forked from CycloneDX/cyclonedx-node-module
-
Notifications
You must be signed in to change notification settings - Fork 1
/
index.js
57 lines (50 loc) · 2.29 KB
/
index.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
/*!
* This file is part of CycloneDX Node Module.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* SPDX-License-Identifier: Apache-2.0
* Copyright (c) Steve Springett. All Rights Reserved.
*/
const fs = require('fs')
const filePath = require('path')
const readInstalled = require('read-installed')
const { yarnToNpm } = require('synp')
const Bom = require('./model/Bom')
exports.createbom = (componentType, includeSerialNumber, includeLicenseText, path, options, callback) => readInstalled(path, options, (err, pkgInfo) => {
if (err) { callback(err, null); return }
let lockfile
if (fs.existsSync(filePath.join(path, 'package-lock.json'))) {
lockfile = JSON.parse(fs.readFileSync(filePath.join(path, 'package-lock.json')))
} else if (fs.existsSync(filePath.join(path, 'yarn.lock'))) {
// Convert the yarn lock file to a package-lock.json string, prior to parsing JSON.
lockfile = JSON.parse(yarnToNpm(path))
}
// Add a console warning for users that have both npm and yarn lock files.
if (fs.existsSync(filePath.join(path, 'package-lock.json')) && fs.existsSync(filePath.join(path, 'yarn.lock'))) {
console.warn('Please review your project as multiple package management lock files exist, defaulting to package-lock.json')
}
const bom = new Bom(pkgInfo, componentType, includeSerialNumber, includeLicenseText, lockfile)
callback(null, bom)
})
exports.mergebom = function mergebom (doc, additionalDoc) {
const additionalDocComponents = additionalDoc.getElementsByTagName('component')
// appendChild actually removes the element from additionalDocComponents
// which is why we use a while loop instead of a for loop
while (additionalDocComponents.length > 0) {
doc.getElementsByTagName('components')[0].appendChild(
additionalDocComponents[0]
)
}
return true
}