3.0.0 - rewrite in TS with CDX-lib (CycloneDX#70)

This is a reboot, written in _TypeScript_ and compiled to _JavaScript_.

* BREAKING changes
  * Requires _Node.js_ `>= 14.0.0` now, was `>= 12.0.0`.
  * Requires _webpack_ version `^5` as a `peerDependency`, was `>=4 <6`.
* Changed:
  * The optional configuration options changed in name and meaning. Consult the `README` for details.
* Added
  * Added an optional switch to select the desired CycloneDX spec version for the output.
    The value currently defaults to `'1.4'`. (fixes [CycloneDX#53] via [CycloneDX#70])
  * Full support for typing. This will make the configuration of this plugin easier.
  * Lots of small features got added due to the fact that the data processing is managed by  `@cyclonedx/cyclonedx-library` now.
* Fixed
  * Dependency graph no longer has `null` or `undefined` values. (fixes [CycloneDX#31] via [CycloneDX#70])
* Removed
  * The optional config option `emitStats` and its functionality were dropped.
    You may use _webpack_'s `--stats` switch instead.
* Misc
  * Uses `@cyclonedx/cyclonedx-library` now, instead of `@cyclonedx/bom`.

[CycloneDX#31]: CycloneDX#31
[CycloneDX#53]: CycloneDX#53
[CycloneDX#70]: CycloneDX#70

Signed-off-by: Jan Kowalleck <[email protected]>

.editorconfig

@@ -0,0 +1,35 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[*.md]
+# trailing white spaces are used for linebreaks in paragraphs.
+trim_trailing_whitespace = false
+
+[*.{ts,js,cjs,mjs}]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{json,cjson,cjsn}]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.html]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true

.eslintignore

@@ -0,0 +1,11 @@
+/node_modules/**
+
+/tests/integration/*/
+
+/examples/*/dist
+/examples/*/dist.*/**
+
+/dist/**
+/dist.*/**
+
+!/src/**

.eslintrc.js

@@ -1,6 +1,35 @@
-// https://eslint.org/
+/*!
+This file is part of CycloneDX Webpack plugin.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+/**
+ * @see {@link https://eslint.org/}
+ * @type {import('eslint').Linter.Config}
+ */
 module.exports = {
   root: true,
-  // see https://github.com/standard/standard
-  extends: 'standard'
+  // see https://github.com/standard/ts-standard
+  extends: 'standard-with-typescript',
+  parserOptions: {
+    project: './tsconfig.json'
+  },
+  env: {
+    node: true,
+    browser: false
+  }
 }

.gitattributes

@@ -0,0 +1,3 @@
+
+tsconfig.json       linguist-language=JSON-with-Comments
+tsconfig.*.json     linguist-language=JSON-with-Comments

.github/workflows/nodejs.yml

@@ -5,7 +5,7 @@ name: Node CI
 
 on: 
   push:
-    branches: ["master"]
+    branches: [ "master" ]
   pull_request:
   workflow_dispatch:
 
@@ -14,7 +14,53 @@ env:
   NODE_ACTIVE_LTS: "16" # https://nodejs.org/en/about/releases/
 
 jobs:
+  build:
+    name: build ${{ matrix.target }}
+    runs-on: "ubuntu-latest"
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v3
+      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+        # see https://github.com/actions/setup-node
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
+          cache: "npm"
+          cache-dependency-path: "**/package-lock.json"
+      - name: setup project
+        run: npm ci --ignore-scripts
+      - name: build ${{ matrix.target }}
+        run: npm run build
+      - name: artifact build result
+        # see https://github.com/actions/upload-artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: dist
+          path: dist
+          if-no-files-found: error
+  test-standard:
+    name: test standard
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v3
+      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+        # see https://github.com/actions/setup-node
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
+          cache: "npm"
+          cache-dependency-path: "**/package-lock.json"
+      - name: setup project
+        run: npm ci --ignore-scripts
+      - name: test
+        run: npm run test:standard
   test-jest:
+    needs: [ 'build' ]
     name: test:Jest (node${{ matrix.node-version }}, ${{ matrix.os }})
     timeout-minutes: 30
     runs-on: ${{ matrix.os }}
@@ -28,7 +74,7 @@ jobs:
           - "18"      # current
           - "16"      # active LTS
           - "14"
-          - "12"
+          - "14.0.0"  # lowest supported
     env:
       REPORTS_ARTIFACT: tests-reports
     steps:
@@ -42,34 +88,22 @@ jobs:
           node-version: ${{ matrix.node-version }}
           cache: "npm"
           cache-dependency-path: "**/package-lock.json"
-      - name: update npm
-        run: npm i -g npm
+      - # some integration tests require a certain npm version to be installable
+        name: update npm
+        run: npm i -g npm@^8
       - name: display version
         run: |-
           node --version
           npm --version
       - name: install project
-        run: npm ci
-      - name: build
-        run: npm run build --if-present
+        run: npm ci --ignore-scripts
+      - name: fetch build artifact
+        # see https://github.com/actions/download-artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: dist
+          path: dist
+      - name: setup test beds
+        run: npm run setup-tests
       - name: test
         run: npm run test:jest
-  standards:
-    name: Standards
-    timeout-minutes: 30
-    runs-on: "ubuntu-latest"
-    steps:
-      - name: Checkout
-        # see https://github.com/actions/checkout
-        uses: actions/checkout@v3
-      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
-        # see https://github.com/actions/setup-node
-        uses: actions/setup-node@v3
-        with:
-          node-version: ${{ env.NODE_ACTIVE_LTS }}
-          cache: "npm"
-          cache-dependency-path: "**/package-lock.json"
-      - name: install project
-        run: npm ci
-      - name: run tests
-        run: npm run test:standard

.github/workflows/release.yml

@@ -59,7 +59,7 @@ jobs:
       ## ! no npm build at the moment
       - name: bump VERSION
         id: bump
-        run: |
+        run: |-
           VERSION="$(npm version "$NPMV_NEWVERSION" --message "$NPMV_MESSAGE")"
           echo "::debug::new version = $VERSION"
           VERSION_PLAIN="${VERSION:1}" # remove 'v' prefix
@@ -84,12 +84,19 @@ jobs:
         uses: actions/checkout@v3
         with:
           ref: ${{ needs.bump.outputs.version }}
+      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+        # see https://github.com/actions/setup-node
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
+      - name: setup project
+        run: npm ci --ignore-scripts
       - name: publish to NPM
-        run: |
-          npm config set "//registry.npmjs.org/:_authToken=$NODE_AUTH_TOKEN"
+        run: |-
+          npm config set "//registry.npmjs.org/:_authToken=$NPMJS_AUTH_TOKEN"
           npm publish --access public
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPMJS_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
 
   release-GH:
     needs:
@@ -113,5 +120,3 @@ jobs:
           tag_name: ${{ needs.bump.outputs.version }}
           name:     ${{ needs.bump.outputs.version_plain }}
           prerelease: ${{ startsWith(github.event.inputs.newversion, 'pre') }}
-          files: |
-            ${{ env.ASSETS_DIR }}/${{ env.ARTIFACT_DOCKER_SBOM }}/*.bom.*

.npmignore

@@ -149,14 +149,20 @@ dist
 # project internals can be ignored
 /CODEOWNERS
 /CONTRIBUTING.*
+/HISTORY.md
 
 # these files are part of the license
 !/LICENSE
 !/NOTICE
 
 # never ignore the build results - these are intended to be shipped
 !/dist/
-!/dist.*/
+
+# no intention to ship the maps, since the source is not shipped either.
+/dist/*.map
+
+/src/
+/tsconfig.json
 
 /test/
 /tests/

CONTRIBUTING.md

@@ -7,7 +7,19 @@ first.
 
 ## Setup
 
-To start developing simply run `npm ci` to install dev-dependencies and tools.
+To start developing simply run to install dev-dependencies and tools:
+
+```shell
+npm ci
+```
+
+This will install process automatically build the project from source.
+
+## Build from source
+
+```shell
+npm run build
+```
 
 ## Testing
 

HISTORY.md

@@ -4,6 +4,32 @@ All notable changes to this project will be documented in this file.
 
 ## unreleased
 
+## 3.0.0 - 2022-06-20
+
+This is a reboot, written in _TypeScript_ and compiled to _JavaScript_.
+
+* BREAKING changes
+  * Requires _Node.js_ `>= 14.0.0` now, was `>= 12.0.0`.
+  * Requires _webpack_ version `^5` as a `peerDependency`, was `>=4 <6`.
+* Changed:
+  * The optional configuration options changed in name and meaning. Consult the `README` for details.
+* Added
+  * Added an optional switch to select the desired CycloneDX spec version for the output.  
+    The value currently defaults to `'1.4'`. (fixes [#53] via [#70])
+  * Full support for typing. This will make the configuration of this plugin easier.
+  * Lots of small features got added due to the fact that the data processing is managed by  `@cyclonedx/cyclonedx-library` now.
+* Fixed
+  * Dependency graph no longer has `null` or `undefined` values. (fixes [#31] via [#70])
+* Removed
+  * The optional config option `emitStats` and its functionality were dropped.
+    You may use _webpack_'s `--stats` switch instead.
+* Misc
+  * Uses `@cyclonedx/cyclonedx-library` now, instead of `@cyclonedx/bom`.
+
+[#31]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/31
+[#53]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/53
+[#70]: https://github.com/CycloneDX/cyclonedx-webpack-plugin/pull/70
+
 ## 2.0.2 - 2022-06-11
 
 * Fixed