diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_macos-latest.snap.json new file mode 100644 index 00000000..a1d4b2e5 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_ubuntu-latest.snap.json new file mode 100644 index 00000000..a1d4b2e5 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_windows-latest.snap.json new file mode 100644 index 00000000..0166206f --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node18_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node22_windows-latest.snap.json new file mode 100644 index 00000000..0166206f --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm10_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node14_ubuntu-latest.snap.json new file mode 100644 index 00000000..7faaedcc --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node14_ubuntu-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node14_windows-latest.snap.json new file mode 100644 index 00000000..692d410f --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node14_windows-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node16_macos-latest.snap.json new file mode 100644 index 00000000..7faaedcc --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node16_macos-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node22_windows-latest.snap.json new file mode 100644 index 00000000..692d410f --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm6_node22_windows-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node14_ubuntu-latest.snap.json new file mode 100644 index 00000000..647e84dc --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node14_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node14_windows-latest.snap.json new file mode 100644 index 00000000..5c184d41 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node14_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node16_macos-latest.snap.json new file mode 100644 index 00000000..647e84dc --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node16_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node22_windows-latest.snap.json new file mode 100644 index 00000000..5c184d41 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm7_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node14_ubuntu-latest.snap.json new file mode 100644 index 00000000..36f54fe6 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node14_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node14_windows-latest.snap.json new file mode 100644 index 00000000..f62810b2 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node14_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node16_macos-latest.snap.json new file mode 100644 index 00000000..36f54fe6 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node16_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node22_windows-latest.snap.json new file mode 100644 index 00000000..f62810b2 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm8_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_macos-latest.snap.json new file mode 100644 index 00000000..68122e36 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_ubuntu-latest.snap.json new file mode 100644 index 00000000..68122e36 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_windows-latest.snap.json new file mode 100644 index 00000000..bbf30ba0 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node16_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node22_windows-latest.snap.json new file mode 100644 index 00000000..bbf30ba0 --- /dev/null +++ b/tests/_data/sbom_demo-results/bare/alternative-package-registry_npm9_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_macos-latest.snap.json new file mode 100644 index 00000000..a1d4b2e5 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_ubuntu-latest.snap.json new file mode 100644 index 00000000..a1d4b2e5 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_windows-latest.snap.json new file mode 100644 index 00000000..0166206f --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node18_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node22_windows-latest.snap.json new file mode 100644 index 00000000..0166206f --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm10_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "10.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node14_ubuntu-latest.snap.json new file mode 100644 index 00000000..7faaedcc --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node14_ubuntu-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node14_windows-latest.snap.json new file mode 100644 index 00000000..692d410f --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node14_windows-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node16_macos-latest.snap.json new file mode 100644 index 00000000..7faaedcc --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node16_macos-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node22_windows-latest.snap.json new file mode 100644 index 00000000..692d410f --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm6_node22_windows-latest.snap.json @@ -0,0 +1,130 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "6.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "description": "A JavaScript and TypeScript library to make sure you **act first and think later**!", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + }, + { + "url": "https://jsr.io/@act/act", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node14_ubuntu-latest.snap.json new file mode 100644 index 00000000..647e84dc --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node14_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node14_windows-latest.snap.json new file mode 100644 index 00000000..5c184d41 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node14_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node16_macos-latest.snap.json new file mode 100644 index 00000000..647e84dc --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node16_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node22_windows-latest.snap.json new file mode 100644 index 00000000..5c184d41 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm7_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "7.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node14_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node14_ubuntu-latest.snap.json new file mode 100644 index 00000000..36f54fe6 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node14_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node14_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node14_windows-latest.snap.json new file mode 100644 index 00000000..f62810b2 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node14_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node16_macos-latest.snap.json new file mode 100644 index 00000000..36f54fe6 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node16_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node22_windows-latest.snap.json new file mode 100644 index 00000000..f62810b2 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm8_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "8.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_macos-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_macos-latest.snap.json new file mode 100644 index 00000000..68122e36 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_macos-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_ubuntu-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_ubuntu-latest.snap.json new file mode 100644 index 00000000..68122e36 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_ubuntu-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act/act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_windows-latest.snap.json new file mode 100644 index 00000000..bbf30ba0 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node16_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file diff --git a/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node22_windows-latest.snap.json b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node22_windows-latest.snap.json new file mode 100644 index 00000000..bbf30ba0 --- /dev/null +++ b/tests/_data/sbom_demo-results/flatten-components/alternative-package-registry_npm9_node22_windows-latest.snap.json @@ -0,0 +1,124 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.6", + "version": 1, + "metadata": { + "tools": [ + { + "name": "npm", + "version": "9.99.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "libVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "thisVersion-testing", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-alternative-package-registry", + "version": "0.0.0", + "bom-ref": "demo-alternative-package-registry@0.0.0", + "description": "demo: alternative-package-registry -- showcase how alternative package registries affect the result", + "licenses": [ + { + "license": { + "id": "Apache-2.0", + "acknowledgement": "declared" + } + } + ], + "purl": "pkg:npm/demo-alternative-package-registry@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "act__act", + "group": "@jsr", + "version": "0.1.3", + "bom-ref": "@jsr/act__act@0.1.3", + "purl": "pkg:npm/%40jsr/act__act@0.1.3?download_url=https%3A//npm.jsr.io/~/11/%40jsr/act__act/0.1.3.tgz", + "externalReferences": [ + { + "url": "https://npm.jsr.io/~/11/@jsr/act__act/0.1.3.tgz", + "type": "distribution", + "hashes": [ + { + "alg": "SHA-512", + "content": "a637910c9eadd46cdffc704bd635eaa8647fb7fe2ab136a72a984c8201c8978975ee9321d45ea3563cc0c7ea44d6be8a371a41b1a904916f21095e56b40a9144" + } + ], + "comment": "as detected from npm-ls property \"resolved\" and property \"integrity\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/@act\\act" + } + ] + } + ], + "dependencies": [ + { + "ref": "@jsr/act__act@0.1.3" + }, + { + "ref": "demo-alternative-package-registry@0.0.0", + "dependsOn": [ + "@jsr/act__act@0.1.3" + ] + } + ] +} \ No newline at end of file