v1.0.0 (#6)

First feature complete version.

## Responsibilities
- Provide a yarn plugin that generates CycloneDX SBOM for current
workspace
- Provide a CLI wrapper got said plugin  

## Capabilities
- Supports yarn3 and yarn4
- Can output in XML and JSON format, CycloneDX v1.2 - v1.6 spec
- Can omit dev dependencies

---------

Signed-off-by: Jan Kowalleck <[email protected]>
Signed-off-by: Augustus Kling <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: rart <[email protected]>
Signed-off-by: jkowalleck <[email protected]>
Co-authored-by: Augustus Kling <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Roy Art <[email protected]>
Co-authored-by: jkowalleck <[email protected]>

Author: 4 people

.c8rc.json

@@ -0,0 +1,23 @@
+{
+  "all": true,
+  "src": ["src", "bin"],
+  "exclude": [
+    "**/*.{spec,test}.{js,cjs,mjs}",
+    "**/*.cache/**",
+    "{,CI_}reports/**",
+    "test{,s}/**",
+    "**/{ava,babel,nyc}.config.{js,cjs,mjs}",
+    "**/jest.config.{js,cjs,mjs,ts}",
+    "**/{karma,rollup,webpack}.config.js",
+    "**/.{eslint,mocha}rc.{js,cjs}",
+    ".yarn/**", ".pnp.*"
+  ],
+  "exclude-after-remap": true,
+  "reporter": ["text", "clover", "html"],
+  "reporterOptions": {
+    "clover": {"file": "coverage.clover.xml"},
+    "html": {"subdir": "coverage.html"}
+  },
+  "reports-dir": "./reports/coverage",
+  "temp-directory": "./.c8.cache"
+}

.codacy.yaml

@@ -0,0 +1,17 @@
+# Config for Codacy
+# See https://docs.codacy.com/repositories-configure/codacy-configuration-file/
+---
+engines:
+# engine `eslint-8` shall be disabled, since it fails due to incapability to load custom/own plugins
+# this engine is run via CI/CT anyway...
+exclude_paths:
+  # ignore all non-shipped files
+  - "docs/dev/**"
+  - "examples/**"
+  ## tests
+  - "tests/**"
+  - "**/*.test.*"
+  - "**/*.spec.*"
+  ## dot-files & dot-folders
+  - ".*"
+  - ".*/**"

.editorconfig

@@ -0,0 +1,27 @@
+# EditorConfig is awesome: https://EditorConfig.org
+
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[*.md]
+# trailing white spaces are used for linebreaks in paragraphs.
+trim_trailing_whitespace = false
+
+[*.{ts,js,cjs,mjs}]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{json,cjson,cjsn}]
+charset = utf-8
+end_of_line = lf
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+insert_final_newline = true

.eslintignore

@@ -0,0 +1,13 @@
+# yarn stuff
+/.yarn/**
+/.pnp.*
+
+# generated files: dist and docs
+/reports/**
+/bundles/**
+/dist/**
+/docs/**
+
+
+!/src/**
+/src/buildtime*

.eslintrc.js

@@ -0,0 +1,92 @@
+/*!
+This file is part of CycloneDX SBOM plugin for yarn.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+/**
+ * @type {import('eslint').Linter.Config}
+ * @see https://eslint.org/
+ */
+module.exports = {
+  root: true,
+  plugins: [
+    /* see https://github.com/lydell/eslint-plugin-simple-import-sort#readme */
+    'simple-import-sort',
+    /* see https://github.com/Stuk/eslint-plugin-header#readme */
+    'header'
+  ],
+  env: {
+    commonjs: true,
+    node: true
+  },
+  rules: {
+    // region sort imports/exports
+    /** disable other sorters in favour of `simple-import-sort` */
+    'import/order': 0,
+    'sort-imports': 0,
+    /** @see https://github.com/lydell/eslint-plugin-simple-import-sort/ */
+    'simple-import-sort/imports': 'error',
+    'simple-import-sort/exports': 'error',
+    // endregion sort imports/exports
+    // region license-header
+    /* see https://github.com/Stuk/eslint-plugin-header#readme */
+    'header/header': ['error', '.license-header.js']
+    // endregion license-header
+  },
+  overrides: [
+    {
+      files: ['*.spec.*', '*.test.*'],
+      env: {
+        mocha: true,
+        commonjs: true,
+        node: true
+      }
+    },
+    {
+      files: ['*.ts'],
+      extends: [
+        /** @see https://www.npmjs.com/package/eslint-config-love */
+        'love'
+      ],
+      parserOptions: {
+        project: './tsconfig.json'
+      },
+      rules: {
+        /* @see https://typescript-eslint.io/rules/unbound-method/ */
+        '@typescript-eslint/unbound-method': ['error', {
+          ignoreStatic: true
+        }]
+      }
+    },
+    {
+      files: ['*.js', '*.mjs', '*.cjs'],
+      extends: [
+        /* see https://www.npmjs.com/package/eslint-config-standard */
+        'standard'
+      ]
+    },
+    {
+      files: ['bin/*.js'],
+      rules: {
+        // region license-header
+        /* see https://github.com/Stuk/eslint-plugin-header#readme */
+        'header/header': 'off'
+        // endregion license-header
+      }
+    }
+  ]
+}

.gitattributes

@@ -0,0 +1,10 @@
+
+tsconfig.json       linguist-language=JSON-with-Comments
+tsconfig.*.json     linguist-language=JSON-with-Comments
+
+.yarn/**            linguist-vendored
+.yarn/releases/*    binary
+.yarn/plugins/**/*  binary
+.pnp.*              binary linguist-generated
+
+yarn.lock           linguist-generated linguist-language=YAML

.github/ISSUE_TEMPLATE/1-feature_request.md

@@ -0,0 +1,24 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: enhancement
+assignees: ''
+
+---
+
+## Is your feature request related to a problem? Please describe.
+
+A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+## Describe the solution you'd like
+
+A clear and concise description of what you want to happen.
+
+## Describe alternatives you've considered
+
+A clear and concise description of any alternative solutions or features you've considered.
+
+## Additional context
+
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/2-bug_report.md

@@ -0,0 +1,35 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: "[BUG]"
+labels: bug
+assignees: ''
+
+---
+
+## Describe the bug
+
+A clear and concise description of what the bug is.
+
+## To Reproduce
+
+Steps to reproduce the behavior
+
+## Expected behavior
+
+A clear and concise description of what you expected to happen.
+
+## Screenshots or output-paste
+
+If applicable, add screenshots or past the output to help explain your problem.
+
+## Environment
+
+- _@cyclonedx/yarn-plugin-cyclonedx_ version: <!-- e.g. `v1.0.0+git.1337f00`, get via `[tool call method] --version` -->
+- yarn version: <!-- get via `yarn --version` -->
+- Node version: <!-- get via `node --version` -->
+- OS: <!-- e.g. windows 11, ubuntu linux, ... -->
+
+## Additional context
+
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/ValidationError-report.md

@@ -0,0 +1,34 @@
+---
+name: ValidationError report
+about: Report a ValidationError to help us improve
+title: "[ValidationError]"
+labels: ValidationError
+assignees: ''
+
+---
+
+## To Reproduce
+
+Steps to reproduce the behavior:
+
+1. How was _@cyclonedx/yarn-plugin-cyclonedx_  called?
+   <!-- e.g. `yarn cyclonedx --production ...` -->
+2. What kind of evidence was processed?
+   <!-- upload a complete project or set of `package.json` and `yarn.lock` to this issue, or a pastebin of you choice and put the link here. -->
+3. Error report:
+   <!-- upload the complete output to this issue, or a pastebin of you choice and put the link here. -->
+4. Expected result:
+   <!-- run the original call again
+   with parameters `-vvv --output-reproducible --output-file=-`, 
+   then upload all output to this issue, or to a pastebin of you choice and put the link here. -->
+
+## Environment
+
+- _@cyclonedx/yarn-plugin-cyclonedx_ version: <!-- e.g. `v1.0.0+git.1337f00`, get via `[tool call method] --version` -->
+- yarn version: <!-- get via `yarn --version` -->
+- Node version: <!-- get via `node --version` -->
+- OS: <!-- e.g. windows 11, ubuntu linux, ... -->
+ 
+## Additional context
+
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,11 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Discussions
+    url: https://github.com/CycloneDX/cyclonedx-node-yarn/discussions
+    about: Please ask and answer questions here.
+  - name: Community slack support channel
+    url: https://cyclonedx.slack.com/archives/C04PK6JRUS3
+    about: Community slack channel.
+  - name: Community slack invite
+    url: https://cyclonedx.org/slack/invite
+    about: Community slack invite.

.github/dependabot.yml

@@ -0,0 +1,58 @@
+# https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
+
+version: 2
+updates:
+  - package-ecosystem: 'npm'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+      day: 'saturday'
+    allow:
+      - dependency-type: 'all'
+    versioning-strategy: 'auto'
+    labels: [ 'dependencies' ]
+    commit-message:
+      prefix: 'chore'  ## prefix maximum string length of 15
+      include: 'scope'
+    open-pull-requests-limit: 999
+    ignore:
+      - dependency-name: "@types/node"
+        # version is like `ts.X.Y` -- need to maintain manually
+    groups:
+      eslint:
+        patterns:
+          - 'eslint'
+          - '@eslint/*'
+          - '@types/eslint'
+          - 'eslint-*'
+          - '@types/eslint-*'
+          - '@eslint-community/*'
+          - '@typescript-eslint/*'
+      ajv:
+        patterns:
+          - 'ajv'
+          - 'ajv-*'
+      typescript:
+        patterns:
+          - 'typescript'
+          - '@types/*'
+          - 'typedoc'
+          - 'typedoc-*'
+          - '@microsoft/tsdoc'
+          - '@microsoft/tsdoc-*'
+          - 'ts-loader'
+          - 'tslib'
+      mocha:
+        patterns:
+          - 'mocha'
+          - '@types/mocha'
+  - package-ecosystem: 'github-actions'
+    directory: '/'
+    schedule:
+      interval: 'weekly'
+      day: 'saturday'
+    labels: [ 'dependencies' ]
+    commit-message:
+      prefix: 'chore'   ## prefix maximum string length of 15
+      include: 'scope'
+    open-pull-requests-limit: 999