fix: Remove some deps (#165)

💥

package.json

@@ -81,9 +81,6 @@
     "node-fetch": "^2.6.0",
     "node-persist": "^3.0.5",
     "ora": "^4.0.3",
-    "packageurl-js": "^0.0.1",
-    "parse-packagejson-name": "^1.0.1",
-    "prettify-xml": "^1.2.0",
     "read-installed": "~4.0.3",
     "spdx-license-ids": "^3.0.5",
     "ssri": "^6.0.0",

src/CycloneDX/CycloneDXSbomCreator.ts

@@ -1,5 +1,3 @@
-/// <reference types="./typings/packageurl-js" />
-/// <reference types="./typings/parse-packagejson-name" />
 /// <reference types="./typings/read-installed" />
 /// <reference types="./typings/spdx-license-ids" />
 /*
@@ -21,8 +19,6 @@ import { Options } from './Options';
 import uuidv4 from 'uuid/v4';
 import builder from 'xmlbuilder';
 import readInstalled from 'read-installed';
-import PackageURL from 'packageurl-js';
-import parsePackageJsonName from 'parse-packagejson-name';
 import * as ssri from 'ssri';
 import * as fs from 'fs';
 import { LicenseContent } from './Types/LicenseContent';
@@ -31,6 +27,7 @@ import { ExternalReference } from './Types/ExternalReference';
 import { Hash } from './Types/Hash';
 import spdxLicensesNonDeprecated = require('spdx-license-ids');
 import spdxLicensesDeprecated = require('spdx-license-ids/deprecated');
+import { toPurl } from './Helpers/Helpers';
 
 export class CycloneDXSbomCreator {
   readonly licenseFilenames: Array<string> = [
@@ -113,11 +110,11 @@ export class CycloneDXSbomCreator {
       return;
     }
     if (!isRootPkg) {
-      const pkgIdentifier = parsePackageJsonName(pkg.name);
-      const group: string = pkgIdentifier.scope == null ? '' : `@${pkgIdentifier.scope}`;
+      const pkgIdentifier = this.parsePackageJsonName(pkg.name);
+      const group: string = pkgIdentifier.scope == undefined ? '' : `@${pkgIdentifier.scope}`;
       const name: string = pkgIdentifier.fullName as string;
       const version: string = pkg.version as string;
-      const purl: string = new PackageURL('npm', group, name, version, null, null).toString();
+      const purl: string = toPurl(name, version, group);
       const description: GenericDescription = { '#cdata': pkg.description };
 
       const component: Component = {
@@ -302,4 +299,31 @@ export class CycloneDXSbomCreator {
     }
     return undefined;
   }
+
+  private parsePackageJsonName(name: string): Result {
+    const result: Result = {
+      scope: undefined,
+      fullName: '',
+      projectName: '',
+      moduleName: '',
+    };
+
+    const regexp = new RegExp(/^(?:@([^/]+)\/)?(([^\.]+)(?:\.(.*))?)$/);
+
+    const matches = name.match(regexp);
+    if (matches) {
+      result.scope = matches[1] || undefined;
+      result.fullName = matches[2] || matches[0];
+      result.projectName = matches[3] === matches[2] ? undefined : matches[3];
+      result.moduleName = matches[4] || matches[2] || undefined;
+    }
+    return result;
+  }
+}
+
+interface Result {
+  scope?: string;
+  fullName: string;
+  projectName?: string;
+  moduleName?: string;
 }

src/CycloneDX/Helpers/Helpers.ts

@@ -0,0 +1,22 @@
+/*
+ * Copyright (c) 2020-present Sonatype, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+export const toPurl = (name: string, version: string, group = ''): string => {
+  if (group != '') {
+    return `pkg:npm/${encodeURIComponent(group)}/${name}@${version}`;
+  }
+  return `pkg:npm/${name}@${version}`;
+};