Skip to content
Creates CycloneDX BOMs from Node.js projects
Branch: master
Clone or download
Latest commit 1cd7811 Nov 28, 2018
Type Name Latest commit message Commit time
Failed to load latest commit information.
bin Finalized filenames, symlinks, etc. Updated version May 23, 2018
LICENSE Update Jul 21, 2018
index.js Support multiple licenses and SPDX expressions Jul 2, 2018
package.json Prepring for release. Changing executable name May 22, 2018
spdx-licenses.json Updated to SPDX 3.3 Nov 27, 2018

Build Status License Website Twitter

CycloneDX Node.js Module

The CycloneDX module for Node.js creates a valid CycloneDX bill-of-material document containing an aggregate of all project dependencies. CycloneDX is a lightweight BoM specification that is easily created, human readable, and simple to parse. The resulting bom.xml can be used with tools such as OWASP Dependency-Track for the continuous analysis of components.



npm install -g @cyclonedx/bom

Getting Help

$ cyclonedx-bom -h
Usage:  cyclonedx-bom [OPTIONS] [path]
  -h        - this help
  -a <path> - merge in additional modules from other scanner
  -o <path> - write to file instead of stdout


cyclonedx-bom -o bom.xml


Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.

You can’t perform that action at this time.