-
-
Notifications
You must be signed in to change notification settings - Fork 37
/
cyclonedx-bom
executable file
·84 lines (76 loc) · 3.13 KB
/
cyclonedx-bom
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/usr/bin/env node
/*
* This file is part of CycloneDX Node Module.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
* Copyright (c) Steve Springett. All Rights Reserved.
*/
const commander = require('commander');
const program = require('../package.json');
const bomHelpers = require("../index.js");
const fs = require("fs");
const xmlFormat = require("prettify-xml");
const xmlOptions = {indent: 4, newline: "\n"};
const DomParser = require('xmldom').DOMParser;
const Bom = require('../model/Bom');
const Component = require('../model/Component');
const cdx = new commander.Command();
let filePath = '.';
cdx
.description(program.description)
.version(program.version, '-v, --version')
.argument('[path]', 'Path to analyze')
.option('-d, --include-dev', "Include devDependencies", false)
.option('-l, --include-license-text', "Include full license text", false)
.option('-o, --output <output>', "Write BOM to file", "bom.xml")
.option('-t, --type <type>', "Project type", "library")
.option('-ns, --no-serial-number', "Do not include BOM serial number", true)
.action((path) => {
if (path) filePath = path;
})
.parse(process.argv);
const options = cdx.opts();
let includeSerialNumber = options.serialNumber;
let includeLicenseText = options.includeLicenseText;
let output = options.output;
let componentType = options.type;
if (Component.supportedComponentTypes().indexOf(componentType) === -1) {
throw "Unsupported component type. Supported types are " + Component.supportedComponentTypes().toString();
}
// Options are specific to readinstalled
let readInstalledOptions = {};
options.dev = commander.includeDev;
/**
* Creates a Bom object and writes either XML or JSON.
*/
bomHelpers.createbom(componentType, includeSerialNumber, includeLicenseText, filePath, readInstalledOptions, (err, bom) => {
if (bom.components.length === 0) {
console.log("There are no components in the BOM. The project may not contain dependencies or node_modules does not exist. Executing `npm install` prior to CycloneDX may solve the issue.")
}
if(!fs.existsSync(filePath)) {
console.log("Folder path does not exist");
process.exit(1);
}
if (output.endsWith(".xml")) {
let doc = new DomParser().parseFromString(bom.toXML());
let xmlString = xmlFormat(doc.toString(), xmlOptions);
fs.writeFile(output, xmlString, () => {});
} else if (output.endsWith(".json")) {
fs.writeFile(output, bom.toJSON(), () => {});
} else {
console.log("Unsupported file extension. Output filename must end with .xml or .json");
process.exit(1);
}
});