16_macos-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node22_windows-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm8_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_macos-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node16_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node22_windows-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-dependencies_npm9_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json
index d8fccdaf..25ca1ae6 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.json
@@ -187,6 +187,39 @@
"value": "true"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "description": "demo: my-local-e - a standalone package that is not dependency of root nor any other workspace",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e",
+ "externalReferences": [
+ {
+ "url": "git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
}
],
"dependencies": [
@@ -195,7 +228,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -213,6 +247,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml
index 66d93361..328cd4d9 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_from-setup.snap.xml
@@ -131,12 +131,34 @@
true
+
+ my-local-e
+ 0.1.0
+ demo: my-local-e - a standalone package that is not dependency of root nor any other workspace
+
+
+ Apache-2.0
+
+
+ pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e
+
+
+ git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e
+ as detected from PackageJson property "repository.url" and "repository.directory"
+
+
+
+ node_modules/my-local-e
+ true
+
+
+
@@ -146,5 +168,6 @@
+
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_macos-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node18_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm10_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node14_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node16_macos-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node16_macos-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm7_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node14_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node16_macos-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node16_macos-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm8_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_macos-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node16_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/bare/local-workspaces_npm9_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json
index e938f815..72919e06 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.json
@@ -144,9 +144,9 @@
},
{
"type": "library",
- "name": "my-local-b-off",
+ "name": "my-local-b",
"version": "0.0.0",
- "bom-ref": "my-local-b-off@0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
"description": "demo: my-local-b-off - a package with a different name than its dir",
"licenses": [
{
@@ -156,7 +156,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "purl": "pkg:npm/my-local-b@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
"externalReferences": [
{
"url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
@@ -240,11 +240,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b-off@0.0.0"
+ "my-local-b@0.0.0"
]
},
{
- "ref": "my-local-b-off@0.0.0"
+ "ref": "my-local-b@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml
index d6a29402..1b89af22 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_from-setup.snap.xml
@@ -105,8 +105,8 @@
true
-
- my-local-b-off
+
+ my-local-b
0.0.0
demo: my-local-b-off - a package with a different name than its dir
@@ -114,7 +114,7 @@
Apache-2.0
- pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b
+ pkg:npm/my-local-b@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b
https://github.com/CycloneDX/cyclonedx-node-npm/issues
@@ -170,9 +170,9 @@
-
+
-
+
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json
index d48eb1d1..2b70b939 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_macos-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -105,9 +122,9 @@
},
{
"type": "library",
- "name": "my-local-b",
+ "name": "my-local-b-off",
"version": "0.0.0",
- "bom-ref": "my-local-b@0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
"licenses": [
{
"license": {
@@ -116,7 +133,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
"properties": [
{
"name": "cdx:npm:package:path",
@@ -157,11 +174,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b@0.0.0"
+ "my-local-b-off@0.0.0"
]
},
{
- "ref": "my-local-b@0.0.0"
+ "ref": "my-local-b-off@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json
index d48eb1d1..2b70b939 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -105,9 +122,9 @@
},
{
"type": "library",
- "name": "my-local-b",
+ "name": "my-local-b-off",
"version": "0.0.0",
- "bom-ref": "my-local-b@0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
"licenses": [
{
"license": {
@@ -116,7 +133,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
"properties": [
{
"name": "cdx:npm:package:path",
@@ -157,11 +174,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b@0.0.0"
+ "my-local-b-off@0.0.0"
]
},
{
- "ref": "my-local-b@0.0.0"
+ "ref": "my-local-b-off@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json
index d48eb1d1..2b70b939 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node18_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -105,9 +122,9 @@
},
{
"type": "library",
- "name": "my-local-b",
+ "name": "my-local-b-off",
"version": "0.0.0",
- "bom-ref": "my-local-b@0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
"licenses": [
{
"license": {
@@ -116,7 +133,7 @@
}
}
],
- "purl": "pkg:npm/my-local-b@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
"properties": [
{
"name": "cdx:npm:package:path",
@@ -157,11 +174,11 @@
{
"ref": "my-local-a@0.0.0",
"dependsOn": [
- "my-local-b@0.0.0"
+ "my-local-b-off@0.0.0"
]
},
{
- "ref": "my-local-b@0.0.0"
+ "ref": "my-local-b-off@0.0.0"
},
{
"ref": "my-noname@0.0.0"
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node22_windows-latest.snap.json
new file mode 100644
index 00000000..2b70b939
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm10_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json
index 1f522596..d82e79d8 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -139,7 +156,24 @@
}
}
],
- "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json
index 1f522596..d82e79d8 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node14_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -139,7 +156,24 @@
}
}
],
- "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node16_macos-latest.snap.json
new file mode 100644
index 00000000..d82e79d8
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node16_macos-latest.snap.json
@@ -0,0 +1,216 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "description": "demo: my-local-a",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "description": "demo: my-local-b-off - a package with a different name than its dir",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "DummyComponent.InterferedDependency.my-noname",
+ "bom-ref": "DummyComponent.InterferedDependency.my-noname",
+ "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed."
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "DummyComponent.InterferedDependency.my-noname",
+ "my-local-a@0.0.0"
+ ]
+ },
+ {
+ "ref": "DummyComponent.InterferedDependency.my-noname"
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node22_windows-latest.snap.json
new file mode 100644
index 00000000..d82e79d8
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm6_node22_windows-latest.snap.json
@@ -0,0 +1,216 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "description": "demo: my-local-a",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-deps/project/packages/my-local-a",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "description": "demo: my-local-b-off - a package with a different name than its dir",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0?vcs_url=git%2Bssh%3A//git%40github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+ssh://git@github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project/packages/my-local-b",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "DummyComponent.InterferedDependency.my-noname",
+ "bom-ref": "DummyComponent.InterferedDependency.my-noname",
+ "description": "This is a dummy component \"InterferedDependency.my-noname\" that fills the gap where the actual built failed."
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "DummyComponent.InterferedDependency.my-noname",
+ "my-local-a@0.0.0"
+ ]
+ },
+ {
+ "ref": "DummyComponent.InterferedDependency.my-noname"
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node14_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node16_macos-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node16_macos-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node22_windows-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm7_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node14_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node16_macos-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node16_macos-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node22_windows-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm8_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_macos-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_ubuntu-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json
index d48eb1d1..98ba3007 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node16_windows-latest.snap.json
@@ -68,7 +68,24 @@
}
}
],
- "purl": "pkg:npm/demo-local-deps@0.0.0",
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node22_windows-latest.snap.json
new file mode 100644
index 00000000..98ba3007
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-dependencies_npm9_node22_windows-latest.snap.json
@@ -0,0 +1,187 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-local-deps",
+ "version": "0.0.0",
+ "bom-ref": "demo-local-deps@0.0.0",
+ "description": "demo: demo-local-deps -- showcase how local dependencies look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-local-deps@0.0.0?vcs_url=git%2Bhttps%3A//github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git#demo/local-dependencies/project",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.0.0",
+ "bom-ref": "my-local-a@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-noname",
+ "version": "0.0.0",
+ "bom-ref": "my-noname@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-noname@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-noname"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-local-deps@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.0.0",
+ "my-noname@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.0.0",
+ "dependsOn": [
+ "my-local-b@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b@0.0.0"
+ },
+ {
+ "ref": "my-noname@0.0.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json
index d8fccdaf..25ca1ae6 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.json
@@ -187,6 +187,39 @@
"value": "true"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "description": "demo: my-local-e - a standalone package that is not dependency of root nor any other workspace",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e",
+ "externalReferences": [
+ {
+ "url": "git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\" and \"repository.directory\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
}
],
"dependencies": [
@@ -195,7 +228,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -213,6 +247,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml
index 66d93361..328cd4d9 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_from-setup.snap.xml
@@ -131,12 +131,34 @@
true
+
+ my-local-e
+ 0.1.0
+ demo: my-local-e - a standalone package that is not dependency of root nor any other workspace
+
+
+ Apache-2.0
+
+
+ pkg:npm/my-local-e@0.1.0?vcs_url=git%2Bhttps%3A//gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e
+
+
+ git+https://gitlab.example.com/my-packages/demo-workspaces.git#workspaces/my-local-e
+ as detected from PackageJson property "repository.url" and "repository.directory"
+
+
+
+ node_modules/my-local-e
+ true
+
+
+
@@ -146,5 +168,6 @@
+
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_macos-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node18_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm10_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node14_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node16_macos-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node16_macos-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm7_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node14_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node16_macos-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node16_macos-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm8_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_macos-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_ubuntu-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json
index ba6ae482..584ae339 100644
--- a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node16_windows-latest.snap.json
@@ -68,7 +68,14 @@
}
}
],
- "purl": "pkg:npm/demo-workspaces@0.0.0",
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
"properties": [
{
"name": "cdx:npm:package:path",
@@ -144,6 +151,27 @@
"value": "node_modules/my-local-c"
}
]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
}
],
"dependencies": [
@@ -152,7 +180,8 @@
"dependsOn": [
"my-local-a@0.1.0",
"my-local-b-off@0.0.0",
- "my-local-c@0.23.42"
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
]
},
{
@@ -170,6 +199,9 @@
"my-local-a@0.1.0",
"my-local-b-off@0.0.0"
]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
}
]
}
\ No newline at end of file
diff --git a/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node22_windows-latest.snap.json
new file mode 100644
index 00000000..584ae339
--- /dev/null
+++ b/tests/_data/sbom_demo-results/flatten-components/local-workspaces_npm9_node22_windows-latest.snap.json
@@ -0,0 +1,207 @@
+{
+ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+ "bomFormat": "CycloneDX",
+ "specVersion": "1.6",
+ "version": 1,
+ "metadata": {
+ "tools": [
+ {
+ "name": "npm",
+ "version": "npmVersion-testing"
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-library",
+ "version": "libVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ },
+ {
+ "vendor": "@cyclonedx",
+ "name": "cyclonedx-npm",
+ "version": "thisVersion-testing",
+ "externalReferences": [
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+ "type": "issue-tracker",
+ "comment": "as detected from PackageJson property \"bugs.url\""
+ },
+ {
+ "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ },
+ {
+ "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+ "type": "website",
+ "comment": "as detected from PackageJson property \"homepage\""
+ }
+ ]
+ }
+ ],
+ "component": {
+ "type": "application",
+ "name": "demo-workspaces",
+ "version": "0.0.0",
+ "bom-ref": "demo-workspaces@0.0.0",
+ "description": "demo: demo-workspaces -- showcase how workspaces look like",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/demo-workspaces@0.0.0?vcs_url=git%2Bssh%3A//git%40gitlab.example.com/my-packages/demo-workspaces.git",
+ "externalReferences": [
+ {
+ "url": "git+ssh://git@gitlab.example.com/my-packages/demo-workspaces.git",
+ "type": "vcs",
+ "comment": "as detected from PackageJson property \"repository.url\""
+ }
+ ],
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": ""
+ },
+ {
+ "name": "cdx:npm:package:private",
+ "value": "true"
+ }
+ ]
+ }
+ },
+ "components": [
+ {
+ "type": "library",
+ "name": "my-local-a",
+ "version": "0.1.0",
+ "bom-ref": "my-local-a@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-a@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-a"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-b-off",
+ "version": "0.0.0",
+ "bom-ref": "my-local-b-off@0.0.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-b-off@0.0.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-b-off"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-c",
+ "version": "0.23.42",
+ "bom-ref": "my-local-c@0.23.42",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-c@0.23.42",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-c"
+ }
+ ]
+ },
+ {
+ "type": "library",
+ "name": "my-local-e",
+ "version": "0.1.0",
+ "bom-ref": "my-local-e@0.1.0",
+ "licenses": [
+ {
+ "license": {
+ "id": "Apache-2.0",
+ "acknowledgement": "declared"
+ }
+ }
+ ],
+ "purl": "pkg:npm/my-local-e@0.1.0",
+ "properties": [
+ {
+ "name": "cdx:npm:package:path",
+ "value": "node_modules/my-local-e"
+ }
+ ]
+ }
+ ],
+ "dependencies": [
+ {
+ "ref": "demo-workspaces@0.0.0",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0",
+ "my-local-c@0.23.42",
+ "my-local-e@0.1.0"
+ ]
+ },
+ {
+ "ref": "my-local-a@0.1.0",
+ "dependsOn": [
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-b-off@0.0.0"
+ },
+ {
+ "ref": "my-local-c@0.23.42",
+ "dependsOn": [
+ "my-local-a@0.1.0",
+ "my-local-b-off@0.0.0"
+ ]
+ },
+ {
+ "ref": "my-local-e@0.1.0"
+ }
+ ]
+}
\ No newline at end of file