Skip to content

CycloneDX/cyclonedx-node-module

CycloneDX BOM

shield_npm-version shield_gh-workflow-test shield_license
shield_website shield_slack shield_groups shield_twitter-follow


This is a so-called meta-package, it does not ship any own functionality, but it is a collection of optional dependencies. This package's dependencies are tools* with one purpose in common:
generate CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects.

ecosystem actual tool
npm @cyclonedx/cyclonedx-npm
pnpm To be announced, suggestions welcome.
Candidate: cyclonedx-node-pnpm
yarn @cyclonedx/yarn-plugin-cyclonedx

*) You should not depend on this very meta-package, instead depend on the actual tool that fits your specific (eco)system.

Out of Scope

There are systems, that are not node-targeting, but use node as a runtime/compiler environment, or use node package registry as a distribution system. These systems are out of scope. Therefore, the following tools are not part of this very meta-package.

system actual tool(s)
Angular @cyclonedx/webpack-plugin with Angular
Bower None. (Bower is deprecated!)
esbuild To be announced, suggestions welcome.
Candidate: cyclonedx-esbuild-plugin
Parcel To be announced, suggestions welcome
React @cyclonedx/webpack-plugin with React
Rollup rollup-plugin-sbom
Rspack/Rsbuild To be announced, suggestions welcome
Svelte To be announced, suggestions welcome
Vite rollup-plugin-sbom with Vite
webpack @cyclonedx/webpack-plugin

Library

If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, then you might want to try @cyclonedx/cyclonedx-library.

Contributing

You want to have a certain node-based tool added?
Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.

Copyright & License

CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.


Previous versions

This project used to be a tool-set and a library to work and generate CycloneDX Software Bill-of-Materials (SBOM) from npm and yarn based projects.
Since version 4.0, this was all split to individual projects, and this project changed to a bare meta-package.

Previous versions of this very package are still available via npmjs versions and github releases