From 5965aa8680f9b9961faaba2181e654dccb263d7e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 26 Nov 2025 10:46:15 +0100 Subject: [PATCH 01/13] feat: prepare "contrib" area Signed-off-by: Jan Kowalleck --- package.json | 4 ++++ src/contrib/README.md | 20 ++++++++++++++++++++ src/contrib/index.ts | 23 +++++++++++++++++++++++ tests/contrib/.gitkeep | 0 4 files changed, 47 insertions(+) create mode 100644 src/contrib/README.md create mode 100644 src/contrib/index.ts create mode 100644 tests/contrib/.gitkeep diff --git a/package.json b/package.json index 3af2ed5c2..74ddb5685 100644 --- a/package.json +++ b/package.json @@ -182,6 +182,10 @@ "./Validation": { "types": "./dist.d/validation/index.node.d.ts", "default": "./dist.node/validation/index.node.js" + }, + "./Contrib": { + "types": "./dist.d/contrib/index.d.ts", + "default": "./dist.node/contrib/index.js" } }, "directories": { diff --git a/src/contrib/README.md b/src/contrib/README.md new file mode 100644 index 000000000..3f8119e88 --- /dev/null +++ b/src/contrib/README.md @@ -0,0 +1,20 @@ +# CycloneDX Contrib Extensions + +This directory contains community-contributed functionality that extends the capabilities of the CycloneDX core library. +Unlike the modules in `../`, these features are not part of the official CycloneDX specification and may vary in stability, scope, or compatibility. + +## Contents +- Utilities, helpers, and experimental features developed by the community +- Optional add-ons that may facilitate or enhance use of the CycloneDX core library +- Code that evolves independently of the CycloneDX specification + +## Notes +- Contrib modules are optional and not required for strict compliance with the CycloneDX standard. +- They may change more frequently than the core and are not guaranteed to follow the same versioning rules. +- Users should evaluate these modules carefully and consult documentation or source comments for details. + +## Contributing +Contributions are welcome. To add an extension: +1. Follow the contribution guidelines in the main repository. +2. Place your code in a clearly named subfolder under `contrib/`. +3. Provide documentation and tests to ensure clarity and maintainability. diff --git a/src/contrib/index.ts b/src/contrib/index.ts new file mode 100644 index 000000000..217cc59d4 --- /dev/null +++ b/src/contrib/index.ts @@ -0,0 +1,23 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +/** + * Some features in this library are marked as contrib. These are community-provided extensions and are not part of the official standard. They are optional and may evolve independently from the core. + */ +export {} diff --git a/tests/contrib/.gitkeep b/tests/contrib/.gitkeep new file mode 100644 index 000000000..e69de29bb From b7719f6f76e03bdc92ceda266476e88d58bc1222 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 26 Nov 2025 12:36:00 +0100 Subject: [PATCH 02/13] refactor: moved contrib foo Signed-off-by: Jan Kowalleck --- src/builders/index.node.ts | 2 +- src/contrib/README.md | 2 +- .../_helpers/README.md | 6 ++++ .../_helpers/gitUrl.ts | 0 .../_helpers/packageJson.ts | 0 .../fromNodePackageJson.node/builders.ts} | 33 ++++++++++--------- .../fromNodePackageJson.node/factories.ts} | 20 +++++------ src/contrib/fromNodePackageJson.node/index.ts | 32 ++++++++++++++++++ .../fromNodePackageJson.node/types.ts} | 0 .../fromNodePackageJson.node/utils.ts} | 2 +- src/contrib/{index.ts => index.common.ts} | 3 +- src/contrib/index.node.ts | 32 ++++++++++++++++++ src/contrib/index.web..ts | 30 +++++++++++++++++ src/contrib/license/_helpers/README.md | 6 ++++ .../license}/_helpers/mime.node.ts | 0 .../license/factories.ts} | 6 ++-- src/contrib/license/index.common.ts | 21 ++++++++++++ src/contrib/license/index.node.ts | 27 +++++++++++++++ src/contrib/license/index.web.ts | 27 +++++++++++++++ .../license/utils.node.ts} | 6 ++-- .../packageUrl/factories.ts} | 4 +-- src/contrib/packageUrl/index.ts | 1 + src/factories/index.common.ts | 4 +-- src/factories/index.node.ts | 2 +- src/index.node.ts | 3 ++ src/index.web.ts | 2 ++ src/types/index.ts | 2 +- src/utils/index.node.ts | 4 +-- 28 files changed, 233 insertions(+), 44 deletions(-) create mode 100644 src/contrib/fromNodePackageJson.node/_helpers/README.md rename src/{ => contrib/fromNodePackageJson.node}/_helpers/gitUrl.ts (100%) rename src/{ => contrib/fromNodePackageJson.node}/_helpers/packageJson.ts (100%) rename src/{builders/fromNodePackageJson.node.ts => contrib/fromNodePackageJson.node/builders.ts} (81%) rename src/{factories/fromNodePackageJson.node.ts => contrib/fromNodePackageJson.node/factories.ts} (92%) create mode 100644 src/contrib/fromNodePackageJson.node/index.ts rename src/{types/nodePackageJson.ts => contrib/fromNodePackageJson.node/types.ts} (100%) rename src/{utils/npmjsUtility.node.ts => contrib/fromNodePackageJson.node/utils.ts} (98%) rename src/contrib/{index.ts => index.common.ts} (95%) create mode 100644 src/contrib/index.node.ts create mode 100644 src/contrib/index.web..ts create mode 100644 src/contrib/license/_helpers/README.md rename src/{ => contrib/license}/_helpers/mime.node.ts (100%) rename src/{factories/license.ts => contrib/license/factories.ts} (92%) create mode 100644 src/contrib/license/index.common.ts create mode 100644 src/contrib/license/index.node.ts create mode 100644 src/contrib/license/index.web.ts rename src/{utils/licenseUtility.node.ts => contrib/license/utils.node.ts} (95%) rename src/{factories/packageUrl.ts => contrib/packageUrl/factories.ts} (95%) create mode 100644 src/contrib/packageUrl/index.ts diff --git a/src/builders/index.node.ts b/src/builders/index.node.ts index 12bdce998..532dc6459 100644 --- a/src/builders/index.node.ts +++ b/src/builders/index.node.ts @@ -17,4 +17,4 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -export * as FromNodePackageJson from './fromNodePackageJson.node' +export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node' diff --git a/src/contrib/README.md b/src/contrib/README.md index 3f8119e88..aff5230ef 100644 --- a/src/contrib/README.md +++ b/src/contrib/README.md @@ -16,5 +16,5 @@ Unlike the modules in `../`, these features are not part of the official Cyclone ## Contributing Contributions are welcome. To add an extension: 1. Follow the contribution guidelines in the main repository. -2. Place your code in a clearly named subfolder under `contrib/`. +2. Place your code in a clearly named subfolder or file under `contrib/`. 3. Provide documentation and tests to ensure clarity and maintainability. diff --git a/src/contrib/fromNodePackageJson.node/_helpers/README.md b/src/contrib/fromNodePackageJson.node/_helpers/README.md new file mode 100644 index 000000000..32444f4d7 --- /dev/null +++ b/src/contrib/fromNodePackageJson.node/_helpers/README.md @@ -0,0 +1,6 @@ +# Helpers + +These are _internal_ helpers, that are not intended to be exported/published. + +The helpers SHALL **NOT** be marked as `@internal`, so that TypeScript might pick up on them and still render definitions for them. +The internal defined interfaces, classes, functions are required for proper type checking downstream, but SHOULD NOT be utilized/called downstream. diff --git a/src/_helpers/gitUrl.ts b/src/contrib/fromNodePackageJson.node/_helpers/gitUrl.ts similarity index 100% rename from src/_helpers/gitUrl.ts rename to src/contrib/fromNodePackageJson.node/_helpers/gitUrl.ts diff --git a/src/_helpers/packageJson.ts b/src/contrib/fromNodePackageJson.node/_helpers/packageJson.ts similarity index 100% rename from src/_helpers/packageJson.ts rename to src/contrib/fromNodePackageJson.node/_helpers/packageJson.ts diff --git a/src/builders/fromNodePackageJson.node.ts b/src/contrib/fromNodePackageJson.node/builders.ts similarity index 81% rename from src/builders/fromNodePackageJson.node.ts rename to src/contrib/fromNodePackageJson.node/builders.ts index db0a88d80..100504900 100644 --- a/src/builders/fromNodePackageJson.node.ts +++ b/src/contrib/fromNodePackageJson.node/builders.ts @@ -26,26 +26,27 @@ Copyright (c) OWASP Foundation. All Rights Reserved. * Normalization should be done downstream, for example via [`normalize-package-data`](https://www.npmjs.com/package/normalize-package-data). */ -import { splitNameGroup } from '../_helpers/packageJson' -import { ComponentType } from '../enums/componentType' -import type * as Factories from '../factories/index.node' -import { Component } from '../models/component' -import { ExternalReferenceRepository } from '../models/externalReference' -import { LicenseRepository } from '../models/license' -import { Tool } from '../models/tool' -import type { NodePackageJson } from '../types/nodePackageJson' +import { splitNameGroup } from './_helpers/packageJson' +import { ComponentType } from '../../enums/componentType' +import type { ExternalReferenceFactory } from './factories' +import type { LicenseFactory } from '../license/factories' +import { Component } from '../../models/component' +import { ExternalReferenceRepository } from '../../models/externalReference' +import { LicenseRepository } from '../../models/license' +import { Tool } from '../../models/tool' +import type { NodePackageJson } from './types' /** * Node-specific ToolBuilder. */ export class ToolBuilder { - readonly #extRefFactory: Factories.FromNodePackageJson.ExternalReferenceFactory + readonly #extRefFactory: ExternalReferenceFactory constructor (extRefFactory: ToolBuilder['extRefFactory']) { this.#extRefFactory = extRefFactory } - get extRefFactory (): Factories.FromNodePackageJson.ExternalReferenceFactory { + get extRefFactory (): ExternalReferenceFactory { return this.#extRefFactory } @@ -71,8 +72,8 @@ export class ToolBuilder { * Node-specific ComponentBuilder. */ export class ComponentBuilder { - readonly #extRefFactory: Factories.FromNodePackageJson.ExternalReferenceFactory - readonly #licenseFactory: Factories.LicenseFactory + readonly #extRefFactory: ExternalReferenceFactory + readonly #licenseFactory: LicenseFactory constructor ( extRefFactory: ComponentBuilder['extRefFactory'], @@ -82,11 +83,11 @@ export class ComponentBuilder { this.#licenseFactory = licenseFactory } - get extRefFactory (): Factories.FromNodePackageJson.ExternalReferenceFactory { + get extRefFactory (): ExternalReferenceFactory { return this.#extRefFactory } - get licenseFactory (): Factories.LicenseFactory { + get licenseFactory (): LicenseFactory { return this.#licenseFactory } @@ -104,8 +105,8 @@ export class ComponentBuilder { const author = typeof data.author === 'string' ? data.author : (typeof data.author?.name === 'string' - ? data.author.name - : undefined) + ? data.author.name + : undefined) /* see https://docs.npmjs.com/cli/v9/configuring-npm/package-json#description-1 */ const description = typeof data.description === 'string' diff --git a/src/factories/fromNodePackageJson.node.ts b/src/contrib/fromNodePackageJson.node/factories.ts similarity index 92% rename from src/factories/fromNodePackageJson.node.ts rename to src/contrib/fromNodePackageJson.node/factories.ts index f782f1872..637adf9bc 100644 --- a/src/factories/fromNodePackageJson.node.ts +++ b/src/contrib/fromNodePackageJson.node/factories.ts @@ -29,16 +29,16 @@ Copyright (c) OWASP Foundation. All Rights Reserved. import type { PackageURL } from 'packageurl-js' import { PurlQualifierNames } from 'packageurl-js' -import { tryCanonicalizeGitUrl } from "../_helpers/gitUrl" -import { isNotUndefined } from '../_helpers/notUndefined' -import { ExternalReferenceType } from '../enums/externalReferenceType' -import { HashAlgorithm } from "../enums/hashAlogorithm"; -import type { Component } from '../models/component' -import { ExternalReference } from '../models/externalReference' -import { HashDictionary } from '../models/hash' -import type { NodePackageJson } from '../types/nodePackageJson' -import { defaultRegistryMatcher, parsePackageIntegrity } from '../utils/npmjsUtility.node' -import { PackageUrlFactory as PlainPackageUrlFactory } from './packageUrl' +import { tryCanonicalizeGitUrl } from "./_helpers/gitUrl" +import { isNotUndefined } from '../../_helpers/notUndefined' +import { ExternalReferenceType } from '../../enums/externalReferenceType' +import { HashAlgorithm } from "../../enums/hashAlogorithm"; +import type { Component } from '../../models/component' +import { ExternalReference } from '../../models/externalReference' +import { HashDictionary } from '../../models/hash' +import type { NodePackageJson } from './types' +import { defaultRegistryMatcher, parsePackageIntegrity } from './utils' +import { PackageUrlFactory as PlainPackageUrlFactory } from '../packageUrl/factories' /** * Node-specific ExternalReferenceFactory. diff --git a/src/contrib/fromNodePackageJson.node/index.ts b/src/contrib/fromNodePackageJson.node/index.ts new file mode 100644 index 000000000..0cdd178cf --- /dev/null +++ b/src/contrib/fromNodePackageJson.node/index.ts @@ -0,0 +1,32 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +/** + * Node-specifics. + * + * Intended to run on normalized data structures + * based on [PackageJson spec](https://github.com/SchemaStore/schemastore/blob/master/src/schemas/json/package.json) + * and explained by [PackageJson description](https://docs.npmjs.com/cli/v9/configuring-npm/package-json). + * Normalization should be done downstream, for example via [`normalize-package-data`](https://www.npmjs.com/package/normalize-package-data). + */ + +export * as Builders from './builders' +export * as Factories from './factories' +export * as Types from './types' +export * as Utils from './utils' diff --git a/src/types/nodePackageJson.ts b/src/contrib/fromNodePackageJson.node/types.ts similarity index 100% rename from src/types/nodePackageJson.ts rename to src/contrib/fromNodePackageJson.node/types.ts diff --git a/src/utils/npmjsUtility.node.ts b/src/contrib/fromNodePackageJson.node/utils.ts similarity index 98% rename from src/utils/npmjsUtility.node.ts rename to src/contrib/fromNodePackageJson.node/utils.ts index 14208cf0b..48834e3af 100644 --- a/src/utils/npmjsUtility.node.ts +++ b/src/contrib/fromNodePackageJson.node/utils.ts @@ -17,7 +17,7 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -import {HashAlgorithm} from '../enums/hashAlogorithm' +import {HashAlgorithm} from '../../enums/hashAlogorithm' /** * See {@link https://docs.npmjs.com/cli/v9/configuring-npm/package-lock-json#packages | package lock docs} for "integrity". diff --git a/src/contrib/index.ts b/src/contrib/index.common.ts similarity index 95% rename from src/contrib/index.ts rename to src/contrib/index.common.ts index 217cc59d4..d5cd24c32 100644 --- a/src/contrib/index.ts +++ b/src/contrib/index.common.ts @@ -20,4 +20,5 @@ Copyright (c) OWASP Foundation. All Rights Reserved. /** * Some features in this library are marked as contrib. These are community-provided extensions and are not part of the official standard. They are optional and may evolve independently from the core. */ -export {} + +export * as PackageUrl from './packageUrl' diff --git a/src/contrib/index.node.ts b/src/contrib/index.node.ts new file mode 100644 index 000000000..150c120de --- /dev/null +++ b/src/contrib/index.node.ts @@ -0,0 +1,32 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + + +/** + * Some features in this library are marked as contrib. These are community-provided extensions and are not part of the official standard. They are optional and may evolve independently from the core. + */ + +export * from './index.common' + +// region node-specifics + +export * as FromNodePackageJson from './fromNodePackageJson.node' +export * as License from './license/index.node' + +// endregion node-specifics diff --git a/src/contrib/index.web..ts b/src/contrib/index.web..ts new file mode 100644 index 000000000..b73ddbfee --- /dev/null +++ b/src/contrib/index.web..ts @@ -0,0 +1,30 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + +/** + * Some features in this library are marked as contrib. These are community-provided extensions and are not part of the official standard. They are optional and may evolve independently from the core. + */ + +export * from './index.common' + +// region web-specifics + +export * as License from './license/index.web' + +// endregion web-specifics diff --git a/src/contrib/license/_helpers/README.md b/src/contrib/license/_helpers/README.md new file mode 100644 index 000000000..32444f4d7 --- /dev/null +++ b/src/contrib/license/_helpers/README.md @@ -0,0 +1,6 @@ +# Helpers + +These are _internal_ helpers, that are not intended to be exported/published. + +The helpers SHALL **NOT** be marked as `@internal`, so that TypeScript might pick up on them and still render definitions for them. +The internal defined interfaces, classes, functions are required for proper type checking downstream, but SHOULD NOT be utilized/called downstream. diff --git a/src/_helpers/mime.node.ts b/src/contrib/license/_helpers/mime.node.ts similarity index 100% rename from src/_helpers/mime.node.ts rename to src/contrib/license/_helpers/mime.node.ts diff --git a/src/factories/license.ts b/src/contrib/license/factories.ts similarity index 92% rename from src/factories/license.ts rename to src/contrib/license/factories.ts index 7bf773914..c218f5bf8 100644 --- a/src/factories/license.ts +++ b/src/contrib/license/factories.ts @@ -17,9 +17,9 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -import type { DisjunctiveLicense, License } from '../models/license' -import { LicenseExpression, NamedLicense, SpdxLicense } from '../models/license' -import { fixupSpdxId, isValidSpdxLicenseExpression } from '../spdx' +import type { DisjunctiveLicense, License } from '../../models/license' +import { LicenseExpression, NamedLicense, SpdxLicense } from '../../models/license' +import { fixupSpdxId, isValidSpdxLicenseExpression } from '../../spdx' export class LicenseFactory { makeFromString (value: string): License { diff --git a/src/contrib/license/index.common.ts b/src/contrib/license/index.common.ts new file mode 100644 index 000000000..9805244ee --- /dev/null +++ b/src/contrib/license/index.common.ts @@ -0,0 +1,21 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + + +export * as Factories from './factories' diff --git a/src/contrib/license/index.node.ts b/src/contrib/license/index.node.ts new file mode 100644 index 000000000..881aa6131 --- /dev/null +++ b/src/contrib/license/index.node.ts @@ -0,0 +1,27 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + + +export * from './index.common' + +// region node-specifics + +export * as Utils from './utils.node' + +// endregion node-specifics diff --git a/src/contrib/license/index.web.ts b/src/contrib/license/index.web.ts new file mode 100644 index 000000000..cfb298180 --- /dev/null +++ b/src/contrib/license/index.web.ts @@ -0,0 +1,27 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + + +export * from './index.common' + +// region web-specifics + +// nothing. yet ... + +// endregion web-specifics diff --git a/src/utils/licenseUtility.node.ts b/src/contrib/license/utils.node.ts similarity index 95% rename from src/utils/licenseUtility.node.ts rename to src/contrib/license/utils.node.ts index e6b66462e..b505d5993 100644 --- a/src/utils/licenseUtility.node.ts +++ b/src/contrib/license/utils.node.ts @@ -26,9 +26,9 @@ Copyright (c) OWASP Foundation. All Rights Reserved. import type { Stats } from 'node:fs' -import { guessMimeTypeForLicenseFile } from '../_helpers/mime.node' -import { AttachmentEncoding } from '../enums/attachmentEncoding' -import { Attachment } from '../models/attachment' +import { guessMimeTypeForLicenseFile } from './_helpers/mime.node' +import { AttachmentEncoding } from '../../enums/attachmentEncoding' +import { Attachment } from '../../models/attachment' export interface FsUtils

{ readdirSync: (path: P ) => P[] diff --git a/src/factories/packageUrl.ts b/src/contrib/packageUrl/factories.ts similarity index 95% rename from src/factories/packageUrl.ts rename to src/contrib/packageUrl/factories.ts index 069e01f72..8db56d2ff 100644 --- a/src/factories/packageUrl.ts +++ b/src/contrib/packageUrl/factories.ts @@ -19,8 +19,8 @@ Copyright (c) OWASP Foundation. All Rights Reserved. import { PackageURL, PurlQualifierNames } from 'packageurl-js' -import { ExternalReferenceType } from '../enums/externalReferenceType' -import type { Component } from '../models/component' +import { ExternalReferenceType } from '../../enums/externalReferenceType' +import type { Component } from '../../models/component' export class PackageUrlFactory { readonly #type: PurlType diff --git a/src/contrib/packageUrl/index.ts b/src/contrib/packageUrl/index.ts new file mode 100644 index 000000000..6e9c98f4a --- /dev/null +++ b/src/contrib/packageUrl/index.ts @@ -0,0 +1 @@ +export * as Factories from './factories' diff --git a/src/factories/index.common.ts b/src/factories/index.common.ts index dab3e01e5..8bc06c20e 100644 --- a/src/factories/index.common.ts +++ b/src/factories/index.common.ts @@ -19,5 +19,5 @@ Copyright (c) OWASP Foundation. All Rights Reserved. // not everything is public, yet -export * from './license' -export * from './packageUrl' +export * from '../contrib/license/factories' +export * from '../contrib/packageUrl/factories' diff --git a/src/factories/index.node.ts b/src/factories/index.node.ts index 872de4f2f..e3249ece0 100644 --- a/src/factories/index.node.ts +++ b/src/factories/index.node.ts @@ -21,6 +21,6 @@ export * from './index.common' // region node-specifics -export * as FromNodePackageJson from './fromNodePackageJson.node' +export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node/factories' // endregion node-specifics diff --git a/src/index.node.ts b/src/index.node.ts index cace8af4e..60f872d28 100644 --- a/src/index.node.ts +++ b/src/index.node.ts @@ -25,6 +25,7 @@ export * from './index.common' // region node-specifics +export * as Contrib from './contrib/index.node' export * as Builders from './builders/index.node' export * as Factories from './factories/index.node' export * as Serialize from './serialize/index.node' @@ -38,4 +39,6 @@ export * as Validation from './validation/index.node' */ export * as _Resources from './resources.node' +// do not export the _helpers, they are for internal use only + // endregion node-specifics diff --git a/src/index.web.ts b/src/index.web.ts index f4efdf3d6..a757f5c14 100644 --- a/src/index.web.ts +++ b/src/index.web.ts @@ -26,4 +26,6 @@ export * as Serialize from './serialize/index.web' export * as Utils from './utils/index.web' export * as Validation from './validation/index.web' +// do not export the _helpers, they are for internal use only + // endregion web-specifics diff --git a/src/types/index.ts b/src/types/index.ts index 2f2e2f09f..c9e7f66f6 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -23,4 +23,4 @@ export * from './integer' export * from './mimeType' // yes, this is node-specific, but who cares - these are just types -export * from './nodePackageJson' +export * from '../contrib/fromNodePackageJson.node/types' diff --git a/src/utils/index.node.ts b/src/utils/index.node.ts index de45da246..326660233 100644 --- a/src/utils/index.node.ts +++ b/src/utils/index.node.ts @@ -21,7 +21,7 @@ export * from './index.common' // region node-specifics -export * as LicenseUtility from './licenseUtility.node' -export * as NpmjsUtility from './npmjsUtility.node' +export * as LicenseUtility from '../contrib/license/utils.node' +export * as NpmjsUtility from '../contrib/fromNodePackageJson.node/utils' // endregion node-specifics From 12d64f8c65328e687cf970d62961a99a3a44965d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 26 Nov 2025 12:38:59 +0100 Subject: [PATCH 03/13] refactor: moved contrib foo Signed-off-by: Jan Kowalleck --- src/builders/index.node.ts | 2 +- src/contrib/{index.web..ts => index.web.ts} | 0 src/factories/index.common.ts | 4 ++-- src/factories/index.node.ts | 2 +- src/index.web.ts | 1 + src/types/index.ts | 2 +- src/utils/index.node.ts | 4 ++-- 7 files changed, 8 insertions(+), 7 deletions(-) rename src/contrib/{index.web..ts => index.web.ts} (100%) diff --git a/src/builders/index.node.ts b/src/builders/index.node.ts index 532dc6459..6df654d78 100644 --- a/src/builders/index.node.ts +++ b/src/builders/index.node.ts @@ -17,4 +17,4 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node' +export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node' // DEPRECATED - use original diff --git a/src/contrib/index.web..ts b/src/contrib/index.web.ts similarity index 100% rename from src/contrib/index.web..ts rename to src/contrib/index.web.ts diff --git a/src/factories/index.common.ts b/src/factories/index.common.ts index 8bc06c20e..5d776cd25 100644 --- a/src/factories/index.common.ts +++ b/src/factories/index.common.ts @@ -19,5 +19,5 @@ Copyright (c) OWASP Foundation. All Rights Reserved. // not everything is public, yet -export * from '../contrib/license/factories' -export * from '../contrib/packageUrl/factories' +export * from '../contrib/license/factories' // DEPRECATED - use original +export * from '../contrib/packageUrl/factories' // DEPRECATED - use original diff --git a/src/factories/index.node.ts b/src/factories/index.node.ts index e3249ece0..f37d32d58 100644 --- a/src/factories/index.node.ts +++ b/src/factories/index.node.ts @@ -21,6 +21,6 @@ export * from './index.common' // region node-specifics -export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node/factories' +export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node/factories' // DEPRECATED - use original // endregion node-specifics diff --git a/src/index.web.ts b/src/index.web.ts index a757f5c14..d98ceef2f 100644 --- a/src/index.web.ts +++ b/src/index.web.ts @@ -21,6 +21,7 @@ export * from './index.common' // region web-specifics +export * as Contrib from './contrib/index.web' export * as Factories from './factories/index.web' export * as Serialize from './serialize/index.web' export * as Utils from './utils/index.web' diff --git a/src/types/index.ts b/src/types/index.ts index c9e7f66f6..734995475 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -23,4 +23,4 @@ export * from './integer' export * from './mimeType' // yes, this is node-specific, but who cares - these are just types -export * from '../contrib/fromNodePackageJson.node/types' +export * from '../contrib/fromNodePackageJson.node/types' // DEPRECATED - use original diff --git a/src/utils/index.node.ts b/src/utils/index.node.ts index 326660233..fd4d83e81 100644 --- a/src/utils/index.node.ts +++ b/src/utils/index.node.ts @@ -21,7 +21,7 @@ export * from './index.common' // region node-specifics -export * as LicenseUtility from '../contrib/license/utils.node' -export * as NpmjsUtility from '../contrib/fromNodePackageJson.node/utils' +export * as LicenseUtility from '../contrib/license/utils.node' // DEPRECATED - use original +export * as NpmjsUtility from '../contrib/fromNodePackageJson.node/utils' // DEPRECATED - use original // endregion node-specifics From 9754509625bbddd43ebbe488db3fc2a37acc33c3 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 26 Nov 2025 12:42:47 +0100 Subject: [PATCH 04/13] refactor: moved contrib foo Signed-off-by: Jan Kowalleck --- .../fromNodePackageJson.node/builders.ts | 6 +++--- .../fromNodePackageJson.node/factories.ts | 4 ++-- src/contrib/fromNodePackageJson.node/index.ts | 2 ++ src/contrib/index.node.ts | 1 - src/contrib/license/index.common.ts | 3 ++- src/contrib/license/index.node.ts | 3 ++- src/contrib/license/index.web.ts | 3 ++- src/contrib/license/utils.node.ts | 2 +- src/contrib/packageUrl/index.ts | 19 +++++++++++++++++++ src/index.common.ts | 1 + src/index.node.ts | 5 +++-- src/index.web.ts | 3 ++- src/utils/index.node.ts | 2 +- 13 files changed, 40 insertions(+), 14 deletions(-) diff --git a/src/contrib/fromNodePackageJson.node/builders.ts b/src/contrib/fromNodePackageJson.node/builders.ts index 100504900..938b831d6 100644 --- a/src/contrib/fromNodePackageJson.node/builders.ts +++ b/src/contrib/fromNodePackageJson.node/builders.ts @@ -26,14 +26,14 @@ Copyright (c) OWASP Foundation. All Rights Reserved. * Normalization should be done downstream, for example via [`normalize-package-data`](https://www.npmjs.com/package/normalize-package-data). */ -import { splitNameGroup } from './_helpers/packageJson' import { ComponentType } from '../../enums/componentType' -import type { ExternalReferenceFactory } from './factories' -import type { LicenseFactory } from '../license/factories' import { Component } from '../../models/component' import { ExternalReferenceRepository } from '../../models/externalReference' import { LicenseRepository } from '../../models/license' import { Tool } from '../../models/tool' +import type { LicenseFactory } from '../license/factories' +import { splitNameGroup } from './_helpers/packageJson' +import type { ExternalReferenceFactory } from './factories' import type { NodePackageJson } from './types' /** diff --git a/src/contrib/fromNodePackageJson.node/factories.ts b/src/contrib/fromNodePackageJson.node/factories.ts index 637adf9bc..e42d549e5 100644 --- a/src/contrib/fromNodePackageJson.node/factories.ts +++ b/src/contrib/fromNodePackageJson.node/factories.ts @@ -29,16 +29,16 @@ Copyright (c) OWASP Foundation. All Rights Reserved. import type { PackageURL } from 'packageurl-js' import { PurlQualifierNames } from 'packageurl-js' -import { tryCanonicalizeGitUrl } from "./_helpers/gitUrl" import { isNotUndefined } from '../../_helpers/notUndefined' import { ExternalReferenceType } from '../../enums/externalReferenceType' import { HashAlgorithm } from "../../enums/hashAlogorithm"; import type { Component } from '../../models/component' import { ExternalReference } from '../../models/externalReference' import { HashDictionary } from '../../models/hash' +import { PackageUrlFactory as PlainPackageUrlFactory } from '../packageUrl/factories' +import { tryCanonicalizeGitUrl } from "./_helpers/gitUrl" import type { NodePackageJson } from './types' import { defaultRegistryMatcher, parsePackageIntegrity } from './utils' -import { PackageUrlFactory as PlainPackageUrlFactory } from '../packageUrl/factories' /** * Node-specific ExternalReferenceFactory. diff --git a/src/contrib/fromNodePackageJson.node/index.ts b/src/contrib/fromNodePackageJson.node/index.ts index 0cdd178cf..a31e7f04d 100644 --- a/src/contrib/fromNodePackageJson.node/index.ts +++ b/src/contrib/fromNodePackageJson.node/index.ts @@ -30,3 +30,5 @@ export * as Builders from './builders' export * as Factories from './factories' export * as Types from './types' export * as Utils from './utils' + +// do not export the _helpers, they are for internal use only diff --git a/src/contrib/index.node.ts b/src/contrib/index.node.ts index 150c120de..a6826131a 100644 --- a/src/contrib/index.node.ts +++ b/src/contrib/index.node.ts @@ -17,7 +17,6 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ - /** * Some features in this library are marked as contrib. These are community-provided extensions and are not part of the official standard. They are optional and may evolve independently from the core. */ diff --git a/src/contrib/license/index.common.ts b/src/contrib/license/index.common.ts index 9805244ee..1ad0f01ad 100644 --- a/src/contrib/license/index.common.ts +++ b/src/contrib/license/index.common.ts @@ -17,5 +17,6 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ - export * as Factories from './factories' + +// do not export the _helpers, they are for internal use only diff --git a/src/contrib/license/index.node.ts b/src/contrib/license/index.node.ts index 881aa6131..49334588a 100644 --- a/src/contrib/license/index.node.ts +++ b/src/contrib/license/index.node.ts @@ -17,7 +17,6 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ - export * from './index.common' // region node-specifics @@ -25,3 +24,5 @@ export * from './index.common' export * as Utils from './utils.node' // endregion node-specifics + +// do not export the _helpers, they are for internal use only diff --git a/src/contrib/license/index.web.ts b/src/contrib/license/index.web.ts index cfb298180..c9f1f7de5 100644 --- a/src/contrib/license/index.web.ts +++ b/src/contrib/license/index.web.ts @@ -17,7 +17,6 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ - export * from './index.common' // region web-specifics @@ -25,3 +24,5 @@ export * from './index.common' // nothing. yet ... // endregion web-specifics + +// do not export the _helpers, they are for internal use only diff --git a/src/contrib/license/utils.node.ts b/src/contrib/license/utils.node.ts index b505d5993..0e7b4b48a 100644 --- a/src/contrib/license/utils.node.ts +++ b/src/contrib/license/utils.node.ts @@ -26,9 +26,9 @@ Copyright (c) OWASP Foundation. All Rights Reserved. import type { Stats } from 'node:fs' -import { guessMimeTypeForLicenseFile } from './_helpers/mime.node' import { AttachmentEncoding } from '../../enums/attachmentEncoding' import { Attachment } from '../../models/attachment' +import { guessMimeTypeForLicenseFile } from './_helpers/mime.node' export interface FsUtils

{ readdirSync: (path: P ) => P[] diff --git a/src/contrib/packageUrl/index.ts b/src/contrib/packageUrl/index.ts index 6e9c98f4a..e898d6e94 100644 --- a/src/contrib/packageUrl/index.ts +++ b/src/contrib/packageUrl/index.ts @@ -1 +1,20 @@ +/*! +This file is part of CycloneDX JavaScript Library. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +SPDX-License-Identifier: Apache-2.0 +Copyright (c) OWASP Foundation. All Rights Reserved. +*/ + export * as Factories from './factories' diff --git a/src/index.common.ts b/src/index.common.ts index 3c9dc9913..4fc31c771 100644 --- a/src/index.common.ts +++ b/src/index.common.ts @@ -22,4 +22,5 @@ export * as Models from './models' export * as SPDX from './spdx' export * as Spec from './spec' export * as Types from './types' + // do not export the _helpers, they are for internal use only diff --git a/src/index.node.ts b/src/index.node.ts index 60f872d28..a6596fa43 100644 --- a/src/index.node.ts +++ b/src/index.node.ts @@ -25,8 +25,8 @@ export * from './index.common' // region node-specifics -export * as Contrib from './contrib/index.node' export * as Builders from './builders/index.node' +export * as Contrib from './contrib/index.node' export * as Factories from './factories/index.node' export * as Serialize from './serialize/index.node' export * as Utils from './utils/index.node' @@ -39,6 +39,7 @@ export * as Validation from './validation/index.node' */ export * as _Resources from './resources.node' +// endregion node-specifics + // do not export the _helpers, they are for internal use only -// endregion node-specifics diff --git a/src/index.web.ts b/src/index.web.ts index d98ceef2f..d1eba5494 100644 --- a/src/index.web.ts +++ b/src/index.web.ts @@ -27,6 +27,7 @@ export * as Serialize from './serialize/index.web' export * as Utils from './utils/index.web' export * as Validation from './validation/index.web' +// endregion web-specifics + // do not export the _helpers, they are for internal use only -// endregion web-specifics diff --git a/src/utils/index.node.ts b/src/utils/index.node.ts index fd4d83e81..8e04417e8 100644 --- a/src/utils/index.node.ts +++ b/src/utils/index.node.ts @@ -21,7 +21,7 @@ export * from './index.common' // region node-specifics -export * as LicenseUtility from '../contrib/license/utils.node' // DEPRECATED - use original export * as NpmjsUtility from '../contrib/fromNodePackageJson.node/utils' // DEPRECATED - use original +export * as LicenseUtility from '../contrib/license/utils.node' // DEPRECATED - use original // endregion node-specifics From f890b67454e9f66b6da305c824fe07754ba63db5 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Wed, 26 Nov 2025 13:26:42 +0100 Subject: [PATCH 05/13] refactor: moved contrib foo Signed-off-by: Jan Kowalleck --- package.json | 2 +- src/builders/index.node.ts | 2 +- tests/contrib/.gitkeep | 0 .../license}/unit/internals/helpers.mime.node.spec.js | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) delete mode 100644 tests/contrib/.gitkeep rename tests/{ => contrib/license}/unit/internals/helpers.mime.node.spec.js (94%) diff --git a/package.json b/package.json index 74ddb5685..491dd2895 100644 --- a/package.json +++ b/package.json @@ -185,7 +185,7 @@ }, "./Contrib": { "types": "./dist.d/contrib/index.d.ts", - "default": "./dist.node/contrib/index.js" + "default": "./dist.node/contrib/index.node.js" } }, "directories": { diff --git a/src/builders/index.node.ts b/src/builders/index.node.ts index 6df654d78..d5bd7c2e8 100644 --- a/src/builders/index.node.ts +++ b/src/builders/index.node.ts @@ -17,4 +17,4 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node' // DEPRECATED - use original +export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node/builders' // DEPRECATED - use original diff --git a/tests/contrib/.gitkeep b/tests/contrib/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/tests/unit/internals/helpers.mime.node.spec.js b/tests/contrib/license/unit/internals/helpers.mime.node.spec.js similarity index 94% rename from tests/unit/internals/helpers.mime.node.spec.js rename to tests/contrib/license/unit/internals/helpers.mime.node.spec.js index a4e31426d..f4d6f6923 100644 --- a/tests/unit/internals/helpers.mime.node.spec.js +++ b/tests/contrib/license/unit/internals/helpers.mime.node.spec.js @@ -23,7 +23,7 @@ const { suite, test } = require('mocha') const { guessMimeTypeForLicenseFile -} = require('../../../dist.node/_helpers/mime.node.js') +} = require('../../../../../dist.node/contrib/license/_helpers/mime.node') suite('unit: internals: helpers.mime.getMimeForLicenseFile', () => { for (const [fileName, expected] of [ From 17c5cf7d412f5466547a67fca14bba00c88f813a Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 27 Nov 2025 11:34:55 +0100 Subject: [PATCH 06/13] refactor: moved contrib foo Signed-off-by: Jan Kowalleck --- package.json | 2 +- src/builders/index.node.ts | 15 ++++++++- .../_helpers/README.md | 0 .../_helpers/gitUrl.ts | 0 .../_helpers/packageJson.ts | 0 .../builders.ts | 0 .../factories.ts | 0 .../index.node.ts} | 0 .../types.ts | 0 .../utils.ts | 0 src/contrib/index.node.ts | 2 +- src/factories/index.common.ts | 24 ++++++++++++-- src/factories/index.node.ts | 14 +++++++- src/types/index.ts | 33 +++++++++++++++++-- src/utils/index.node.ts | 24 ++++++++++++-- 15 files changed, 103 insertions(+), 11 deletions(-) rename src/contrib/{fromNodePackageJson.node => fromNodePackageJson}/_helpers/README.md (100%) rename src/contrib/{fromNodePackageJson.node => fromNodePackageJson}/_helpers/gitUrl.ts (100%) rename src/contrib/{fromNodePackageJson.node => fromNodePackageJson}/_helpers/packageJson.ts (100%) rename src/contrib/{fromNodePackageJson.node => fromNodePackageJson}/builders.ts (100%) rename src/contrib/{fromNodePackageJson.node => fromNodePackageJson}/factories.ts (100%) rename src/contrib/{fromNodePackageJson.node/index.ts => fromNodePackageJson/index.node.ts} (100%) rename src/contrib/{fromNodePackageJson.node => fromNodePackageJson}/types.ts (100%) rename src/contrib/{fromNodePackageJson.node => fromNodePackageJson}/utils.ts (100%) diff --git a/package.json b/package.json index 491dd2895..4c3878227 100644 --- a/package.json +++ b/package.json @@ -184,7 +184,7 @@ "default": "./dist.node/validation/index.node.js" }, "./Contrib": { - "types": "./dist.d/contrib/index.d.ts", + "types": "./dist.d/contrib/index.node.d.ts", "default": "./dist.node/contrib/index.node.js" } }, diff --git a/src/builders/index.node.ts b/src/builders/index.node.ts index d5bd7c2e8..54946f9bb 100644 --- a/src/builders/index.node.ts +++ b/src/builders/index.node.ts @@ -17,4 +17,17 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node/builders' // DEPRECATED - use original +import * as _FromNodePackageJson from '../contrib/fromNodePackageJson/builders' + + +// region deprecated re-exports + +/** + * Alias of {@link Contrib.FromNodePackageJson.Builders}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.FromNodePackageJson.Builders` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const FromNodePackageJson = _FromNodePackageJson + +// endregion deprecated re-exports diff --git a/src/contrib/fromNodePackageJson.node/_helpers/README.md b/src/contrib/fromNodePackageJson/_helpers/README.md similarity index 100% rename from src/contrib/fromNodePackageJson.node/_helpers/README.md rename to src/contrib/fromNodePackageJson/_helpers/README.md diff --git a/src/contrib/fromNodePackageJson.node/_helpers/gitUrl.ts b/src/contrib/fromNodePackageJson/_helpers/gitUrl.ts similarity index 100% rename from src/contrib/fromNodePackageJson.node/_helpers/gitUrl.ts rename to src/contrib/fromNodePackageJson/_helpers/gitUrl.ts diff --git a/src/contrib/fromNodePackageJson.node/_helpers/packageJson.ts b/src/contrib/fromNodePackageJson/_helpers/packageJson.ts similarity index 100% rename from src/contrib/fromNodePackageJson.node/_helpers/packageJson.ts rename to src/contrib/fromNodePackageJson/_helpers/packageJson.ts diff --git a/src/contrib/fromNodePackageJson.node/builders.ts b/src/contrib/fromNodePackageJson/builders.ts similarity index 100% rename from src/contrib/fromNodePackageJson.node/builders.ts rename to src/contrib/fromNodePackageJson/builders.ts diff --git a/src/contrib/fromNodePackageJson.node/factories.ts b/src/contrib/fromNodePackageJson/factories.ts similarity index 100% rename from src/contrib/fromNodePackageJson.node/factories.ts rename to src/contrib/fromNodePackageJson/factories.ts diff --git a/src/contrib/fromNodePackageJson.node/index.ts b/src/contrib/fromNodePackageJson/index.node.ts similarity index 100% rename from src/contrib/fromNodePackageJson.node/index.ts rename to src/contrib/fromNodePackageJson/index.node.ts diff --git a/src/contrib/fromNodePackageJson.node/types.ts b/src/contrib/fromNodePackageJson/types.ts similarity index 100% rename from src/contrib/fromNodePackageJson.node/types.ts rename to src/contrib/fromNodePackageJson/types.ts diff --git a/src/contrib/fromNodePackageJson.node/utils.ts b/src/contrib/fromNodePackageJson/utils.ts similarity index 100% rename from src/contrib/fromNodePackageJson.node/utils.ts rename to src/contrib/fromNodePackageJson/utils.ts diff --git a/src/contrib/index.node.ts b/src/contrib/index.node.ts index a6826131a..cf2d278c7 100644 --- a/src/contrib/index.node.ts +++ b/src/contrib/index.node.ts @@ -25,7 +25,7 @@ export * from './index.common' // region node-specifics -export * as FromNodePackageJson from './fromNodePackageJson.node' +export * as FromNodePackageJson from './fromNodePackageJson/index.node' export * as License from './license/index.node' // endregion node-specifics diff --git a/src/factories/index.common.ts b/src/factories/index.common.ts index 5d776cd25..521398826 100644 --- a/src/factories/index.common.ts +++ b/src/factories/index.common.ts @@ -17,7 +17,25 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ -// not everything is public, yet +import {LicenseFactory as _LicenseFactory} from '../contrib/license/factories' +import {PackageUrlFactory as _PackageUrlFactory} from '../contrib/packageUrl/factories' -export * from '../contrib/license/factories' // DEPRECATED - use original -export * from '../contrib/packageUrl/factories' // DEPRECATED - use original + +// region deprecated re-exports + +/** + * Alias of {@link Contrib.License.Factories.LicenseFactory}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.License.Factories.LicenseFactory` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const LicenseFactory = _LicenseFactory +/** + * Alias of {@link Contrib.PackageUrl.Factories.PackageUrlFactory}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.PackageUrl.Factories.PackageUrlFactory` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const PackageUrlFactory = _PackageUrlFactory + +// endregion deprecated re-exports diff --git a/src/factories/index.node.ts b/src/factories/index.node.ts index f37d32d58..3d475ed1e 100644 --- a/src/factories/index.node.ts +++ b/src/factories/index.node.ts @@ -17,10 +17,22 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ +import * as _FromNodePackageJson from '../contrib/fromNodePackageJson/factories' + export * from './index.common' // region node-specifics -export * as FromNodePackageJson from '../contrib/fromNodePackageJson.node/factories' // DEPRECATED - use original +// region deprecated re-exports + +/** + * Alias of {@link Contrib.FromNodePackageJson.Factories}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.FromNodePackageJson.Factories` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const FromNodePackageJson = _FromNodePackageJson + +// endregion deprecated re-exports // endregion node-specifics diff --git a/src/types/index.ts b/src/types/index.ts index 734995475..44fbd9040 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -17,10 +17,39 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ +import { + assertNodePackageJson as _assertNodePackageJson, + isNodePackageJson as _isNodePackageJson, + type NodePackageJson as _NodePackageJson +} from '../contrib/fromNodePackageJson/types' + export * from './cpe' export * from './cwe' export * from './integer' export * from './mimeType' -// yes, this is node-specific, but who cares - these are just types -export * from '../contrib/fromNodePackageJson.node/types' // DEPRECATED - use original +// region deprecated re-exports + +/** + * Alias of {@link Contrib.FromNodePackageJson.Types.NodePackageJson}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.FromNodePackageJson.Types.NodePackageJson` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export type NodePackageJson = _NodePackageJson +/** + * Alias of {@link Contrib.FromNodePackageJson.Types.assertNodePackageJson}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.FromNodePackageJson.Types.assertNodePackageJson` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const assertNodePackageJson= _assertNodePackageJson +/** + * Alias of {@link Contrib.FromNodePackageJson.Types.isNodePackageJson}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.FromNodePackageJson.Types.isNodePackageJson` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const isNodePackageJson= _isNodePackageJson + +// endregion deprecated re-exports diff --git a/src/utils/index.node.ts b/src/utils/index.node.ts index 8e04417e8..20ab7c5cd 100644 --- a/src/utils/index.node.ts +++ b/src/utils/index.node.ts @@ -17,11 +17,31 @@ SPDX-License-Identifier: Apache-2.0 Copyright (c) OWASP Foundation. All Rights Reserved. */ +import * as _NpmjsUtility from '../contrib/fromNodePackageJson/utils' +import * as _LicenseUtility from '../contrib/license/utils.node' + + export * from './index.common' // region node-specifics -export * as NpmjsUtility from '../contrib/fromNodePackageJson.node/utils' // DEPRECATED - use original -export * as LicenseUtility from '../contrib/license/utils.node' // DEPRECATED - use original +// region deprecated re-exports + +/** + * Alias of {@link Contrib.FromNodePackageJson.Utils}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.FromNodePackageJson.Utils` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const NpmjsUtility = _NpmjsUtility +/** + * Alias of {@link Contrib.License.Utils}. + * @deprecated This re-export location is deprecated. + * Import `Contrib.License.Utils` instead. + * The exported symbol itself is NOT deprecated - only this import path. + */ +export const LicenseUtility = _LicenseUtility + +// region deprecated re-exports // endregion node-specifics From 5ab41cf5716b8aa3d396308c6b4684977229192d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 27 Nov 2025 12:01:14 +0100 Subject: [PATCH 07/13] docs Signed-off-by: Jan Kowalleck --- HISTORY.md | 23 +++++++++++++++++++++++ src/types/index.ts | 1 + 2 files changed, 24 insertions(+) diff --git a/HISTORY.md b/HISTORY.md index 1d19e79f1..836bdba7c 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -6,6 +6,29 @@ All notable changes to this project will be documented in this file. + +* Changed + * Moved non‑standard implementations to Contrib area ([#1344] via [#1343]) +* Deprecated + * Certain exports have been deprecated; downstream imports should be updated to the new locations ([#1344] via [#1343]) + Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details. +* Refactored + * The following symbols were moved. ([#1344] via [#1343]) + The symbols are still import-able through their old location. + * **OLD** -> **NEW** + * `Builders.FromNodePackageJson` -> `Contrib.FromNodePackageJson.Builders` + * `Factories.FromNodePackageJson` -> `Contrib.FromNodePackageJson.Factories` + * `Factories.LicenseFactory` -> `Contrib.License.Factories.LicenseFactory` + * `Factories.PackageUrlFactory` -> `Contrib.PackageUrl.Factories.PackageUrlFactory` + * `Types.assertNodePackageJson` -> `Contrib.FromNodePackageJson.Types.assertNodePackageJson` + * `Types.isNodePackageJson` -> `Contrib.FromNodePackageJson.Types.isNodePackageJson` + * `Types.NodePackageJson` -> `Contrib.FromNodePackageJson.Types.NodePackageJson` + * `Utils.LicenseUtility` -> `Contrib.License.Utils` + * `Utils.NpmjsUtility` -> `Contrib.FromNodePackageJson.Utils` + +[#1344]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1344 +[#1343]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1343 + ## 9.2.0 -- 2025-10-22 * Added diff --git a/src/types/index.ts b/src/types/index.ts index 44fbd9040..813400363 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -23,6 +23,7 @@ import { type NodePackageJson as _NodePackageJson } from '../contrib/fromNodePackageJson/types' + export * from './cpe' export * from './cwe' export * from './integer' From 96a596c8510f4863d94c2dab6f3982f7756a911e Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 27 Nov 2025 12:32:58 +0100 Subject: [PATCH 08/13] docs Signed-off-by: Jan Kowalleck --- package.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/package.json b/package.json index 4c3878227..2c28cee9f 100644 --- a/package.json +++ b/package.json @@ -186,6 +186,10 @@ "./Contrib": { "types": "./dist.d/contrib/index.node.d.ts", "default": "./dist.node/contrib/index.node.js" + }, + "./Contrib/*": {git + "types": "./dist.d/contrib/*/index.node.d.ts", + "default": "./dist.node/contrib/*/index.node.js" } }, "directories": { From 870e1c5194a0233159a7c741a775de74bd42d6bc Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 27 Nov 2025 12:40:42 +0100 Subject: [PATCH 09/13] docs Signed-off-by: Jan Kowalleck --- HISTORY.md | 3 +++ package.json | 14 +++++++++++--- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 836bdba7c..00ae7140c 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -12,6 +12,9 @@ All notable changes to this project will be documented in this file. * Deprecated * Certain exports have been deprecated; downstream imports should be updated to the new locations ([#1344] via [#1343]) Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details. +* Added + * New entry point for `/Contrib` and known submodules (via [#1343]) + See `package.json::exports` for details. * Refactored * The following symbols were moved. ([#1344] via [#1343]) The symbols are still import-able through their old location. diff --git a/package.json b/package.json index 2c28cee9f..d4162a119 100644 --- a/package.json +++ b/package.json @@ -187,9 +187,17 @@ "types": "./dist.d/contrib/index.node.d.ts", "default": "./dist.node/contrib/index.node.js" }, - "./Contrib/*": {git - "types": "./dist.d/contrib/*/index.node.d.ts", - "default": "./dist.node/contrib/*/index.node.js" + "./Contrib/FromNodePackageJson": { + "types": "./dist.d/contrib/fromNodePackageJson/index.node.d.ts", + "default": "./dist.node/contrib/fromNodePackageJson/index.node.js" + }, + "./Contrib/License": { + "types": "./dist.d/contrib/license/index.node.d.ts", + "default": "./dist.node/contrib/license/index.node.js" + }, + "./Contrib/PackageUrl": { + "types": "./dist.d/contrib/packageUrl/index.d.ts", + "default": "./dist.node/contrib/packageUrl/index.js" } }, "directories": { From dc9bfa07fc5329b22595508e8263378f7f64247c Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Thu, 27 Nov 2025 12:44:29 +0100 Subject: [PATCH 10/13] docs Signed-off-by: Jan Kowalleck --- HISTORY.md | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/HISTORY.md b/HISTORY.md index 00ae7140c..ed15b0ff9 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -6,15 +6,14 @@ All notable changes to this project will be documented in this file. - +* Added + * New entry point for `/Contrib` and known submodules (via [#1343]) + See `package.json::exports` for details. * Changed * Moved non‑standard implementations to Contrib area ([#1344] via [#1343]) * Deprecated * Certain exports have been deprecated; downstream imports should be updated to the new locations ([#1344] via [#1343]) Note: the symbols themselves remain supported. See documentation and the "Refactored" section below for details. -* Added - * New entry point for `/Contrib` and known submodules (via [#1343]) - See `package.json::exports` for details. * Refactored * The following symbols were moved. ([#1344] via [#1343]) The symbols are still import-able through their old location. From 5e0247017243bb0b1cff72f0bb743353bce751f6 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 28 Nov 2025 11:02:14 +0100 Subject: [PATCH 11/13] feat: prepare "contrib" area Signed-off-by: Jan Kowalleck --- src/builders/index.node.ts | 3 ++- src/factories/index.common.ts | 7 +++++-- src/factories/index.node.ts | 3 ++- src/types/index.ts | 11 ++++++++--- src/utils/index.node.ts | 7 +++++-- 5 files changed, 22 insertions(+), 9 deletions(-) diff --git a/src/builders/index.node.ts b/src/builders/index.node.ts index 54946f9bb..7ce7055ea 100644 --- a/src/builders/index.node.ts +++ b/src/builders/index.node.ts @@ -23,7 +23,8 @@ import * as _FromNodePackageJson from '../contrib/fromNodePackageJson/builders' // region deprecated re-exports /** - * Alias of {@link Contrib.FromNodePackageJson.Builders}. + * Deprecated — Alias of {@link Contrib.FromNodePackageJson.Builders}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Builders` instead. * The exported symbol itself is NOT deprecated - only this import path. diff --git a/src/factories/index.common.ts b/src/factories/index.common.ts index 521398826..5569bc76a 100644 --- a/src/factories/index.common.ts +++ b/src/factories/index.common.ts @@ -24,14 +24,17 @@ import {PackageUrlFactory as _PackageUrlFactory} from '../contrib/packageUrl/fac // region deprecated re-exports /** - * Alias of {@link Contrib.License.Factories.LicenseFactory}. + * Deprecated — Alias of {@link Contrib.License.Factories.LicenseFactory}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.License.Factories.LicenseFactory` instead. * The exported symbol itself is NOT deprecated - only this import path. */ export const LicenseFactory = _LicenseFactory + /** - * Alias of {@link Contrib.PackageUrl.Factories.PackageUrlFactory}. + * Deprecated — Alias of {@link Contrib.PackageUrl.Factories.PackageUrlFactory}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.PackageUrl.Factories.PackageUrlFactory` instead. * The exported symbol itself is NOT deprecated - only this import path. diff --git a/src/factories/index.node.ts b/src/factories/index.node.ts index 3d475ed1e..99f79a102 100644 --- a/src/factories/index.node.ts +++ b/src/factories/index.node.ts @@ -26,7 +26,8 @@ export * from './index.common' // region deprecated re-exports /** - * Alias of {@link Contrib.FromNodePackageJson.Factories}. + * Deprecated — Alias of {@link Contrib.FromNodePackageJson.Factories}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Factories` instead. * The exported symbol itself is NOT deprecated - only this import path. diff --git a/src/types/index.ts b/src/types/index.ts index 813400363..2a7904bf6 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -32,21 +32,26 @@ export * from './mimeType' // region deprecated re-exports /** - * Alias of {@link Contrib.FromNodePackageJson.Types.NodePackageJson}. + * Deprecated — Alias of {@link Contrib.FromNodePackageJson.Types.NodePackageJson}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Types.NodePackageJson` instead. * The exported symbol itself is NOT deprecated - only this import path. */ export type NodePackageJson = _NodePackageJson + /** - * Alias of {@link Contrib.FromNodePackageJson.Types.assertNodePackageJson}. + * Deprecated — Alias of {@link Contrib.FromNodePackageJson.Types.assertNodePackageJson}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Types.assertNodePackageJson` instead. * The exported symbol itself is NOT deprecated - only this import path. */ export const assertNodePackageJson= _assertNodePackageJson + /** - * Alias of {@link Contrib.FromNodePackageJson.Types.isNodePackageJson}. + * Deprecated — Alias of {@link Contrib.FromNodePackageJson.Types.isNodePackageJson}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Types.isNodePackageJson` instead. * The exported symbol itself is NOT deprecated - only this import path. diff --git a/src/utils/index.node.ts b/src/utils/index.node.ts index 20ab7c5cd..dcf42c91d 100644 --- a/src/utils/index.node.ts +++ b/src/utils/index.node.ts @@ -28,14 +28,17 @@ export * from './index.common' // region deprecated re-exports /** - * Alias of {@link Contrib.FromNodePackageJson.Utils}. + * Deprecated — Alias of {@link Contrib.FromNodePackageJson.Utils}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Utils` instead. * The exported symbol itself is NOT deprecated - only this import path. */ export const NpmjsUtility = _NpmjsUtility + /** - * Alias of {@link Contrib.License.Utils}. + * Deprecated — Alias of {@link Contrib.License.Utils}. + * * @deprecated This re-export location is deprecated. * Import `Contrib.License.Utils` instead. * The exported symbol itself is NOT deprecated - only this import path. From a8dfdb207ec1b11a5416533d880d2e8eef6c46cf Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 28 Nov 2025 14:57:05 +0100 Subject: [PATCH 12/13] feat: prepare "contrib" area Signed-off-by: Jan Kowalleck --- src/types/index.ts | 10 +++++----- src/utils/index.node.ts | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/types/index.ts b/src/types/index.ts index 2a7904bf6..5a9c94979 100644 --- a/src/types/index.ts +++ b/src/types/index.ts @@ -36,7 +36,7 @@ export * from './mimeType' * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Types.NodePackageJson` instead. - * The exported symbol itself is NOT deprecated - only this import path. + * The exported symbol itself is NOT deprecated - only this import path. */ export type NodePackageJson = _NodePackageJson @@ -45,17 +45,17 @@ export type NodePackageJson = _NodePackageJson * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Types.assertNodePackageJson` instead. - * The exported symbol itself is NOT deprecated - only this import path. + * The exported symbol itself is NOT deprecated - only this import path. */ -export const assertNodePackageJson= _assertNodePackageJson +export const assertNodePackageJson = _assertNodePackageJson /** * Deprecated — Alias of {@link Contrib.FromNodePackageJson.Types.isNodePackageJson}. * * @deprecated This re-export location is deprecated. * Import `Contrib.FromNodePackageJson.Types.isNodePackageJson` instead. - * The exported symbol itself is NOT deprecated - only this import path. + * The exported symbol itself is NOT deprecated - only this import path. */ -export const isNodePackageJson= _isNodePackageJson +export const isNodePackageJson = _isNodePackageJson // endregion deprecated re-exports diff --git a/src/utils/index.node.ts b/src/utils/index.node.ts index dcf42c91d..fbd9dbd99 100644 --- a/src/utils/index.node.ts +++ b/src/utils/index.node.ts @@ -45,6 +45,6 @@ export const NpmjsUtility = _NpmjsUtility */ export const LicenseUtility = _LicenseUtility -// region deprecated re-exports +// endregion deprecated re-exports // endregion node-specifics From 9120af8263f414319a69cb5ea9cd4485581d48c7 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 28 Nov 2025 16:23:34 +0100 Subject: [PATCH 13/13] feat: prepare "contrib" area Signed-off-by: Jan Kowalleck --- src/contrib/fromNodePackageJson/factories.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/contrib/fromNodePackageJson/factories.ts b/src/contrib/fromNodePackageJson/factories.ts index e42d549e5..2874f307f 100644 --- a/src/contrib/fromNodePackageJson/factories.ts +++ b/src/contrib/fromNodePackageJson/factories.ts @@ -31,12 +31,12 @@ import { PurlQualifierNames } from 'packageurl-js' import { isNotUndefined } from '../../_helpers/notUndefined' import { ExternalReferenceType } from '../../enums/externalReferenceType' -import { HashAlgorithm } from "../../enums/hashAlogorithm"; +import { HashAlgorithm } from '../../enums/hashAlogorithm' import type { Component } from '../../models/component' import { ExternalReference } from '../../models/externalReference' import { HashDictionary } from '../../models/hash' import { PackageUrlFactory as PlainPackageUrlFactory } from '../packageUrl/factories' -import { tryCanonicalizeGitUrl } from "./_helpers/gitUrl" +import { tryCanonicalizeGitUrl } from './_helpers/gitUrl' import type { NodePackageJson } from './types' import { defaultRegistryMatcher, parsePackageIntegrity } from './utils' @@ -122,7 +122,7 @@ export class ExternalReferenceFactory { } catch { /* pass */ } } if (typeof shasum === 'string' && shasum.length === 40) { - hashes.set(HashAlgorithm["SHA-1"], shasum) + hashes.set(HashAlgorithm['SHA-1'], shasum) comment += ' and property "dist.shasum"' } return new ExternalReference(tarball, ExternalReferenceType.Distribution, { hashes, comment })