diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d336b4ad..dbb9b05f0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). ## [Unreleased] ### Added +- Support for ingesting CycloneDX `bom.json` and `bom.xml` files - `phylum auth list-tokens` subcommand to list API tokens - `phylum auth revoke-token` subcommand to revoke API tokens diff --git a/Cargo.lock b/Cargo.lock index e801a307f..fa9a534b8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3425,16 +3425,6 @@ dependencies = [ "sha2", ] -[[package]] -name = "packageurl" -version = "0.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c53362339d1c48910f1b0c35e2ae96e2d32e442c7dc3ac5f622908ec87221f08" -dependencies = [ - "percent-encoding", - "thiserror", -] - [[package]] name = "parking" version = "2.1.0" @@ -3678,8 +3668,8 @@ dependencies = [ "lockfile_generator", "log", "nom", - "packageurl", "phylum_types", + "purl", "serde", "serde-xml-rs", "serde_json", diff --git a/cli/src/commands/parse.rs b/cli/src/commands/parse.rs index f5972d9b1..fff3e47fa 100644 --- a/cli/src/commands/parse.rs +++ b/cli/src/commands/parse.rs @@ -357,6 +357,10 @@ mod tests { ("../tests/fixtures/spdx-2.2.spdx.json", LockfileFormat::Spdx), ("../tests/fixtures/spdx-2.3.spdx.json", LockfileFormat::Spdx), ("../tests/fixtures/spdx-2.3.spdx.yaml", LockfileFormat::Spdx), + ("../tests/fixtures/bom.1.3.json", LockfileFormat::CycloneDX), + ("../tests/fixtures/bom.1.3.xml", LockfileFormat::CycloneDX), + ("../tests/fixtures/bom.json", LockfileFormat::CycloneDX), + ("../tests/fixtures/bom.xml", LockfileFormat::CycloneDX), ]; for (file, expected_format) in test_cases { diff --git a/docs/command_line_tool/phylum_analyze.md b/docs/command_line_tool/phylum_analyze.md index 1503e30a1..3da1ccc6e 100644 --- a/docs/command_line_tool/phylum_analyze.md +++ b/docs/command_line_tool/phylum_analyze.md @@ -31,7 +31,7 @@ Usage: phylum analyze [OPTIONS] [LOCKFILE]... -t, --lockfile-type   Lock file type used for all lock files (default: auto) -  Accepted values: `npm`, `yarn`, `pnpm`, `gem`, `pip`, `poetry`, `pipenv`, `mvn`, `gradle`, `nugetlock`, `msbuild`, `go`, `cargo`, `spdx`, `auto` +  Accepted values: `npm`, `yarn`, `pnpm`, `gem`, `pip`, `poetry`, `pipenv`, `mvn`, `gradle`, `nugetlock`, `msbuild`, `go`, `cargo`, `spdx`, `cyclonedx`, `auto` -v, --verbose...   Increase the level of verbosity (the maximum is -vvv) diff --git a/docs/command_line_tool/phylum_init.md b/docs/command_line_tool/phylum_init.md index fd385a436..e00dc1ee1 100644 --- a/docs/command_line_tool/phylum_init.md +++ b/docs/command_line_tool/phylum_init.md @@ -25,7 +25,7 @@ Usage: phylum init [OPTIONS] [PROJECT_NAME] -t, --lockfile-type   Lock file type used for all lock files (default: auto) -  Accepted values: `npm`, `yarn`, `pnpm`, `gem`, `pip`, `poetry`, `pipenv`, `mvn`, `gradle`, `nugetlock`, `msbuild`, `go`, `cargo`, `spdx`, `auto` +  Accepted values: `npm`, `yarn`, `pnpm`, `gem`, `pip`, `poetry`, `pipenv`, `mvn`, `gradle`, `nugetlock`, `msbuild`, `go`, `cargo`, `spdx`, `cyclonedx`, `auto` -f, --force   Overwrite existing configurations without confirmation diff --git a/docs/command_line_tool/phylum_parse.md b/docs/command_line_tool/phylum_parse.md index ad9dcaa44..9d33a0554 100644 --- a/docs/command_line_tool/phylum_parse.md +++ b/docs/command_line_tool/phylum_parse.md @@ -19,7 +19,7 @@ Usage: phylum parse [OPTIONS] [LOCKFILE]... -t, --lockfile-type   Lock file type used for all lock files (default: auto) -  Accepted values: `npm`, `yarn`, `pnpm`, `gem`, `pip`, `poetry`, `pipenv`, `mvn`, `gradle`, `nugetlock`, `msbuild`, `go`, `cargo`, `spdx`, `auto` +  Accepted values: `npm`, `yarn`, `pnpm`, `gem`, `pip`, `poetry`, `pipenv`, `mvn`, `gradle`, `nugetlock`, `msbuild`, `go`, `cargo`, `spdx`, `cyclonedx`, `auto` -v, --verbose...   Increase the level of verbosity (the maximum is -vvv) diff --git a/docs/knowledge_base/analyzing-dependencies.md b/docs/knowledge_base/analyzing-dependencies.md index 41e3e5bb7..683a6ccf2 100644 --- a/docs/knowledge_base/analyzing-dependencies.md +++ b/docs/knowledge_base/analyzing-dependencies.md @@ -22,6 +22,7 @@ The Phylum CLI supports processing many different lockfiles: | `go` | `go.sum` | | `cargo` | `Cargo.lock` | | `spdx` | `*.spdx.json`
`*.spdx.yaml`
`*.spdx.yml`
`*.spdx` | +| `cyclonedx` | `bom.json`
`bom.xml` | The lockfile type will be automatically detected based on the filename. If needed, this can be overridden with the `--lockfile-type` (`-t`) option. diff --git a/lockfile/Cargo.toml b/lockfile/Cargo.toml index 38992a069..6d20b1289 100644 --- a/lockfile/Cargo.toml +++ b/lockfile/Cargo.toml @@ -16,8 +16,8 @@ ignore = "0.4.20" lockfile_generator = { path = "../lockfile_generator", optional = true } log = "0.4.6" nom = "7.1.1" -packageurl = "0.3.0" phylum_types = { git = "https://github.com/phylum-dev/phylum-types", branch = "development" } +purl = "0.1.1" serde = { version = "1.0.144", features = ["derive"] } serde_json = "1.0.85" serde_yaml = "0.9.2" diff --git a/lockfile/src/cyclonedx.rs b/lockfile/src/cyclonedx.rs new file mode 100644 index 000000000..3ef1bb0f1 --- /dev/null +++ b/lockfile/src/cyclonedx.rs @@ -0,0 +1,254 @@ +use std::ffi::OsStr; +use std::path::Path; +use std::str::FromStr; + +use anyhow::anyhow; +use phylum_types::types::package::PackageType; +use purl::GenericPurl; +use serde::Deserialize; + +use crate::{determine_package_version, formatted_package_name, Package, Parse, UnknownEcosystem}; + +/// Define the generic trait for components. +trait Component { + fn component_type(&self) -> &str; + fn name(&self) -> &str; + fn version(&self) -> &str; + fn scope(&self) -> Option<&str>; + fn purl(&self) -> Option<&str>; + fn components(&self) -> Option<&[Self]> + where + Self: Sized; +} + +/// CycloneDX BOM. +#[derive(Clone, Debug, Deserialize)] +#[serde(rename_all = "camelCase")] +struct Bom { + components: Option, +} + +/// Struct for wrapping a list of components from XML. +#[derive(Clone, Debug, Deserialize)] +struct Components { + #[serde(rename = "component")] + components: Vec, +} + +/// Represents a single XML component. +#[derive(Clone, Debug, Deserialize)] +struct XmlComponent { + #[serde(rename = "type")] + component_type: String, + name: String, + version: String, + scope: Option, + purl: Option, + components: Option>, +} + +impl Component for XmlComponent { + fn component_type(&self) -> &str { + &self.component_type + } + + fn name(&self) -> &str { + &self.name + } + + fn version(&self) -> &str { + &self.version + } + + fn scope(&self) -> Option<&str> { + self.scope.as_deref() + } + + fn purl(&self) -> Option<&str> { + self.purl.as_deref() + } + + fn components(&self) -> Option<&[Self]> { + self.components.as_ref().map(|comps| comps.components.as_slice()) + } +} + +/// Represents a single JSON component. +#[derive(Clone, Debug, Deserialize)] +struct JsonComponent { + #[serde(rename = "type")] + component_type: String, + name: String, + version: String, + scope: Option, + purl: Option, + #[serde(default)] + components: Vec, +} + +impl Component for JsonComponent { + fn component_type(&self) -> &str { + &self.component_type + } + + fn name(&self) -> &str { + &self.name + } + + fn version(&self) -> &str { + &self.version + } + + fn scope(&self) -> Option<&str> { + self.scope.as_deref() + } + + fn purl(&self) -> Option<&str> { + self.purl.as_deref() + } + + fn components(&self) -> Option<&[Self]> { + Some(&self.components) + } +} + +/// Filter components based on the type and scope. +fn filter_components(components: &[T]) -> impl Iterator { + components + .iter() + .filter(|&comp| { + let type_check = comp.component_type() == "application" + || comp.component_type() == "framework" + || comp.component_type() == "library"; + + // The scope is optional and can be required, optional, or excluded + // If the scope is None, the spec implies required + let scope_check = match comp.scope() { + Some(scope) => scope == "required", + None => true, + }; + + type_check && scope_check + }) + .flat_map(|comp| { + let nested_iter = match comp.components() { + Some(nested) => filter_components(nested).collect::>(), + None => Vec::new(), + }; + std::iter::once(comp).chain(nested_iter.into_iter()) + }) +} + +/// Convert a component's package URL (PURL) into a package object. +fn from_purl(component: &T) -> anyhow::Result { + let purl_str = component + .purl() + .ok_or_else(|| anyhow!("Missing purl for {}:{}", component.name(), component.version()))?; + let purl = GenericPurl::::from_str(purl_str)?; + let package_type = PackageType::from_str(purl.package_type()).map_err(|_| UnknownEcosystem)?; + + // Determine the package name based on its type and namespace. + let name = formatted_package_name(&package_type, &purl); + + // Extract the package version + let pkg_version = purl + .version() + .ok_or(&component.version()) + .map_err(|_| anyhow!("No version found for `{}`", name))?; + + // Use the qualifiers from the PURL to determine the version details. + let version = determine_package_version(pkg_version, &purl); + + Ok(Package { name, version, package_type }) +} + +pub struct CycloneDX; + +impl Parse for CycloneDX { + fn parse(&self, data: &str) -> anyhow::Result> { + match serde_json::from_str::(data) { + Ok(lock) => { + let parsed: Bom> = serde_json::from_value(lock)?; + parsed.components.map_or(Ok(Vec::new()), |comp| { + let component_iter = filter_components(&comp); + component_iter.map(from_purl).collect() + }) + }, + Err(_) => { + let parsed: Bom> = serde_xml_rs::from_str(data)?; + parsed.components.map_or(Ok(Vec::new()), |comp| { + let component_iter = filter_components(&comp.components); + component_iter.map(from_purl).collect() + }) + }, + } + } + + fn is_path_lockfile(&self, path: &Path) -> bool { + path.file_name() == Some(OsStr::new("bom.json")) + || path.file_name() == Some(OsStr::new("bom.xml")) + } + + fn is_path_manifest(&self, _path: &Path) -> bool { + false + } +} + +#[cfg(test)] +mod tests { + use super::*; + use crate::PackageVersion; + + #[test] + fn parse_cyclonedx_nested_components() { + let expected_pkgs = vec![ + Package { + name: "FrameworkA".into(), + version: PackageVersion::FirstParty("1.0".into()), + package_type: PackageType::Npm, + }, + Package { + name: "LibA".into(), + version: PackageVersion::FirstParty("1.1".into()), + package_type: PackageType::Npm, + }, + Package { + name: "LibB".into(), + version: PackageVersion::FirstParty("1.2".into()), + package_type: PackageType::PyPi, + }, + Package { + name: "AppA".into(), + version: PackageVersion::FirstParty("1.0".into()), + package_type: PackageType::PyPi, + }, + ]; + + let pkgs = CycloneDX.parse(include_str!("../../tests/fixtures/nested_bom.json")).unwrap(); + assert_eq!(pkgs, expected_pkgs); + } + + #[test] + fn parse_cyclonedx_1_5() { + let json_pkgs = CycloneDX.parse(include_str!("../../tests/fixtures/bom.1.5.json")).unwrap(); + let xml_pkgs = CycloneDX.parse(include_str!("../../tests/fixtures/bom.1.5.xml")).unwrap(); + assert_eq!(json_pkgs.len(), xml_pkgs.len()); + assert_eq!(json_pkgs, xml_pkgs); + } + + #[test] + fn parse_cyclonedx_1_4() { + let json_pkgs = CycloneDX.parse(include_str!("../../tests/fixtures/bom.json")).unwrap(); + let xml_pkgs = CycloneDX.parse(include_str!("../../tests/fixtures/bom.xml")).unwrap(); + assert_eq!(json_pkgs.len(), xml_pkgs.len()); + assert_eq!(json_pkgs, xml_pkgs); + } + + #[test] + fn parse_cyclonedx_1_3() { + let json_pkgs = CycloneDX.parse(include_str!("../../tests/fixtures/bom.1.3.json")).unwrap(); + let xml_pkgs = CycloneDX.parse(include_str!("../../tests/fixtures/bom.1.3.xml")).unwrap(); + assert_eq!(json_pkgs.len(), xml_pkgs.len()); + assert_eq!(json_pkgs, xml_pkgs); + } +} diff --git a/lockfile/src/lib.rs b/lockfile/src/lib.rs index 39ba2b80f..423549e64 100644 --- a/lockfile/src/lib.rs +++ b/lockfile/src/lib.rs @@ -5,6 +5,7 @@ use std::str::FromStr; pub use cargo::Cargo; pub use csharp::{CSProj, PackagesLock}; +pub use cyclonedx::CycloneDX; pub use golang::GoSum; use ignore::WalkBuilder; pub use java::{GradleLock, Pom}; @@ -12,15 +13,18 @@ pub use javascript::{PackageLock, Pnpm, YarnLock}; #[cfg(feature = "generator")] use lockfile_generator::Generator; use phylum_types::types::package::PackageType; +use purl::GenericPurl; pub use python::{PipFile, Poetry, PyRequirements}; pub use ruby::GemLock; use serde::de::IntoDeserializer; use serde::{Deserialize, Serialize}; pub use spdx::Spdx; +use thiserror::Error; use walkdir::WalkDir; mod cargo; mod csharp; +mod cyclonedx; mod golang; mod java; mod javascript; @@ -54,6 +58,7 @@ pub enum LockfileFormat { Go, Cargo, Spdx, + CycloneDX, } impl FromStr for LockfileFormat { @@ -94,6 +99,7 @@ impl LockfileFormat { LockfileFormat::Go => "go", LockfileFormat::Cargo => "cargo", LockfileFormat::Spdx => "spdx", + LockfileFormat::CycloneDX => "cyclonedx", } } @@ -114,6 +120,7 @@ impl LockfileFormat { LockfileFormat::Go => &GoSum, LockfileFormat::Cargo => &Cargo, LockfileFormat::Spdx => &Spdx, + LockfileFormat::CycloneDX => &CycloneDX, } } @@ -150,6 +157,7 @@ impl Iterator for LockfileFormatIter { 11 => LockfileFormat::Go, 12 => LockfileFormat::Cargo, 13 => LockfileFormat::Spdx, + 14 => LockfileFormat::CycloneDX, _ => return None, }; self.0 += 1; @@ -326,6 +334,85 @@ pub fn find_lockable_files_at(root: impl AsRef) -> Vec<(PathBuf, LockfileF lockfiles } +/// Define a custom error for unknown ecosystems. +#[derive(Error, Debug)] +#[error("Could not determine ecosystem")] +pub(crate) struct UnknownEcosystem; + +/// Generates a formatted package name based on the given package type and Purl. +/// +/// This function formats package names differently depending on the package +/// type: +/// +/// - For `Maven` packages, the format is `"namespace:name"`. +/// - For `Npm` and `Golang` packages, the format is `"namespace/name"`. +/// - For other package types, or if no namespace is provided, it defaults to +/// the package name. +/// +/// # Arguments +/// +/// - `package_type`: The type of the package. +/// - `purl`: A reference to the Purl struct which contains details about the +/// package. +/// +/// # Returns +/// +/// - A `String` representation of the formatted package name. +pub(crate) fn formatted_package_name( + package_type: &PackageType, + purl: &GenericPurl, +) -> String { + match (package_type, purl.namespace()) { + (PackageType::Maven, Some(ns)) => format!("{}:{}", ns, purl.name()), + (PackageType::Npm | PackageType::Golang, Some(ns)) => format!("{}/{}", ns, purl.name()), + _ => purl.name().into(), + } +} + +/// Determines the package version from Purl qualifiers. +/// +/// This function parses the qualifiers of a Purl object and returns the +/// corresponding `PackageVersion` based on the provided key: +/// +/// - "repository_url": returns a `ThirdParty` version. +/// - "download_url": returns a `DownloadUrl` version. +/// - "vcs_url": checks if it starts with "git+" and returns a `Git` version. +/// - For other keys or in absence of any known key, it defaults to the +/// `FirstParty` version. +/// +/// # Arguments +/// +/// - `purl`: A reference to the Purl struct which contains package details. +/// - `pkg_version`: The default version to use if no specific qualifier is +/// found. +/// +/// # Returns +/// +/// - A `PackageVersion` representing the determined version. +pub(crate) fn determine_package_version( + pkg_version: &str, + purl: &GenericPurl, +) -> PackageVersion { + purl.qualifiers() + .iter() + .find_map(|(key, value)| match key.as_ref() { + "repository_url" => Some(PackageVersion::ThirdParty(ThirdPartyVersion { + version: pkg_version.to_string(), + registry: value.to_string(), + })), + "download_url" => Some(PackageVersion::DownloadUrl(value.to_string())), + "vcs_url" => { + if value.starts_with("git+") { + Some(PackageVersion::Git(value.to_string())) + } else { + None + } + }, + _ => None, + }) + .unwrap_or(PackageVersion::FirstParty(pkg_version.into())) +} + #[cfg(test)] mod tests { use std::fs::{self, File}; @@ -351,6 +438,8 @@ mod tests { ("Cargo.lock", LockfileFormat::Cargo), (".spdx.json", LockfileFormat::Spdx), (".spdx.yaml", LockfileFormat::Spdx), + ("bom.json", LockfileFormat::CycloneDX), + ("bom.xml", LockfileFormat::CycloneDX), ]; for (file, expected_type) in test_cases { @@ -378,6 +467,7 @@ mod tests { ("go", LockfileFormat::Go), ("cargo", LockfileFormat::Cargo), ("spdx", LockfileFormat::Spdx), + ("cyclonedx", LockfileFormat::CycloneDX), ] { let actual_format = name.parse().unwrap_or_else(|e| panic!("Could not parse {:?}: {}", name, e)); @@ -406,6 +496,7 @@ mod tests { ("go", LockfileFormat::Go), ("cargo", LockfileFormat::Cargo), ("spdx", LockfileFormat::Spdx), + ("cyclonedx", LockfileFormat::CycloneDX), ] { let actual_name = format.to_string(); assert_eq!( @@ -448,6 +539,7 @@ mod tests { (LockfileFormat::Go, 1), (LockfileFormat::Cargo, 3), (LockfileFormat::Spdx, 6), + (LockfileFormat::CycloneDX, 7), ] { let mut parsed_lockfiles = Vec::new(); for lockfile in fs::read_dir("../tests/fixtures").unwrap().flatten() { diff --git a/lockfile/src/spdx.rs b/lockfile/src/spdx.rs index c6dca6bcc..7f5fa5e1e 100644 --- a/lockfile/src/spdx.rs +++ b/lockfile/src/spdx.rs @@ -4,18 +4,16 @@ use std::str::FromStr; use anyhow::{anyhow, bail, Context}; use nom::error::convert_error; use nom::Finish; -use packageurl::PackageUrl; use phylum_types::types::package::PackageType; +use purl::GenericPurl; use serde::Deserialize; -use thiserror::Error; use urlencoding::decode; use crate::parsers::spdx; -use crate::{Package, PackageVersion, Parse, ThirdPartyVersion}; - -#[derive(Error, Debug)] -#[error("Could not determine ecosystem")] -struct UnknownEcosystem; +use crate::{ + determine_package_version, formatted_package_name, Package, PackageVersion, Parse, + UnknownEcosystem, +}; #[derive(Deserialize, Debug)] #[serde(rename_all = "camelCase")] @@ -78,17 +76,14 @@ fn type_from_url(url: &str) -> anyhow::Result { } fn from_purl(pkg_url: &str, pkg_info: &PackageInformation) -> anyhow::Result { - let purl = PackageUrl::from_str(pkg_url)?; + let purl = GenericPurl::::from_str(pkg_url)?; - let package_type = PackageType::from_str(purl.ty()) + let package_type = PackageType::from_str(purl.package_type()) .or_else(|_| type_from_url(&pkg_info.download_location)) .context(UnknownEcosystem)?; - let name = match (package_type, purl.namespace()) { - (PackageType::Maven, Some(ns)) => format!("{}:{}", ns, purl.name()), - (PackageType::Npm | PackageType::Golang, Some(ns)) => format!("{}/{}", ns, purl.name()), - _ => purl.name().into(), - }; + // Determine the package name based on its type and namespace. + let name = formatted_package_name(&package_type, &purl); let pkg_version = pkg_info .version_info @@ -96,25 +91,8 @@ fn from_purl(pkg_url: &str, pkg_info: &PackageInformation) -> anyhow::Result Some(PackageVersion::ThirdParty(ThirdPartyVersion { - version: pkg_version.clone(), - registry: value.to_string(), - })), - "download_url" => Some(PackageVersion::DownloadUrl(value.to_string())), - "vcs_url" => { - if value.as_ref().starts_with("git+") { - Some(PackageVersion::Git(value.to_string())) - } else { - None - } - }, - _ => None, - }) - .unwrap_or(PackageVersion::FirstParty(pkg_version.into())); + // Use the qualifiers from the PURL to determine the version details. + let version = determine_package_version(pkg_version, &purl); Ok(Package { name, version, package_type }) } @@ -208,6 +186,7 @@ mod tests { use serde_json::json; use super::*; + use crate::PackageVersion; #[test] fn parse_spdx_2_2_json() { diff --git a/tests/fixtures/bom.1.3.json b/tests/fixtures/bom.1.3.json new file mode 100644 index 000000000..fb73ee0a4 --- /dev/null +++ b/tests/fixtures/bom.1.3.json @@ -0,0 +1,2525 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.3a.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.3", + "version": 1, + "metadata": { + "tools": [ + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "4.0.0" + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.12.1" + } + ], + "component": { + "type": "application", + "name": "demo-bundled-deps", + "version": "0.0.0", + "bom-ref": "demo-bundled-deps@0.0.0", + "description": "demo: demo-bundled-deps -- showcase how bundled deps look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/demo-bundled-deps@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "bundle-dependencies", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2", + "author": "Gajus Kuizinas", + "description": "Generates bundledDependencies package.json value using values of the dependencies property.", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ccf50f6125c5f56589f28ef7874e9b4566aa4b2833b681dc5186e07c30d498110bc2ea42260c31f6d37f09fed1df72e5742511948fc9fc6b10d8d009c59177c" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/bundle-dependencies@1.0.2", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/bundle-dependencies/-/bundle-dependencies-1.0.2.tgz", + "type": "distribution", + "comment": "as detected from npm-ls property \"resolved\"" + }, + { + "url": "https://github.com/gajus/bundle-dependencies/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/gajus/bundle-dependencies.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/bundle-dependencies#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|ansi-regex@2.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ansi-regex.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "1.1.1", + "bom-ref": "bundle-dependencies@1.0.2|builtin-modules@1.1.1", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/builtin-modules.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/builtin-modules" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|camelcase@2.1.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/camelcase.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "3.1.0", + "bom-ref": "bundle-dependencies@1.0.2|cliui@3.1.0", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@3.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/cliui.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/bcoe/cliui", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "code-point-at", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "author": "Sindre Sorhus", + "description": "ES2015 String#codePointAt() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/code-point-at@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/code-point-at.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/code-point-at/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/code-point-at.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/code-point-at", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/code-point-at" + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "1.1.2", + "bom-ref": "bundle-dependencies@1.0.2|decamelize@1.1.2", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@1.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/decamelize.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/decamelize" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.0", + "bom-ref": "bundle-dependencies@1.0.2|error-ex@1.3.0", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.0?vcs_url=git%2Bhttps%3A//github.com/qix-/node-error-ex.git", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/escape-string-regexp.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|find-up@1.1.0", + "author": "Sindre Sorhus", + "description": "Find a file by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/find-up.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.1.3", + "bom-ref": "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.1.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.1.4", + "bom-ref": "bundle-dependencies@1.0.2|hosted-git-info@2.1.4", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.1.4?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "invert-kv", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|invert-kv@1.0.0", + "author": "Sindre Sorhus", + "description": "Invert the key/value of an object. Example: {foo: 'bar'} → {bar: 'foo'}", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/invert-kv@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/invert-kv.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/invert-kv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/invert-kv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/invert-kv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/invert-kv" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1?vcs_url=git%2Bhttps%3A//github.com/qix-/node-is-arrayish.git", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-builtin-module.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-builtin-module" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1?vcs_url=git%2Bhttps%3A//github.com/wayfind/is-utf8.git", + "externalReferences": [ + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "lcid", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|lcid@1.0.0", + "author": "Sindre Sorhus", + "description": "Mapping between standard locale identifiers and Windows locale identifiers (LCID)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lcid@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/lcid.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/lcid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/lcid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lcid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lcid" + } + ] + }, + { + "type": "library", + "name": "load-json-file", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "author": "Sindre Sorhus", + "description": "Read and parse a JSON file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/load-json-file@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/load-json-file.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/load-json-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/load-json-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/load-json-file", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/load-json-file" + } + ] + }, + { + "type": "library", + "name": "lodash.assign", + "version": "4.0.3", + "bom-ref": "bundle-dependencies@1.0.2|lodash.assign@4.0.3", + "author": "John-David Dalton", + "description": "The lodash method `_.assign` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.assign@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.assign" + } + ] + }, + { + "type": "library", + "name": "lodash.keys", + "version": "4.0.3", + "bom-ref": "bundle-dependencies@1.0.2|lodash.keys@4.0.3", + "author": "John-David Dalton", + "description": "The lodash method `_.keys` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.keys@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.keys" + } + ] + }, + { + "type": "library", + "name": "lodash.rest", + "version": "4.0.1", + "bom-ref": "bundle-dependencies@1.0.2|lodash.rest@4.0.1", + "author": "John-David Dalton", + "description": "The lodash method `_.rest` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.rest@4.0.1?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.rest" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "2.3.5", + "bom-ref": "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.3.5?vcs_url=git%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/normalize-package-data" + } + ] + }, + { + "type": "library", + "name": "number-is-nan", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|number-is-nan@1.0.0", + "author": "Sindre Sorhus", + "description": "ES6 Number.isNaN() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/number-is-nan@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/number-is-nan.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/number-is-nan/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/number-is-nan.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/number-is-nan#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/number-is-nan" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.0.1", + "bom-ref": "bundle-dependencies@1.0.2|object-assign@4.0.1", + "author": "Sindre Sorhus", + "description": "ES6 Object.assign() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/object-assign.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "os-locale", + "version": "1.4.0", + "bom-ref": "bundle-dependencies@1.0.2|os-locale@1.4.0", + "author": "Sindre Sorhus", + "description": "Get the system locale", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-locale@1.4.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/os-locale.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/os-locale/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/os-locale.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-locale", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/os-locale" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "2.2.0", + "bom-ref": "bundle-dependencies@1.0.2|parse-json@2.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/parse-json.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|path-exists@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-exists.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|path-type@1.1.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-type.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "bundle-dependencies@1.0.2|pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pify.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "pinkie-promise", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "author": "Vsevolod Strukchinsky", + "description": "ES2015 Promise ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie-promise@2.0.0?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie-promise.git", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/floatdrop/pinkie-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/pinkie-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pinkie-promise" + } + ] + }, + { + "type": "library", + "name": "pinkie", + "version": "2.0.4", + "bom-ref": "bundle-dependencies@1.0.2|pinkie@2.0.4", + "author": "Vsevolod Strukchinsky", + "description": "Itty bitty little widdle twinkie pinkie ES2015 Promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie@2.0.4?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie.git", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/floatdrop/pinkie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/pinkie", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pinkie" + } + ] + }, + { + "type": "library", + "name": "pkg-conf", + "version": "1.1.1", + "bom-ref": "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "author": "Sindre Sorhus", + "description": "Get namespaced config from the closest package.json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-conf@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pkg-conf.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pkg-conf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/pkg-conf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-conf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pkg-conf" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg-up.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/read-pkg-up" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/read-pkg" + } + ] + }, + { + "type": "library", + "name": "require-main-filename", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|require-main-filename@1.0.1", + "author": "Ben Coe", + "description": "shim for require.main.filename() that works in as many environments as possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/require-main-filename@1.0.1?vcs_url=git%2Bssh%3A//git%40github.com/yargs/require-main-filename.git", + "externalReferences": [ + { + "url": "https://github.com/yargs/require-main-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/yargs/require-main-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/require-main-filename#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/require-main-filename" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.1.0", + "bom-ref": "bundle-dependencies@1.0.2|semver@5.1.0", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "author": "Kyle E. Mitchell", + "description": "correct invalid SPDX identifiers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-correct.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-correct" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "1.0.4", + "bom-ref": "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@1.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-exceptions" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "expression": "(MIT AND CC-BY-3.0)" + } + ], + "purl": "pkg:npm/spdx-expression-parse@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-expression-parse" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "1.2.0", + "bom-ref": "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@1.2.0?vcs_url=git%2Bhttps%3A//github.com/shinnn/spdx-license-ids.git", + "externalReferences": [ + { + "url": "https://github.com/shinnn/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/shinnn/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shinnn/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-license-ids" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|string-width@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|strip-bom@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/strip-bom.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "symbol", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|symbol@0.2.1", + "author": "Sean McArthur", + "description": "ES6 Symbols in your ES5.", + "licenses": [ + { + "license": { + "name": "MPLv2.0" + } + } + ], + "purl": "pkg:npm/symbol@0.2.1?vcs_url=git%3A//github.com/seanmonstar/symbol.git", + "externalReferences": [ + { + "url": "https://github.com/seanmonstar/symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git://github.com/seanmonstar/symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/seanmonstar/symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/symbol" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.1", + "bom-ref": "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.1?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/validate-npm-package-license" + } + ] + }, + { + "type": "library", + "name": "window-size", + "version": "0.2.0", + "bom-ref": "bundle-dependencies@1.0.2|window-size@0.2.0", + "author": "Jon Schlinkert", + "description": "Reliable way to to get the height and width of the terminal/console in a node.js environment.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/window-size@0.2.0?vcs_url=git%2Bhttps%3A//github.com/jonschlinkert/window-size.git", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/window-size/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/jonschlinkert/window-size.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/window-size", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/window-size" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|wrap-ansi@1.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@1.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "3.2.0", + "bom-ref": "bundle-dependencies@1.0.2|y18n@3.2.0", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@3.2.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/y18n.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/bcoe/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|yargs-parser@2.1.0", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@2.1.0?vcs_url=git%2Bssh%3A//git%40github.com/yargs/yargs-parser.git", + "externalReferences": [ + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "4.1.0", + "bom-ref": "bundle-dependencies@1.0.2|yargs@4.1.0", + "description": "Light-weight option parsing with an argv hash. No optstrings attached.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@4.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/yargs.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/yargs" + } + ] + } + ] + } + ], + "dependencies": [ + { + "ref": "bundle-dependencies@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|yargs@4.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|ansi-regex@2.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|builtin-modules@1.1.1" + }, + { + "ref": "bundle-dependencies@1.0.2|camelcase@2.1.0" + }, + { + "ref": "bundle-dependencies@1.0.2|cliui@3.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|string-width@1.0.1", + "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "bundle-dependencies@1.0.2|wrap-ansi@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|decamelize@1.1.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|error-ex@1.3.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|is-arrayish@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "bundle-dependencies@1.0.2|find-up@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|path-exists@2.1.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|graceful-fs@4.1.3" + }, + { + "ref": "bundle-dependencies@1.0.2|hosted-git-info@2.1.4" + }, + { + "ref": "bundle-dependencies@1.0.2|invert-kv@1.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|is-arrayish@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|builtin-modules@1.1.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|is-utf8@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|lcid@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|invert-kv@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "bundle-dependencies@1.0.2|parse-json@2.2.0", + "bundle-dependencies@1.0.2|pify@2.3.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "bundle-dependencies@1.0.2|strip-bom@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.assign@4.0.3", + "dependsOn": [ + "bundle-dependencies@1.0.2|lodash.keys@4.0.3", + "bundle-dependencies@1.0.2|lodash.rest@4.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.keys@4.0.3" + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.rest@4.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "dependsOn": [ + "bundle-dependencies@1.0.2|hosted-git-info@2.1.4", + "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "bundle-dependencies@1.0.2|semver@5.1.0", + "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|object-assign@4.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|os-locale@1.4.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|lcid@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|parse-json@2.2.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|error-ex@1.3.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|path-exists@2.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|path-type@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "bundle-dependencies@1.0.2|pify@2.3.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|pify@2.3.0" + }, + { + "ref": "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|pinkie@2.0.4" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|pinkie@2.0.4" + }, + { + "ref": "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|find-up@1.1.0", + "bundle-dependencies@1.0.2|object-assign@4.0.1", + "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "bundle-dependencies@1.0.2|symbol@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|find-up@1.1.0", + "bundle-dependencies@1.0.2|read-pkg@1.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "bundle-dependencies@1.0.2|path-type@1.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|require-main-filename@1.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|semver@5.1.0" + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4" + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4", + "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|string-width@1.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "bundle-dependencies@1.0.2|strip-ansi@3.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|ansi-regex@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|strip-bom@2.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|is-utf8@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|symbol@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|window-size@0.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|wrap-ansi@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|string-width@1.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|y18n@3.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|yargs-parser@2.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|camelcase@2.1.0", + "bundle-dependencies@1.0.2|lodash.assign@4.0.3" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|yargs@4.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|camelcase@2.1.0", + "bundle-dependencies@1.0.2|cliui@3.1.0", + "bundle-dependencies@1.0.2|decamelize@1.1.2", + "bundle-dependencies@1.0.2|os-locale@1.4.0", + "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "bundle-dependencies@1.0.2|require-main-filename@1.0.1", + "bundle-dependencies@1.0.2|string-width@1.0.1", + "bundle-dependencies@1.0.2|window-size@0.2.0", + "bundle-dependencies@1.0.2|y18n@3.2.0", + "bundle-dependencies@1.0.2|yargs-parser@2.1.0" + ] + }, + { + "ref": "demo-bundled-deps@0.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2" + ] + } + ] +} \ No newline at end of file diff --git a/tests/fixtures/bom.1.3.xml b/tests/fixtures/bom.1.3.xml new file mode 100644 index 000000000..a19487770 --- /dev/null +++ b/tests/fixtures/bom.1.3.xml @@ -0,0 +1,1714 @@ + + + + + + @cyclonedx + cyclonedx-library + 4.0.0 + + + @cyclonedx + cyclonedx-npm + 1.12.1 + + + + demo-bundled-deps + 0.0.0 + demo: demo-bundled-deps -- showcase how bundled deps look like + + + Apache-2.0 + + + pkg:npm/demo-bundled-deps@0.0.0 + + + true + + + + + + Gajus Kuizinas + bundle-dependencies + 1.0.2 + Generates bundledDependencies package.json value using values of the dependencies property. + + 7ccf50f6125c5f56589f28ef7874e9b4566aa4b2833b681dc5186e07c30d498110bc2ea42260c31f6d37f09fed1df72e5742511948fc9fc6b10d8d009c59177c + + + + BSD-3-Clause + + + pkg:npm/bundle-dependencies@1.0.2 + + + https://registry.npmjs.org/bundle-dependencies/-/bundle-dependencies-1.0.2.tgz + as detected from npm-ls property "resolved" + + + https://github.com/gajus/bundle-dependencies/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/gajus/bundle-dependencies.git + as detected from PackageJson property "repository.url" + + + https://github.com/gajus/bundle-dependencies#readme + as detected from PackageJson property "homepage" + + + + node_modules/bundle-dependencies + + + + Sindre Sorhus + ansi-regex + 2.0.0 + Regular expression for matching ANSI escape codes + + + MIT + + + pkg:npm/ansi-regex@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ansi-regex.git + + + https://github.com/sindresorhus/ansi-regex/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/ansi-regex.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/ansi-regex + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/ansi-regex + + + + Sindre Sorhus + builtin-modules + 1.1.1 + List of the Node.js builtin modules + + + MIT + + + pkg:npm/builtin-modules@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/builtin-modules.git + + + https://github.com/sindresorhus/builtin-modules/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/builtin-modules.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/builtin-modules#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/builtin-modules + + + + Sindre Sorhus + camelcase + 2.1.0 + Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar + + + MIT + + + pkg:npm/camelcase@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/camelcase.git + + + https://github.com/sindresorhus/camelcase/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/camelcase.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/camelcase#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/camelcase + + + + Ben Coe + cliui + 3.1.0 + easily create complex multi-column command-line-interfaces + + + ISC + + + pkg:npm/cliui@3.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/cliui.git + + + https://github.com/bcoe/cliui/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/cliui.git + as detected from PackageJson property "repository.url" + + + https://github.com/bcoe/cliui + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/cliui + + + + Sindre Sorhus + code-point-at + 1.0.0 + ES2015 String#codePointAt() ponyfill + + + MIT + + + pkg:npm/code-point-at@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/code-point-at.git + + + https://github.com/sindresorhus/code-point-at/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/code-point-at.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/code-point-at + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/code-point-at + + + + Sindre Sorhus + decamelize + 1.1.2 + Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow + + + MIT + + + pkg:npm/decamelize@1.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/decamelize.git + + + https://github.com/sindresorhus/decamelize/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/decamelize.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/decamelize + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/decamelize + + + + error-ex + 1.3.0 + Easy error subclassing and stack customization + + + MIT + + + pkg:npm/error-ex@1.3.0?vcs_url=git%2Bhttps%3A//github.com/qix-/node-error-ex.git + + + https://github.com/qix-/node-error-ex/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/qix-/node-error-ex.git + as detected from PackageJson property "repository.url" + + + https://github.com/qix-/node-error-ex#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/error-ex + + + + Sindre Sorhus + escape-string-regexp + 1.0.5 + Escape RegExp special characters + + + MIT + + + pkg:npm/escape-string-regexp@1.0.5?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/escape-string-regexp.git + + + https://github.com/sindresorhus/escape-string-regexp/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/escape-string-regexp.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/escape-string-regexp + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/escape-string-regexp + + + + Sindre Sorhus + find-up + 1.1.0 + Find a file by walking up parent directories + + + MIT + + + pkg:npm/find-up@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/find-up.git + + + https://github.com/sindresorhus/find-up/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/find-up.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/find-up + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/find-up + + + + graceful-fs + 4.1.3 + A drop-in replacement for fs, making various improvements. + + + ISC + + + pkg:npm/graceful-fs@4.1.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git + + + https://github.com/isaacs/node-graceful-fs/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/isaacs/node-graceful-fs.git + as detected from PackageJson property "repository.url" + + + https://github.com/isaacs/node-graceful-fs#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/graceful-fs + + + + Rebecca Turner + hosted-git-info + 2.1.4 + Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab + + + ISC + + + pkg:npm/hosted-git-info@2.1.4?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git + + + https://github.com/npm/hosted-git-info/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/npm/hosted-git-info.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/hosted-git-info + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/hosted-git-info + + + + Sindre Sorhus + invert-kv + 1.0.0 + Invert the key/value of an object. Example: {foo: 'bar'} → {bar: 'foo'} + + + MIT + + + pkg:npm/invert-kv@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/invert-kv.git + + + https://github.com/sindresorhus/invert-kv/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/invert-kv.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/invert-kv + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/invert-kv + + + + Qix + is-arrayish + 0.2.1 + Determines if an object can be used as an array + + + MIT + + + pkg:npm/is-arrayish@0.2.1?vcs_url=git%2Bhttps%3A//github.com/qix-/node-is-arrayish.git + + + https://github.com/qix-/node-is-arrayish/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/qix-/node-is-arrayish.git + as detected from PackageJson property "repository.url" + + + https://github.com/qix-/node-is-arrayish#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-arrayish + + + + Sindre Sorhus + is-builtin-module + 1.0.0 + Check if a string matches the name of a Node.js builtin module + + + MIT + + + pkg:npm/is-builtin-module@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-builtin-module.git + + + https://github.com/sindresorhus/is-builtin-module/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/is-builtin-module.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/is-builtin-module + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-builtin-module + + + + Sindre Sorhus + is-fullwidth-code-point + 1.0.0 + Check if the character represented by a given Unicode code point is fullwidth + + + MIT + + + pkg:npm/is-fullwidth-code-point@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git + + + https://github.com/sindresorhus/is-fullwidth-code-point/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/is-fullwidth-code-point.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/is-fullwidth-code-point + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-fullwidth-code-point + + + + wayfind + is-utf8 + 0.2.1 + Detect if a buffer is utf8 encoded. + + + MIT + + + pkg:npm/is-utf8@0.2.1?vcs_url=git%2Bhttps%3A//github.com/wayfind/is-utf8.git + + + https://github.com/wayfind/is-utf8/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/wayfind/is-utf8.git + as detected from PackageJson property "repository.url" + + + https://github.com/wayfind/is-utf8#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-utf8 + + + + Sindre Sorhus + lcid + 1.0.0 + Mapping between standard locale identifiers and Windows locale identifiers (LCID) + + + MIT + + + pkg:npm/lcid@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/lcid.git + + + https://github.com/sindresorhus/lcid/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/lcid.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/lcid + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lcid + + + + Sindre Sorhus + load-json-file + 1.1.0 + Read and parse a JSON file + + + MIT + + + pkg:npm/load-json-file@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/load-json-file.git + + + https://github.com/sindresorhus/load-json-file/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/load-json-file.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/load-json-file + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/load-json-file + + + + John-David Dalton + lodash.assign + 4.0.3 + The lodash method `_.assign` exported as a module. + + + MIT + + + pkg:npm/lodash.assign@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.assign + + + + John-David Dalton + lodash.keys + 4.0.3 + The lodash method `_.keys` exported as a module. + + + MIT + + + pkg:npm/lodash.keys@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.keys + + + + John-David Dalton + lodash.rest + 4.0.1 + The lodash method `_.rest` exported as a module. + + + MIT + + + pkg:npm/lodash.rest@4.0.1?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.rest + + + + Meryn Stol + normalize-package-data + 2.3.5 + Normalizes data that can be found in package.json files. + + + BSD-2-Clause + + + pkg:npm/normalize-package-data@2.3.5?vcs_url=git%3A//github.com/npm/normalize-package-data.git + + + https://github.com/npm/normalize-package-data/issues + as detected from PackageJson property "bugs.url" + + + git://github.com/npm/normalize-package-data.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/normalize-package-data#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/normalize-package-data + + + + Sindre Sorhus + number-is-nan + 1.0.0 + ES6 Number.isNaN() ponyfill + + + MIT + + + pkg:npm/number-is-nan@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/number-is-nan.git + + + https://github.com/sindresorhus/number-is-nan/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/number-is-nan.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/number-is-nan#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/number-is-nan + + + + Sindre Sorhus + object-assign + 4.0.1 + ES6 Object.assign() ponyfill + + + MIT + + + pkg:npm/object-assign@4.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/object-assign.git + + + https://github.com/sindresorhus/object-assign/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/object-assign.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/object-assign#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/object-assign + + + + Sindre Sorhus + os-locale + 1.4.0 + Get the system locale + + + MIT + + + pkg:npm/os-locale@1.4.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/os-locale.git + + + https://github.com/sindresorhus/os-locale/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/os-locale.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/os-locale + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/os-locale + + + + Sindre Sorhus + parse-json + 2.2.0 + Parse JSON with more helpful errors + + + MIT + + + pkg:npm/parse-json@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/parse-json.git + + + https://github.com/sindresorhus/parse-json/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/parse-json.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/parse-json + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/parse-json + + + + Sindre Sorhus + path-exists + 2.1.0 + Check if a path exists + + + MIT + + + pkg:npm/path-exists@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-exists.git + + + https://github.com/sindresorhus/path-exists/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/path-exists.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/path-exists + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/path-exists + + + + Sindre Sorhus + path-type + 1.1.0 + Check if a path is a file, directory, or symlink + + + MIT + + + pkg:npm/path-type@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-type.git + + + https://github.com/sindresorhus/path-type/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/path-type.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/path-type + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/path-type + + + + Sindre Sorhus + pify + 2.3.0 + Promisify a callback-style function + + + MIT + + + pkg:npm/pify@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pify.git + + + https://github.com/sindresorhus/pify/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/pify.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/pify + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pify + + + + Vsevolod Strukchinsky + pinkie-promise + 2.0.0 + ES2015 Promise ponyfill + + + MIT + + + pkg:npm/pinkie-promise@2.0.0?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie-promise.git + + + https://github.com/floatdrop/pinkie-promise/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/floatdrop/pinkie-promise.git + as detected from PackageJson property "repository.url" + + + https://github.com/floatdrop/pinkie-promise + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pinkie-promise + + + + Vsevolod Strukchinsky + pinkie + 2.0.4 + Itty bitty little widdle twinkie pinkie ES2015 Promise implementation + + + MIT + + + pkg:npm/pinkie@2.0.4?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie.git + + + https://github.com/floatdrop/pinkie/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/floatdrop/pinkie.git + as detected from PackageJson property "repository.url" + + + https://github.com/floatdrop/pinkie + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pinkie + + + + Sindre Sorhus + pkg-conf + 1.1.1 + Get namespaced config from the closest package.json + + + MIT + + + pkg:npm/pkg-conf@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pkg-conf.git + + + https://github.com/sindresorhus/pkg-conf/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/pkg-conf.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/pkg-conf#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pkg-conf + + + + Sindre Sorhus + read-pkg-up + 1.0.1 + Read the closest package.json file + + + MIT + + + pkg:npm/read-pkg-up@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg-up.git + + + https://github.com/sindresorhus/read-pkg-up/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/read-pkg-up.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/read-pkg-up + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/read-pkg-up + + + + Sindre Sorhus + read-pkg + 1.1.0 + Read a package.json file + + + MIT + + + pkg:npm/read-pkg@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg.git + + + https://github.com/sindresorhus/read-pkg/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/read-pkg.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/read-pkg + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/read-pkg + + + + Ben Coe + require-main-filename + 1.0.1 + shim for require.main.filename() that works in as many environments as possible + + + ISC + + + pkg:npm/require-main-filename@1.0.1?vcs_url=git%2Bssh%3A//git%40github.com/yargs/require-main-filename.git + + + https://github.com/yargs/require-main-filename/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/yargs/require-main-filename.git + as detected from PackageJson property "repository.url" + + + https://github.com/yargs/require-main-filename#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/require-main-filename + + + + semver + 5.1.0 + The semantic version parser used by npm. + + + ISC + + + pkg:npm/semver@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git + + + https://github.com/npm/node-semver/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/npm/node-semver.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/node-semver#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/semver + + + + Kyle E. Mitchell + spdx-correct + 1.0.2 + correct invalid SPDX identifiers + + + Apache-2.0 + + + pkg:npm/spdx-correct@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-correct.js.git + + + https://github.com/kemitchell/spdx-correct.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-correct.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-correct.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-correct + + + + The Linux Foundation + spdx-exceptions + 1.0.4 + list of SPDX standard license exceptions + + + CC-BY-3.0 + + + pkg:npm/spdx-exceptions@1.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git + + + https://github.com/kemitchell/spdx-exceptions.json/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-exceptions.json.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-exceptions.json#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-exceptions + + + + Kyle E. Mitchell + spdx-expression-parse + 1.0.2 + parse SPDX license expressions + + (MIT AND CC-BY-3.0) + + pkg:npm/spdx-expression-parse@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-expression-parse.js.git + + + https://github.com/kemitchell/spdx-expression-parse.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-expression-parse.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-expression-parse.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-expression-parse + + + + Shinnosuke Watanabe + spdx-license-ids + 1.2.0 + A list of SPDX license identifiers + + + Unlicense + + + pkg:npm/spdx-license-ids@1.2.0?vcs_url=git%2Bhttps%3A//github.com/shinnn/spdx-license-ids.git + + + https://github.com/shinnn/spdx-license-ids/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/shinnn/spdx-license-ids.git + as detected from PackageJson property "repository.url" + + + https://github.com/shinnn/spdx-license-ids#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-license-ids + + + + Sindre Sorhus + string-width + 1.0.1 + Get the visual width of a string - the number of columns required to display it + + + MIT + + + pkg:npm/string-width@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git + + + https://github.com/sindresorhus/string-width/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/string-width.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/string-width + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/string-width + + + + Sindre Sorhus + strip-ansi + 3.0.1 + Strip ANSI escape codes + + + MIT + + + pkg:npm/strip-ansi@3.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git + + + https://github.com/chalk/strip-ansi/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/chalk/strip-ansi.git + as detected from PackageJson property "repository.url" + + + https://github.com/chalk/strip-ansi + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/strip-ansi + + + + Sindre Sorhus + strip-bom + 2.0.0 + Strip UTF-8 byte order mark (BOM) from a string/buffer + + + MIT + + + pkg:npm/strip-bom@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/strip-bom.git + + + https://github.com/sindresorhus/strip-bom/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/strip-bom.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/strip-bom + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/strip-bom + + + + Sean McArthur + symbol + 0.2.1 + ES6 Symbols in your ES5. + + + MPLv2.0 + + + pkg:npm/symbol@0.2.1?vcs_url=git%3A//github.com/seanmonstar/symbol.git + + + https://github.com/seanmonstar/symbol/issues + as detected from PackageJson property "bugs.url" + + + git://github.com/seanmonstar/symbol.git + as detected from PackageJson property "repository.url" + + + https://github.com/seanmonstar/symbol#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/symbol + + + + Kyle E. Mitchell + validate-npm-package-license + 3.0.1 + Give me a string and I'll tell you if it's a valid npm package license string + + + Apache-2.0 + + + pkg:npm/validate-npm-package-license@3.0.1?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git + + + https://github.com/kemitchell/validate-npm-package-license.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/validate-npm-package-license.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/validate-npm-package-license.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/validate-npm-package-license + + + + Jon Schlinkert + window-size + 0.2.0 + Reliable way to to get the height and width of the terminal/console in a node.js environment. + + + MIT + + + pkg:npm/window-size@0.2.0?vcs_url=git%2Bhttps%3A//github.com/jonschlinkert/window-size.git + + + https://github.com/jonschlinkert/window-size/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/jonschlinkert/window-size.git + as detected from PackageJson property "repository.url" + + + https://github.com/jonschlinkert/window-size + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/window-size + + + + Sindre Sorhus + wrap-ansi + 1.0.0 + Wordwrap a string with ANSI escape codes + + + MIT + + + pkg:npm/wrap-ansi@1.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git + + + https://github.com/chalk/wrap-ansi/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/chalk/wrap-ansi.git + as detected from PackageJson property "repository.url" + + + https://github.com/chalk/wrap-ansi#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/wrap-ansi + + + + Ben Coe + y18n + 3.2.0 + the bare-bones internationalization library used by yargs + + + ISC + + + pkg:npm/y18n@3.2.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/y18n.git + + + https://github.com/bcoe/y18n/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/y18n.git + as detected from PackageJson property "repository.url" + + + https://github.com/bcoe/y18n + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/y18n + + + + Ben Coe + yargs-parser + 2.1.0 + the mighty option parser used by yargs + + + ISC + + + pkg:npm/yargs-parser@2.1.0?vcs_url=git%2Bssh%3A//git%40github.com/yargs/yargs-parser.git + + + https://github.com/yargs/yargs-parser/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/yargs/yargs-parser.git + as detected from PackageJson property "repository.url" + + + https://github.com/yargs/yargs-parser#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/yargs-parser + + + + yargs + 4.1.0 + Light-weight option parsing with an argv hash. No optstrings attached. + + + MIT + + + pkg:npm/yargs@4.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/yargs.git + + + https://github.com/bcoe/yargs/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/yargs.git + as detected from PackageJson property "repository.url" + + + http://yargs.js.org/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/yargs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/tests/fixtures/bom.1.5.json b/tests/fixtures/bom.1.5.json new file mode 100644 index 000000000..121143fad --- /dev/null +++ b/tests/fixtures/bom.1.5.json @@ -0,0 +1,2559 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "version": 1, + "metadata": { + "tools": [ + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "4.0.0", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.12.1", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-bundled-deps", + "version": "0.0.0", + "bom-ref": "demo-bundled-deps@0.0.0", + "description": "demo: demo-bundled-deps -- showcase how bundled deps look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/demo-bundled-deps@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "bundle-dependencies", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2", + "author": "Gajus Kuizinas", + "description": "Generates bundledDependencies package.json value using values of the dependencies property.", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ccf50f6125c5f56589f28ef7874e9b4566aa4b2833b681dc5186e07c30d498110bc2ea42260c31f6d37f09fed1df72e5742511948fc9fc6b10d8d009c59177c" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/bundle-dependencies@1.0.2", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/bundle-dependencies/-/bundle-dependencies-1.0.2.tgz", + "type": "distribution", + "comment": "as detected from npm-ls property \"resolved\"" + }, + { + "url": "https://github.com/gajus/bundle-dependencies/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/gajus/bundle-dependencies.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/bundle-dependencies#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|ansi-regex@2.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ansi-regex.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "1.1.1", + "bom-ref": "bundle-dependencies@1.0.2|builtin-modules@1.1.1", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/builtin-modules.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/builtin-modules" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|camelcase@2.1.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/camelcase.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "3.1.0", + "bom-ref": "bundle-dependencies@1.0.2|cliui@3.1.0", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@3.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/cliui.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/bcoe/cliui", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "code-point-at", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "author": "Sindre Sorhus", + "description": "ES2015 String#codePointAt() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/code-point-at@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/code-point-at.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/code-point-at/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/code-point-at.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/code-point-at", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/code-point-at" + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "1.1.2", + "bom-ref": "bundle-dependencies@1.0.2|decamelize@1.1.2", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@1.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/decamelize.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/decamelize" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.0", + "bom-ref": "bundle-dependencies@1.0.2|error-ex@1.3.0", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.0?vcs_url=git%2Bhttps%3A//github.com/qix-/node-error-ex.git", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/escape-string-regexp.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|find-up@1.1.0", + "author": "Sindre Sorhus", + "description": "Find a file by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/find-up.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.1.3", + "bom-ref": "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.1.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.1.4", + "bom-ref": "bundle-dependencies@1.0.2|hosted-git-info@2.1.4", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.1.4?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "invert-kv", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|invert-kv@1.0.0", + "author": "Sindre Sorhus", + "description": "Invert the key/value of an object. Example: {foo: 'bar'} → {bar: 'foo'}", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/invert-kv@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/invert-kv.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/invert-kv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/invert-kv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/invert-kv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/invert-kv" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1?vcs_url=git%2Bhttps%3A//github.com/qix-/node-is-arrayish.git", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-builtin-module.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-builtin-module" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1?vcs_url=git%2Bhttps%3A//github.com/wayfind/is-utf8.git", + "externalReferences": [ + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "lcid", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|lcid@1.0.0", + "author": "Sindre Sorhus", + "description": "Mapping between standard locale identifiers and Windows locale identifiers (LCID)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lcid@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/lcid.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/lcid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/lcid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lcid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lcid" + } + ] + }, + { + "type": "library", + "name": "load-json-file", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "author": "Sindre Sorhus", + "description": "Read and parse a JSON file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/load-json-file@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/load-json-file.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/load-json-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/load-json-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/load-json-file", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/load-json-file" + } + ] + }, + { + "type": "library", + "name": "lodash.assign", + "version": "4.0.3", + "bom-ref": "bundle-dependencies@1.0.2|lodash.assign@4.0.3", + "author": "John-David Dalton", + "description": "The lodash method `_.assign` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.assign@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.assign" + } + ] + }, + { + "type": "library", + "name": "lodash.keys", + "version": "4.0.3", + "bom-ref": "bundle-dependencies@1.0.2|lodash.keys@4.0.3", + "author": "John-David Dalton", + "description": "The lodash method `_.keys` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.keys@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.keys" + } + ] + }, + { + "type": "library", + "name": "lodash.rest", + "version": "4.0.1", + "bom-ref": "bundle-dependencies@1.0.2|lodash.rest@4.0.1", + "author": "John-David Dalton", + "description": "The lodash method `_.rest` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.rest@4.0.1?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.rest" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "2.3.5", + "bom-ref": "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.3.5?vcs_url=git%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/normalize-package-data" + } + ] + }, + { + "type": "library", + "name": "number-is-nan", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|number-is-nan@1.0.0", + "author": "Sindre Sorhus", + "description": "ES6 Number.isNaN() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/number-is-nan@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/number-is-nan.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/number-is-nan/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/number-is-nan.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/number-is-nan#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/number-is-nan" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.0.1", + "bom-ref": "bundle-dependencies@1.0.2|object-assign@4.0.1", + "author": "Sindre Sorhus", + "description": "ES6 Object.assign() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/object-assign.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "os-locale", + "version": "1.4.0", + "bom-ref": "bundle-dependencies@1.0.2|os-locale@1.4.0", + "author": "Sindre Sorhus", + "description": "Get the system locale", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-locale@1.4.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/os-locale.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/os-locale/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/os-locale.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-locale", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/os-locale" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "2.2.0", + "bom-ref": "bundle-dependencies@1.0.2|parse-json@2.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/parse-json.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|path-exists@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-exists.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|path-type@1.1.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-type.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "bundle-dependencies@1.0.2|pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pify.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "pinkie-promise", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "author": "Vsevolod Strukchinsky", + "description": "ES2015 Promise ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie-promise@2.0.0?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie-promise.git", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/floatdrop/pinkie-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/pinkie-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pinkie-promise" + } + ] + }, + { + "type": "library", + "name": "pinkie", + "version": "2.0.4", + "bom-ref": "bundle-dependencies@1.0.2|pinkie@2.0.4", + "author": "Vsevolod Strukchinsky", + "description": "Itty bitty little widdle twinkie pinkie ES2015 Promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie@2.0.4?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie.git", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/floatdrop/pinkie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/pinkie", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pinkie" + } + ] + }, + { + "type": "library", + "name": "pkg-conf", + "version": "1.1.1", + "bom-ref": "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "author": "Sindre Sorhus", + "description": "Get namespaced config from the closest package.json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-conf@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pkg-conf.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pkg-conf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/pkg-conf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-conf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pkg-conf" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg-up.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/read-pkg-up" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/read-pkg" + } + ] + }, + { + "type": "library", + "name": "require-main-filename", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|require-main-filename@1.0.1", + "author": "Ben Coe", + "description": "shim for require.main.filename() that works in as many environments as possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/require-main-filename@1.0.1?vcs_url=git%2Bssh%3A//git%40github.com/yargs/require-main-filename.git", + "externalReferences": [ + { + "url": "https://github.com/yargs/require-main-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/yargs/require-main-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/require-main-filename#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/require-main-filename" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.1.0", + "bom-ref": "bundle-dependencies@1.0.2|semver@5.1.0", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "author": "Kyle E. Mitchell", + "description": "correct invalid SPDX identifiers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-correct.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-correct" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "1.0.4", + "bom-ref": "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@1.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-exceptions" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "expression": "(MIT AND CC-BY-3.0)" + } + ], + "purl": "pkg:npm/spdx-expression-parse@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-expression-parse" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "1.2.0", + "bom-ref": "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@1.2.0?vcs_url=git%2Bhttps%3A//github.com/shinnn/spdx-license-ids.git", + "externalReferences": [ + { + "url": "https://github.com/shinnn/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/shinnn/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shinnn/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-license-ids" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|string-width@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|strip-bom@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/strip-bom.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "symbol", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|symbol@0.2.1", + "author": "Sean McArthur", + "description": "ES6 Symbols in your ES5.", + "licenses": [ + { + "license": { + "name": "MPLv2.0" + } + } + ], + "purl": "pkg:npm/symbol@0.2.1?vcs_url=git%3A//github.com/seanmonstar/symbol.git", + "externalReferences": [ + { + "url": "https://github.com/seanmonstar/symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git://github.com/seanmonstar/symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/seanmonstar/symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/symbol" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.1", + "bom-ref": "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.1?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/validate-npm-package-license" + } + ] + }, + { + "type": "library", + "name": "window-size", + "version": "0.2.0", + "bom-ref": "bundle-dependencies@1.0.2|window-size@0.2.0", + "author": "Jon Schlinkert", + "description": "Reliable way to to get the height and width of the terminal/console in a node.js environment.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/window-size@0.2.0?vcs_url=git%2Bhttps%3A//github.com/jonschlinkert/window-size.git", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/window-size/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/jonschlinkert/window-size.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/window-size", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/window-size" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|wrap-ansi@1.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@1.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "3.2.0", + "bom-ref": "bundle-dependencies@1.0.2|y18n@3.2.0", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@3.2.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/y18n.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/bcoe/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|yargs-parser@2.1.0", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@2.1.0?vcs_url=git%2Bssh%3A//git%40github.com/yargs/yargs-parser.git", + "externalReferences": [ + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "4.1.0", + "bom-ref": "bundle-dependencies@1.0.2|yargs@4.1.0", + "description": "Light-weight option parsing with an argv hash. No optstrings attached.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@4.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/yargs.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/yargs" + } + ] + } + ] + } + ], + "dependencies": [ + { + "ref": "bundle-dependencies@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|yargs@4.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|ansi-regex@2.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|builtin-modules@1.1.1" + }, + { + "ref": "bundle-dependencies@1.0.2|camelcase@2.1.0" + }, + { + "ref": "bundle-dependencies@1.0.2|cliui@3.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|string-width@1.0.1", + "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "bundle-dependencies@1.0.2|wrap-ansi@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|decamelize@1.1.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|error-ex@1.3.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|is-arrayish@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "bundle-dependencies@1.0.2|find-up@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|path-exists@2.1.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|graceful-fs@4.1.3" + }, + { + "ref": "bundle-dependencies@1.0.2|hosted-git-info@2.1.4" + }, + { + "ref": "bundle-dependencies@1.0.2|invert-kv@1.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|is-arrayish@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|builtin-modules@1.1.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|is-utf8@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|lcid@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|invert-kv@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "bundle-dependencies@1.0.2|parse-json@2.2.0", + "bundle-dependencies@1.0.2|pify@2.3.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "bundle-dependencies@1.0.2|strip-bom@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.assign@4.0.3", + "dependsOn": [ + "bundle-dependencies@1.0.2|lodash.keys@4.0.3", + "bundle-dependencies@1.0.2|lodash.rest@4.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.keys@4.0.3" + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.rest@4.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "dependsOn": [ + "bundle-dependencies@1.0.2|hosted-git-info@2.1.4", + "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "bundle-dependencies@1.0.2|semver@5.1.0", + "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|object-assign@4.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|os-locale@1.4.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|lcid@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|parse-json@2.2.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|error-ex@1.3.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|path-exists@2.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|path-type@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "bundle-dependencies@1.0.2|pify@2.3.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|pify@2.3.0" + }, + { + "ref": "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|pinkie@2.0.4" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|pinkie@2.0.4" + }, + { + "ref": "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|find-up@1.1.0", + "bundle-dependencies@1.0.2|object-assign@4.0.1", + "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "bundle-dependencies@1.0.2|symbol@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|find-up@1.1.0", + "bundle-dependencies@1.0.2|read-pkg@1.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "bundle-dependencies@1.0.2|path-type@1.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|require-main-filename@1.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|semver@5.1.0" + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4" + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4", + "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|string-width@1.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "bundle-dependencies@1.0.2|strip-ansi@3.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|ansi-regex@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|strip-bom@2.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|is-utf8@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|symbol@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|window-size@0.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|wrap-ansi@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|string-width@1.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|y18n@3.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|yargs-parser@2.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|camelcase@2.1.0", + "bundle-dependencies@1.0.2|lodash.assign@4.0.3" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|yargs@4.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|camelcase@2.1.0", + "bundle-dependencies@1.0.2|cliui@3.1.0", + "bundle-dependencies@1.0.2|decamelize@1.1.2", + "bundle-dependencies@1.0.2|os-locale@1.4.0", + "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "bundle-dependencies@1.0.2|require-main-filename@1.0.1", + "bundle-dependencies@1.0.2|string-width@1.0.1", + "bundle-dependencies@1.0.2|window-size@0.2.0", + "bundle-dependencies@1.0.2|y18n@3.2.0", + "bundle-dependencies@1.0.2|yargs-parser@2.1.0" + ] + }, + { + "ref": "demo-bundled-deps@0.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2" + ] + } + ] +} \ No newline at end of file diff --git a/tests/fixtures/bom.1.5.xml b/tests/fixtures/bom.1.5.xml new file mode 100644 index 000000000..ba28ad974 --- /dev/null +++ b/tests/fixtures/bom.1.5.xml @@ -0,0 +1,1742 @@ + + + + + + @cyclonedx + cyclonedx-library + 4.0.0 + + + https://github.com/CycloneDX/cyclonedx-javascript-library/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/CycloneDX/cyclonedx-javascript-library.git + as detected from PackageJson property "repository.url" + + + https://github.com/CycloneDX/cyclonedx-javascript-library#readme + as detected from PackageJson property "homepage" + + + + + @cyclonedx + cyclonedx-npm + 1.12.1 + + + https://github.com/CycloneDX/cyclonedx-node-npm/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/CycloneDX/cyclonedx-node-npm.git + as detected from PackageJson property "repository.url" + + + https://github.com/CycloneDX/cyclonedx-node-npm#readme + as detected from PackageJson property "homepage" + + + + + + demo-bundled-deps + 0.0.0 + demo: demo-bundled-deps -- showcase how bundled deps look like + + + Apache-2.0 + + + pkg:npm/demo-bundled-deps@0.0.0 + + + true + + + + + + Gajus Kuizinas + bundle-dependencies + 1.0.2 + Generates bundledDependencies package.json value using values of the dependencies property. + + 7ccf50f6125c5f56589f28ef7874e9b4566aa4b2833b681dc5186e07c30d498110bc2ea42260c31f6d37f09fed1df72e5742511948fc9fc6b10d8d009c59177c + + + + BSD-3-Clause + + + pkg:npm/bundle-dependencies@1.0.2 + + + https://registry.npmjs.org/bundle-dependencies/-/bundle-dependencies-1.0.2.tgz + as detected from npm-ls property "resolved" + + + https://github.com/gajus/bundle-dependencies/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/gajus/bundle-dependencies.git + as detected from PackageJson property "repository.url" + + + https://github.com/gajus/bundle-dependencies#readme + as detected from PackageJson property "homepage" + + + + node_modules/bundle-dependencies + + + + Sindre Sorhus + ansi-regex + 2.0.0 + Regular expression for matching ANSI escape codes + + + MIT + + + pkg:npm/ansi-regex@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ansi-regex.git + + + https://github.com/sindresorhus/ansi-regex/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/ansi-regex.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/ansi-regex + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/ansi-regex + + + + Sindre Sorhus + builtin-modules + 1.1.1 + List of the Node.js builtin modules + + + MIT + + + pkg:npm/builtin-modules@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/builtin-modules.git + + + https://github.com/sindresorhus/builtin-modules/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/builtin-modules.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/builtin-modules#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/builtin-modules + + + + Sindre Sorhus + camelcase + 2.1.0 + Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar + + + MIT + + + pkg:npm/camelcase@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/camelcase.git + + + https://github.com/sindresorhus/camelcase/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/camelcase.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/camelcase#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/camelcase + + + + Ben Coe + cliui + 3.1.0 + easily create complex multi-column command-line-interfaces + + + ISC + + + pkg:npm/cliui@3.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/cliui.git + + + https://github.com/bcoe/cliui/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/cliui.git + as detected from PackageJson property "repository.url" + + + https://github.com/bcoe/cliui + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/cliui + + + + Sindre Sorhus + code-point-at + 1.0.0 + ES2015 String#codePointAt() ponyfill + + + MIT + + + pkg:npm/code-point-at@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/code-point-at.git + + + https://github.com/sindresorhus/code-point-at/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/code-point-at.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/code-point-at + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/code-point-at + + + + Sindre Sorhus + decamelize + 1.1.2 + Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow + + + MIT + + + pkg:npm/decamelize@1.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/decamelize.git + + + https://github.com/sindresorhus/decamelize/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/decamelize.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/decamelize + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/decamelize + + + + error-ex + 1.3.0 + Easy error subclassing and stack customization + + + MIT + + + pkg:npm/error-ex@1.3.0?vcs_url=git%2Bhttps%3A//github.com/qix-/node-error-ex.git + + + https://github.com/qix-/node-error-ex/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/qix-/node-error-ex.git + as detected from PackageJson property "repository.url" + + + https://github.com/qix-/node-error-ex#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/error-ex + + + + Sindre Sorhus + escape-string-regexp + 1.0.5 + Escape RegExp special characters + + + MIT + + + pkg:npm/escape-string-regexp@1.0.5?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/escape-string-regexp.git + + + https://github.com/sindresorhus/escape-string-regexp/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/escape-string-regexp.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/escape-string-regexp + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/escape-string-regexp + + + + Sindre Sorhus + find-up + 1.1.0 + Find a file by walking up parent directories + + + MIT + + + pkg:npm/find-up@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/find-up.git + + + https://github.com/sindresorhus/find-up/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/find-up.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/find-up + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/find-up + + + + graceful-fs + 4.1.3 + A drop-in replacement for fs, making various improvements. + + + ISC + + + pkg:npm/graceful-fs@4.1.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git + + + https://github.com/isaacs/node-graceful-fs/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/isaacs/node-graceful-fs.git + as detected from PackageJson property "repository.url" + + + https://github.com/isaacs/node-graceful-fs#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/graceful-fs + + + + Rebecca Turner + hosted-git-info + 2.1.4 + Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab + + + ISC + + + pkg:npm/hosted-git-info@2.1.4?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git + + + https://github.com/npm/hosted-git-info/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/npm/hosted-git-info.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/hosted-git-info + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/hosted-git-info + + + + Sindre Sorhus + invert-kv + 1.0.0 + Invert the key/value of an object. Example: {foo: 'bar'} → {bar: 'foo'} + + + MIT + + + pkg:npm/invert-kv@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/invert-kv.git + + + https://github.com/sindresorhus/invert-kv/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/invert-kv.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/invert-kv + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/invert-kv + + + + Qix + is-arrayish + 0.2.1 + Determines if an object can be used as an array + + + MIT + + + pkg:npm/is-arrayish@0.2.1?vcs_url=git%2Bhttps%3A//github.com/qix-/node-is-arrayish.git + + + https://github.com/qix-/node-is-arrayish/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/qix-/node-is-arrayish.git + as detected from PackageJson property "repository.url" + + + https://github.com/qix-/node-is-arrayish#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-arrayish + + + + Sindre Sorhus + is-builtin-module + 1.0.0 + Check if a string matches the name of a Node.js builtin module + + + MIT + + + pkg:npm/is-builtin-module@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-builtin-module.git + + + https://github.com/sindresorhus/is-builtin-module/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/is-builtin-module.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/is-builtin-module + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-builtin-module + + + + Sindre Sorhus + is-fullwidth-code-point + 1.0.0 + Check if the character represented by a given Unicode code point is fullwidth + + + MIT + + + pkg:npm/is-fullwidth-code-point@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git + + + https://github.com/sindresorhus/is-fullwidth-code-point/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/is-fullwidth-code-point.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/is-fullwidth-code-point + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-fullwidth-code-point + + + + wayfind + is-utf8 + 0.2.1 + Detect if a buffer is utf8 encoded. + + + MIT + + + pkg:npm/is-utf8@0.2.1?vcs_url=git%2Bhttps%3A//github.com/wayfind/is-utf8.git + + + https://github.com/wayfind/is-utf8/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/wayfind/is-utf8.git + as detected from PackageJson property "repository.url" + + + https://github.com/wayfind/is-utf8#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-utf8 + + + + Sindre Sorhus + lcid + 1.0.0 + Mapping between standard locale identifiers and Windows locale identifiers (LCID) + + + MIT + + + pkg:npm/lcid@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/lcid.git + + + https://github.com/sindresorhus/lcid/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/lcid.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/lcid + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lcid + + + + Sindre Sorhus + load-json-file + 1.1.0 + Read and parse a JSON file + + + MIT + + + pkg:npm/load-json-file@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/load-json-file.git + + + https://github.com/sindresorhus/load-json-file/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/load-json-file.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/load-json-file + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/load-json-file + + + + John-David Dalton + lodash.assign + 4.0.3 + The lodash method `_.assign` exported as a module. + + + MIT + + + pkg:npm/lodash.assign@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.assign + + + + John-David Dalton + lodash.keys + 4.0.3 + The lodash method `_.keys` exported as a module. + + + MIT + + + pkg:npm/lodash.keys@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.keys + + + + John-David Dalton + lodash.rest + 4.0.1 + The lodash method `_.rest` exported as a module. + + + MIT + + + pkg:npm/lodash.rest@4.0.1?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.rest + + + + Meryn Stol + normalize-package-data + 2.3.5 + Normalizes data that can be found in package.json files. + + + BSD-2-Clause + + + pkg:npm/normalize-package-data@2.3.5?vcs_url=git%3A//github.com/npm/normalize-package-data.git + + + https://github.com/npm/normalize-package-data/issues + as detected from PackageJson property "bugs.url" + + + git://github.com/npm/normalize-package-data.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/normalize-package-data#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/normalize-package-data + + + + Sindre Sorhus + number-is-nan + 1.0.0 + ES6 Number.isNaN() ponyfill + + + MIT + + + pkg:npm/number-is-nan@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/number-is-nan.git + + + https://github.com/sindresorhus/number-is-nan/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/number-is-nan.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/number-is-nan#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/number-is-nan + + + + Sindre Sorhus + object-assign + 4.0.1 + ES6 Object.assign() ponyfill + + + MIT + + + pkg:npm/object-assign@4.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/object-assign.git + + + https://github.com/sindresorhus/object-assign/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/object-assign.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/object-assign#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/object-assign + + + + Sindre Sorhus + os-locale + 1.4.0 + Get the system locale + + + MIT + + + pkg:npm/os-locale@1.4.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/os-locale.git + + + https://github.com/sindresorhus/os-locale/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/os-locale.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/os-locale + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/os-locale + + + + Sindre Sorhus + parse-json + 2.2.0 + Parse JSON with more helpful errors + + + MIT + + + pkg:npm/parse-json@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/parse-json.git + + + https://github.com/sindresorhus/parse-json/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/parse-json.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/parse-json + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/parse-json + + + + Sindre Sorhus + path-exists + 2.1.0 + Check if a path exists + + + MIT + + + pkg:npm/path-exists@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-exists.git + + + https://github.com/sindresorhus/path-exists/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/path-exists.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/path-exists + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/path-exists + + + + Sindre Sorhus + path-type + 1.1.0 + Check if a path is a file, directory, or symlink + + + MIT + + + pkg:npm/path-type@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-type.git + + + https://github.com/sindresorhus/path-type/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/path-type.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/path-type + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/path-type + + + + Sindre Sorhus + pify + 2.3.0 + Promisify a callback-style function + + + MIT + + + pkg:npm/pify@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pify.git + + + https://github.com/sindresorhus/pify/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/pify.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/pify + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pify + + + + Vsevolod Strukchinsky + pinkie-promise + 2.0.0 + ES2015 Promise ponyfill + + + MIT + + + pkg:npm/pinkie-promise@2.0.0?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie-promise.git + + + https://github.com/floatdrop/pinkie-promise/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/floatdrop/pinkie-promise.git + as detected from PackageJson property "repository.url" + + + https://github.com/floatdrop/pinkie-promise + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pinkie-promise + + + + Vsevolod Strukchinsky + pinkie + 2.0.4 + Itty bitty little widdle twinkie pinkie ES2015 Promise implementation + + + MIT + + + pkg:npm/pinkie@2.0.4?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie.git + + + https://github.com/floatdrop/pinkie/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/floatdrop/pinkie.git + as detected from PackageJson property "repository.url" + + + https://github.com/floatdrop/pinkie + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pinkie + + + + Sindre Sorhus + pkg-conf + 1.1.1 + Get namespaced config from the closest package.json + + + MIT + + + pkg:npm/pkg-conf@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pkg-conf.git + + + https://github.com/sindresorhus/pkg-conf/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/pkg-conf.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/pkg-conf#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pkg-conf + + + + Sindre Sorhus + read-pkg-up + 1.0.1 + Read the closest package.json file + + + MIT + + + pkg:npm/read-pkg-up@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg-up.git + + + https://github.com/sindresorhus/read-pkg-up/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/read-pkg-up.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/read-pkg-up + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/read-pkg-up + + + + Sindre Sorhus + read-pkg + 1.1.0 + Read a package.json file + + + MIT + + + pkg:npm/read-pkg@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg.git + + + https://github.com/sindresorhus/read-pkg/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/read-pkg.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/read-pkg + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/read-pkg + + + + Ben Coe + require-main-filename + 1.0.1 + shim for require.main.filename() that works in as many environments as possible + + + ISC + + + pkg:npm/require-main-filename@1.0.1?vcs_url=git%2Bssh%3A//git%40github.com/yargs/require-main-filename.git + + + https://github.com/yargs/require-main-filename/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/yargs/require-main-filename.git + as detected from PackageJson property "repository.url" + + + https://github.com/yargs/require-main-filename#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/require-main-filename + + + + semver + 5.1.0 + The semantic version parser used by npm. + + + ISC + + + pkg:npm/semver@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git + + + https://github.com/npm/node-semver/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/npm/node-semver.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/node-semver#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/semver + + + + Kyle E. Mitchell + spdx-correct + 1.0.2 + correct invalid SPDX identifiers + + + Apache-2.0 + + + pkg:npm/spdx-correct@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-correct.js.git + + + https://github.com/kemitchell/spdx-correct.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-correct.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-correct.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-correct + + + + The Linux Foundation + spdx-exceptions + 1.0.4 + list of SPDX standard license exceptions + + + CC-BY-3.0 + + + pkg:npm/spdx-exceptions@1.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git + + + https://github.com/kemitchell/spdx-exceptions.json/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-exceptions.json.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-exceptions.json#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-exceptions + + + + Kyle E. Mitchell + spdx-expression-parse + 1.0.2 + parse SPDX license expressions + + (MIT AND CC-BY-3.0) + + pkg:npm/spdx-expression-parse@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-expression-parse.js.git + + + https://github.com/kemitchell/spdx-expression-parse.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-expression-parse.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-expression-parse.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-expression-parse + + + + Shinnosuke Watanabe + spdx-license-ids + 1.2.0 + A list of SPDX license identifiers + + + Unlicense + + + pkg:npm/spdx-license-ids@1.2.0?vcs_url=git%2Bhttps%3A//github.com/shinnn/spdx-license-ids.git + + + https://github.com/shinnn/spdx-license-ids/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/shinnn/spdx-license-ids.git + as detected from PackageJson property "repository.url" + + + https://github.com/shinnn/spdx-license-ids#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-license-ids + + + + Sindre Sorhus + string-width + 1.0.1 + Get the visual width of a string - the number of columns required to display it + + + MIT + + + pkg:npm/string-width@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git + + + https://github.com/sindresorhus/string-width/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/string-width.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/string-width + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/string-width + + + + Sindre Sorhus + strip-ansi + 3.0.1 + Strip ANSI escape codes + + + MIT + + + pkg:npm/strip-ansi@3.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git + + + https://github.com/chalk/strip-ansi/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/chalk/strip-ansi.git + as detected from PackageJson property "repository.url" + + + https://github.com/chalk/strip-ansi + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/strip-ansi + + + + Sindre Sorhus + strip-bom + 2.0.0 + Strip UTF-8 byte order mark (BOM) from a string/buffer + + + MIT + + + pkg:npm/strip-bom@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/strip-bom.git + + + https://github.com/sindresorhus/strip-bom/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/strip-bom.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/strip-bom + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/strip-bom + + + + Sean McArthur + symbol + 0.2.1 + ES6 Symbols in your ES5. + + + MPLv2.0 + + + pkg:npm/symbol@0.2.1?vcs_url=git%3A//github.com/seanmonstar/symbol.git + + + https://github.com/seanmonstar/symbol/issues + as detected from PackageJson property "bugs.url" + + + git://github.com/seanmonstar/symbol.git + as detected from PackageJson property "repository.url" + + + https://github.com/seanmonstar/symbol#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/symbol + + + + Kyle E. Mitchell + validate-npm-package-license + 3.0.1 + Give me a string and I'll tell you if it's a valid npm package license string + + + Apache-2.0 + + + pkg:npm/validate-npm-package-license@3.0.1?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git + + + https://github.com/kemitchell/validate-npm-package-license.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/validate-npm-package-license.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/validate-npm-package-license.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/validate-npm-package-license + + + + Jon Schlinkert + window-size + 0.2.0 + Reliable way to to get the height and width of the terminal/console in a node.js environment. + + + MIT + + + pkg:npm/window-size@0.2.0?vcs_url=git%2Bhttps%3A//github.com/jonschlinkert/window-size.git + + + https://github.com/jonschlinkert/window-size/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/jonschlinkert/window-size.git + as detected from PackageJson property "repository.url" + + + https://github.com/jonschlinkert/window-size + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/window-size + + + + Sindre Sorhus + wrap-ansi + 1.0.0 + Wordwrap a string with ANSI escape codes + + + MIT + + + pkg:npm/wrap-ansi@1.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git + + + https://github.com/chalk/wrap-ansi/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/chalk/wrap-ansi.git + as detected from PackageJson property "repository.url" + + + https://github.com/chalk/wrap-ansi#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/wrap-ansi + + + + Ben Coe + y18n + 3.2.0 + the bare-bones internationalization library used by yargs + + + ISC + + + pkg:npm/y18n@3.2.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/y18n.git + + + https://github.com/bcoe/y18n/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/y18n.git + as detected from PackageJson property "repository.url" + + + https://github.com/bcoe/y18n + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/y18n + + + + Ben Coe + yargs-parser + 2.1.0 + the mighty option parser used by yargs + + + ISC + + + pkg:npm/yargs-parser@2.1.0?vcs_url=git%2Bssh%3A//git%40github.com/yargs/yargs-parser.git + + + https://github.com/yargs/yargs-parser/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/yargs/yargs-parser.git + as detected from PackageJson property "repository.url" + + + https://github.com/yargs/yargs-parser#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/yargs-parser + + + + yargs + 4.1.0 + Light-weight option parsing with an argv hash. No optstrings attached. + + + MIT + + + pkg:npm/yargs@4.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/yargs.git + + + https://github.com/bcoe/yargs/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/yargs.git + as detected from PackageJson property "repository.url" + + + http://yargs.js.org/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/yargs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/tests/fixtures/bom.json b/tests/fixtures/bom.json new file mode 100644 index 000000000..f92a4ec03 --- /dev/null +++ b/tests/fixtures/bom.json @@ -0,0 +1,2559 @@ +{ + "$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.4", + "version": 1, + "metadata": { + "tools": [ + { + "vendor": "@cyclonedx", + "name": "cyclonedx-library", + "version": "4.0.0", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + }, + { + "vendor": "@cyclonedx", + "name": "cyclonedx-npm", + "version": "1.12.1", + "externalReferences": [ + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ] + } + ], + "component": { + "type": "application", + "name": "demo-bundled-deps", + "version": "0.0.0", + "bom-ref": "demo-bundled-deps@0.0.0", + "description": "demo: demo-bundled-deps -- showcase how bundled deps look like", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/demo-bundled-deps@0.0.0", + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "" + }, + { + "name": "cdx:npm:package:private", + "value": "true" + } + ] + } + }, + "components": [ + { + "type": "library", + "name": "bundle-dependencies", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2", + "author": "Gajus Kuizinas", + "description": "Generates bundledDependencies package.json value using values of the dependencies property.", + "hashes": [ + { + "alg": "SHA-512", + "content": "7ccf50f6125c5f56589f28ef7874e9b4566aa4b2833b681dc5186e07c30d498110bc2ea42260c31f6d37f09fed1df72e5742511948fc9fc6b10d8d009c59177c" + } + ], + "licenses": [ + { + "license": { + "id": "BSD-3-Clause" + } + } + ], + "purl": "pkg:npm/bundle-dependencies@1.0.2", + "externalReferences": [ + { + "url": "https://registry.npmjs.org/bundle-dependencies/-/bundle-dependencies-1.0.2.tgz", + "type": "distribution", + "comment": "as detected from npm-ls property \"resolved\"" + }, + { + "url": "https://github.com/gajus/bundle-dependencies/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/gajus/bundle-dependencies.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/gajus/bundle-dependencies#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies" + } + ], + "components": [ + { + "type": "library", + "name": "ansi-regex", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|ansi-regex@2.0.0", + "author": "Sindre Sorhus", + "description": "Regular expression for matching ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/ansi-regex@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ansi-regex.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/ansi-regex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/ansi-regex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/ansi-regex", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/ansi-regex" + } + ] + }, + { + "type": "library", + "name": "builtin-modules", + "version": "1.1.1", + "bom-ref": "bundle-dependencies@1.0.2|builtin-modules@1.1.1", + "author": "Sindre Sorhus", + "description": "List of the Node.js builtin modules", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/builtin-modules@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/builtin-modules.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/builtin-modules/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/builtin-modules.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/builtin-modules#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/builtin-modules" + } + ] + }, + { + "type": "library", + "name": "camelcase", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|camelcase@2.1.0", + "author": "Sindre Sorhus", + "description": "Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/camelcase@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/camelcase.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/camelcase/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/camelcase.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/camelcase#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/camelcase" + } + ] + }, + { + "type": "library", + "name": "cliui", + "version": "3.1.0", + "bom-ref": "bundle-dependencies@1.0.2|cliui@3.1.0", + "author": "Ben Coe", + "description": "easily create complex multi-column command-line-interfaces", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/cliui@3.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/cliui.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/cliui/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/cliui.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/bcoe/cliui", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/cliui" + } + ] + }, + { + "type": "library", + "name": "code-point-at", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "author": "Sindre Sorhus", + "description": "ES2015 String#codePointAt() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/code-point-at@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/code-point-at.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/code-point-at/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/code-point-at.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/code-point-at", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/code-point-at" + } + ] + }, + { + "type": "library", + "name": "decamelize", + "version": "1.1.2", + "bom-ref": "bundle-dependencies@1.0.2|decamelize@1.1.2", + "author": "Sindre Sorhus", + "description": "Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/decamelize@1.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/decamelize.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/decamelize/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/decamelize.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/decamelize", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/decamelize" + } + ] + }, + { + "type": "library", + "name": "error-ex", + "version": "1.3.0", + "bom-ref": "bundle-dependencies@1.0.2|error-ex@1.3.0", + "description": "Easy error subclassing and stack customization", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/error-ex@1.3.0?vcs_url=git%2Bhttps%3A//github.com/qix-/node-error-ex.git", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-error-ex/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/qix-/node-error-ex.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-error-ex#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/error-ex" + } + ] + }, + { + "type": "library", + "name": "escape-string-regexp", + "version": "1.0.5", + "bom-ref": "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5", + "author": "Sindre Sorhus", + "description": "Escape RegExp special characters", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/escape-string-regexp@1.0.5?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/escape-string-regexp.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/escape-string-regexp/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/escape-string-regexp.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/escape-string-regexp", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/escape-string-regexp" + } + ] + }, + { + "type": "library", + "name": "find-up", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|find-up@1.1.0", + "author": "Sindre Sorhus", + "description": "Find a file by walking up parent directories", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/find-up@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/find-up.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/find-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/find-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/find-up", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/find-up" + } + ] + }, + { + "type": "library", + "name": "graceful-fs", + "version": "4.1.3", + "bom-ref": "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "description": "A drop-in replacement for fs, making various improvements.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/graceful-fs@4.1.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git", + "externalReferences": [ + { + "url": "https://github.com/isaacs/node-graceful-fs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/isaacs/node-graceful-fs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/isaacs/node-graceful-fs#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/graceful-fs" + } + ] + }, + { + "type": "library", + "name": "hosted-git-info", + "version": "2.1.4", + "bom-ref": "bundle-dependencies@1.0.2|hosted-git-info@2.1.4", + "author": "Rebecca Turner", + "description": "Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/hosted-git-info@2.1.4?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git", + "externalReferences": [ + { + "url": "https://github.com/npm/hosted-git-info/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/npm/hosted-git-info.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/hosted-git-info", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/hosted-git-info" + } + ] + }, + { + "type": "library", + "name": "invert-kv", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|invert-kv@1.0.0", + "author": "Sindre Sorhus", + "description": "Invert the key/value of an object. Example: {foo: 'bar'} → {bar: 'foo'}", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/invert-kv@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/invert-kv.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/invert-kv/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/invert-kv.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/invert-kv", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/invert-kv" + } + ] + }, + { + "type": "library", + "name": "is-arrayish", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|is-arrayish@0.2.1", + "author": "Qix", + "description": "Determines if an object can be used as an array", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-arrayish@0.2.1?vcs_url=git%2Bhttps%3A//github.com/qix-/node-is-arrayish.git", + "externalReferences": [ + { + "url": "https://github.com/qix-/node-is-arrayish/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/qix-/node-is-arrayish.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/qix-/node-is-arrayish#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-arrayish" + } + ] + }, + { + "type": "library", + "name": "is-builtin-module", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if a string matches the name of a Node.js builtin module", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-builtin-module@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-builtin-module.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-builtin-module/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/is-builtin-module.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-builtin-module", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-builtin-module" + } + ] + }, + { + "type": "library", + "name": "is-fullwidth-code-point", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "author": "Sindre Sorhus", + "description": "Check if the character represented by a given Unicode code point is fullwidth", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-fullwidth-code-point@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/is-fullwidth-code-point.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/is-fullwidth-code-point", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-fullwidth-code-point" + } + ] + }, + { + "type": "library", + "name": "is-utf8", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|is-utf8@0.2.1", + "author": "wayfind", + "description": "Detect if a buffer is utf8 encoded.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/is-utf8@0.2.1?vcs_url=git%2Bhttps%3A//github.com/wayfind/is-utf8.git", + "externalReferences": [ + { + "url": "https://github.com/wayfind/is-utf8/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/wayfind/is-utf8.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/wayfind/is-utf8#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/is-utf8" + } + ] + }, + { + "type": "library", + "name": "lcid", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|lcid@1.0.0", + "author": "Sindre Sorhus", + "description": "Mapping between standard locale identifiers and Windows locale identifiers (LCID)", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lcid@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/lcid.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/lcid/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/lcid.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/lcid", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lcid" + } + ] + }, + { + "type": "library", + "name": "load-json-file", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "author": "Sindre Sorhus", + "description": "Read and parse a JSON file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/load-json-file@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/load-json-file.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/load-json-file/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/load-json-file.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/load-json-file", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/load-json-file" + } + ] + }, + { + "type": "library", + "name": "lodash.assign", + "version": "4.0.3", + "bom-ref": "bundle-dependencies@1.0.2|lodash.assign@4.0.3", + "author": "John-David Dalton", + "description": "The lodash method `_.assign` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.assign@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.assign" + } + ] + }, + { + "type": "library", + "name": "lodash.keys", + "version": "4.0.3", + "bom-ref": "bundle-dependencies@1.0.2|lodash.keys@4.0.3", + "author": "John-David Dalton", + "description": "The lodash method `_.keys` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.keys@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.keys" + } + ] + }, + { + "type": "library", + "name": "lodash.rest", + "version": "4.0.1", + "bom-ref": "bundle-dependencies@1.0.2|lodash.rest@4.0.1", + "author": "John-David Dalton", + "description": "The lodash method `_.rest` exported as a module.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/lodash.rest@4.0.1?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git", + "externalReferences": [ + { + "url": "https://github.com/lodash/lodash/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/lodash/lodash.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://lodash.com/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/lodash.rest" + } + ] + }, + { + "type": "library", + "name": "normalize-package-data", + "version": "2.3.5", + "bom-ref": "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "author": "Meryn Stol", + "description": "Normalizes data that can be found in package.json files.", + "licenses": [ + { + "license": { + "id": "BSD-2-Clause" + } + } + ], + "purl": "pkg:npm/normalize-package-data@2.3.5?vcs_url=git%3A//github.com/npm/normalize-package-data.git", + "externalReferences": [ + { + "url": "https://github.com/npm/normalize-package-data/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git://github.com/npm/normalize-package-data.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/normalize-package-data#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/normalize-package-data" + } + ] + }, + { + "type": "library", + "name": "number-is-nan", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|number-is-nan@1.0.0", + "author": "Sindre Sorhus", + "description": "ES6 Number.isNaN() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/number-is-nan@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/number-is-nan.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/number-is-nan/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/number-is-nan.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/number-is-nan#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/number-is-nan" + } + ] + }, + { + "type": "library", + "name": "object-assign", + "version": "4.0.1", + "bom-ref": "bundle-dependencies@1.0.2|object-assign@4.0.1", + "author": "Sindre Sorhus", + "description": "ES6 Object.assign() ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/object-assign@4.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/object-assign.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/object-assign/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/object-assign.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/object-assign#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/object-assign" + } + ] + }, + { + "type": "library", + "name": "os-locale", + "version": "1.4.0", + "bom-ref": "bundle-dependencies@1.0.2|os-locale@1.4.0", + "author": "Sindre Sorhus", + "description": "Get the system locale", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/os-locale@1.4.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/os-locale.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/os-locale/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/os-locale.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/os-locale", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/os-locale" + } + ] + }, + { + "type": "library", + "name": "parse-json", + "version": "2.2.0", + "bom-ref": "bundle-dependencies@1.0.2|parse-json@2.2.0", + "author": "Sindre Sorhus", + "description": "Parse JSON with more helpful errors", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/parse-json@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/parse-json.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/parse-json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/parse-json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/parse-json", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/parse-json" + } + ] + }, + { + "type": "library", + "name": "path-exists", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|path-exists@2.1.0", + "author": "Sindre Sorhus", + "description": "Check if a path exists", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-exists@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-exists.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-exists/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/path-exists.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-exists", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/path-exists" + } + ] + }, + { + "type": "library", + "name": "path-type", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|path-type@1.1.0", + "author": "Sindre Sorhus", + "description": "Check if a path is a file, directory, or symlink", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/path-type@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-type.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/path-type/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/path-type.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/path-type", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/path-type" + } + ] + }, + { + "type": "library", + "name": "pify", + "version": "2.3.0", + "bom-ref": "bundle-dependencies@1.0.2|pify@2.3.0", + "author": "Sindre Sorhus", + "description": "Promisify a callback-style function", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pify@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pify.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pify/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/pify.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pify", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pify" + } + ] + }, + { + "type": "library", + "name": "pinkie-promise", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "author": "Vsevolod Strukchinsky", + "description": "ES2015 Promise ponyfill", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie-promise@2.0.0?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie-promise.git", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie-promise/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/floatdrop/pinkie-promise.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/pinkie-promise", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pinkie-promise" + } + ] + }, + { + "type": "library", + "name": "pinkie", + "version": "2.0.4", + "bom-ref": "bundle-dependencies@1.0.2|pinkie@2.0.4", + "author": "Vsevolod Strukchinsky", + "description": "Itty bitty little widdle twinkie pinkie ES2015 Promise implementation", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pinkie@2.0.4?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie.git", + "externalReferences": [ + { + "url": "https://github.com/floatdrop/pinkie/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/floatdrop/pinkie.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/floatdrop/pinkie", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pinkie" + } + ] + }, + { + "type": "library", + "name": "pkg-conf", + "version": "1.1.1", + "bom-ref": "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "author": "Sindre Sorhus", + "description": "Get namespaced config from the closest package.json", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/pkg-conf@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pkg-conf.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/pkg-conf/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/pkg-conf.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/pkg-conf#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/pkg-conf" + } + ] + }, + { + "type": "library", + "name": "read-pkg-up", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "author": "Sindre Sorhus", + "description": "Read the closest package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg-up@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg-up.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/read-pkg-up/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/read-pkg-up.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg-up", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/read-pkg-up" + } + ] + }, + { + "type": "library", + "name": "read-pkg", + "version": "1.1.0", + "bom-ref": "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "author": "Sindre Sorhus", + "description": "Read a package.json file", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/read-pkg@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/read-pkg/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/read-pkg.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/read-pkg", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/read-pkg" + } + ] + }, + { + "type": "library", + "name": "require-main-filename", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|require-main-filename@1.0.1", + "author": "Ben Coe", + "description": "shim for require.main.filename() that works in as many environments as possible", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/require-main-filename@1.0.1?vcs_url=git%2Bssh%3A//git%40github.com/yargs/require-main-filename.git", + "externalReferences": [ + { + "url": "https://github.com/yargs/require-main-filename/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/yargs/require-main-filename.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/require-main-filename#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/require-main-filename" + } + ] + }, + { + "type": "library", + "name": "semver", + "version": "5.1.0", + "bom-ref": "bundle-dependencies@1.0.2|semver@5.1.0", + "description": "The semantic version parser used by npm.", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/semver@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git", + "externalReferences": [ + { + "url": "https://github.com/npm/node-semver/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/npm/node-semver.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/npm/node-semver#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/semver" + } + ] + }, + { + "type": "library", + "name": "spdx-correct", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "author": "Kyle E. Mitchell", + "description": "correct invalid SPDX identifiers", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/spdx-correct@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-correct.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-correct.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-correct.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-correct.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-correct" + } + ] + }, + { + "type": "library", + "name": "spdx-exceptions", + "version": "1.0.4", + "bom-ref": "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4", + "author": "The Linux Foundation", + "description": "list of SPDX standard license exceptions", + "licenses": [ + { + "license": { + "id": "CC-BY-3.0" + } + } + ], + "purl": "pkg:npm/spdx-exceptions@1.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-exceptions.json/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-exceptions.json.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-exceptions.json#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-exceptions" + } + ] + }, + { + "type": "library", + "name": "spdx-expression-parse", + "version": "1.0.2", + "bom-ref": "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2", + "author": "Kyle E. Mitchell", + "description": "parse SPDX license expressions", + "licenses": [ + { + "expression": "(MIT AND CC-BY-3.0)" + } + ], + "purl": "pkg:npm/spdx-expression-parse@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-expression-parse.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/spdx-expression-parse.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/spdx-expression-parse.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/spdx-expression-parse.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-expression-parse" + } + ] + }, + { + "type": "library", + "name": "spdx-license-ids", + "version": "1.2.0", + "bom-ref": "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0", + "author": "Shinnosuke Watanabe", + "description": "A list of SPDX license identifiers", + "licenses": [ + { + "license": { + "id": "Unlicense" + } + } + ], + "purl": "pkg:npm/spdx-license-ids@1.2.0?vcs_url=git%2Bhttps%3A//github.com/shinnn/spdx-license-ids.git", + "externalReferences": [ + { + "url": "https://github.com/shinnn/spdx-license-ids/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/shinnn/spdx-license-ids.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/shinnn/spdx-license-ids#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/spdx-license-ids" + } + ] + }, + { + "type": "library", + "name": "string-width", + "version": "1.0.1", + "bom-ref": "bundle-dependencies@1.0.2|string-width@1.0.1", + "author": "Sindre Sorhus", + "description": "Get the visual width of a string - the number of columns required to display it", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/string-width@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/string-width/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/string-width.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/string-width", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/string-width" + } + ] + }, + { + "type": "library", + "name": "strip-ansi", + "version": "3.0.1", + "bom-ref": "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "author": "Sindre Sorhus", + "description": "Strip ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-ansi@3.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git", + "externalReferences": [ + { + "url": "https://github.com/chalk/strip-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/chalk/strip-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/strip-ansi", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/strip-ansi" + } + ] + }, + { + "type": "library", + "name": "strip-bom", + "version": "2.0.0", + "bom-ref": "bundle-dependencies@1.0.2|strip-bom@2.0.0", + "author": "Sindre Sorhus", + "description": "Strip UTF-8 byte order mark (BOM) from a string/buffer", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/strip-bom@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/strip-bom.git", + "externalReferences": [ + { + "url": "https://github.com/sindresorhus/strip-bom/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/sindresorhus/strip-bom.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/sindresorhus/strip-bom", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/strip-bom" + } + ] + }, + { + "type": "library", + "name": "symbol", + "version": "0.2.1", + "bom-ref": "bundle-dependencies@1.0.2|symbol@0.2.1", + "author": "Sean McArthur", + "description": "ES6 Symbols in your ES5.", + "licenses": [ + { + "license": { + "name": "MPLv2.0" + } + } + ], + "purl": "pkg:npm/symbol@0.2.1?vcs_url=git%3A//github.com/seanmonstar/symbol.git", + "externalReferences": [ + { + "url": "https://github.com/seanmonstar/symbol/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git://github.com/seanmonstar/symbol.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/seanmonstar/symbol#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/symbol" + } + ] + }, + { + "type": "library", + "name": "validate-npm-package-license", + "version": "3.0.1", + "bom-ref": "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1", + "author": "Kyle E. Mitchell", + "description": "Give me a string and I'll tell you if it's a valid npm package license string", + "licenses": [ + { + "license": { + "id": "Apache-2.0" + } + } + ], + "purl": "pkg:npm/validate-npm-package-license@3.0.1?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git", + "externalReferences": [ + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/kemitchell/validate-npm-package-license.js.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/kemitchell/validate-npm-package-license.js#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/validate-npm-package-license" + } + ] + }, + { + "type": "library", + "name": "window-size", + "version": "0.2.0", + "bom-ref": "bundle-dependencies@1.0.2|window-size@0.2.0", + "author": "Jon Schlinkert", + "description": "Reliable way to to get the height and width of the terminal/console in a node.js environment.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/window-size@0.2.0?vcs_url=git%2Bhttps%3A//github.com/jonschlinkert/window-size.git", + "externalReferences": [ + { + "url": "https://github.com/jonschlinkert/window-size/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/jonschlinkert/window-size.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/jonschlinkert/window-size", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/window-size" + } + ] + }, + { + "type": "library", + "name": "wrap-ansi", + "version": "1.0.0", + "bom-ref": "bundle-dependencies@1.0.2|wrap-ansi@1.0.0", + "author": "Sindre Sorhus", + "description": "Wordwrap a string with ANSI escape codes", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/wrap-ansi@1.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git", + "externalReferences": [ + { + "url": "https://github.com/chalk/wrap-ansi/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+https://github.com/chalk/wrap-ansi.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/chalk/wrap-ansi#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/wrap-ansi" + } + ] + }, + { + "type": "library", + "name": "y18n", + "version": "3.2.0", + "bom-ref": "bundle-dependencies@1.0.2|y18n@3.2.0", + "author": "Ben Coe", + "description": "the bare-bones internationalization library used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/y18n@3.2.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/y18n.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/y18n/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/y18n.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/bcoe/y18n", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/y18n" + } + ] + }, + { + "type": "library", + "name": "yargs-parser", + "version": "2.1.0", + "bom-ref": "bundle-dependencies@1.0.2|yargs-parser@2.1.0", + "author": "Ben Coe", + "description": "the mighty option parser used by yargs", + "licenses": [ + { + "license": { + "id": "ISC" + } + } + ], + "purl": "pkg:npm/yargs-parser@2.1.0?vcs_url=git%2Bssh%3A//git%40github.com/yargs/yargs-parser.git", + "externalReferences": [ + { + "url": "https://github.com/yargs/yargs-parser/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/yargs/yargs-parser.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "https://github.com/yargs/yargs-parser#readme", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/yargs-parser" + } + ] + }, + { + "type": "library", + "name": "yargs", + "version": "4.1.0", + "bom-ref": "bundle-dependencies@1.0.2|yargs@4.1.0", + "description": "Light-weight option parsing with an argv hash. No optstrings attached.", + "licenses": [ + { + "license": { + "id": "MIT" + } + } + ], + "purl": "pkg:npm/yargs@4.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/yargs.git", + "externalReferences": [ + { + "url": "https://github.com/bcoe/yargs/issues", + "type": "issue-tracker", + "comment": "as detected from PackageJson property \"bugs.url\"" + }, + { + "url": "git+ssh://git@github.com/bcoe/yargs.git", + "type": "vcs", + "comment": "as detected from PackageJson property \"repository.url\"" + }, + { + "url": "http://yargs.js.org/", + "type": "website", + "comment": "as detected from PackageJson property \"homepage\"" + } + ], + "properties": [ + { + "name": "cdx:npm:package:bundled", + "value": "true" + }, + { + "name": "cdx:npm:package:path", + "value": "node_modules/bundle-dependencies/node_modules/yargs" + } + ] + } + ] + } + ], + "dependencies": [ + { + "ref": "bundle-dependencies@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|yargs@4.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|ansi-regex@2.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|builtin-modules@1.1.1" + }, + { + "ref": "bundle-dependencies@1.0.2|camelcase@2.1.0" + }, + { + "ref": "bundle-dependencies@1.0.2|cliui@3.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|string-width@1.0.1", + "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "bundle-dependencies@1.0.2|wrap-ansi@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|decamelize@1.1.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|error-ex@1.3.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|is-arrayish@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|escape-string-regexp@1.0.5" + }, + { + "ref": "bundle-dependencies@1.0.2|find-up@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|path-exists@2.1.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|graceful-fs@4.1.3" + }, + { + "ref": "bundle-dependencies@1.0.2|hosted-git-info@2.1.4" + }, + { + "ref": "bundle-dependencies@1.0.2|invert-kv@1.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|is-arrayish@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|builtin-modules@1.1.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|is-utf8@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|lcid@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|invert-kv@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "bundle-dependencies@1.0.2|parse-json@2.2.0", + "bundle-dependencies@1.0.2|pify@2.3.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "bundle-dependencies@1.0.2|strip-bom@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.assign@4.0.3", + "dependsOn": [ + "bundle-dependencies@1.0.2|lodash.keys@4.0.3", + "bundle-dependencies@1.0.2|lodash.rest@4.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.keys@4.0.3" + }, + { + "ref": "bundle-dependencies@1.0.2|lodash.rest@4.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "dependsOn": [ + "bundle-dependencies@1.0.2|hosted-git-info@2.1.4", + "bundle-dependencies@1.0.2|is-builtin-module@1.0.0", + "bundle-dependencies@1.0.2|semver@5.1.0", + "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|number-is-nan@1.0.0" + }, + { + "ref": "bundle-dependencies@1.0.2|object-assign@4.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|os-locale@1.4.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|lcid@1.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|parse-json@2.2.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|error-ex@1.3.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|path-exists@2.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|path-type@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|graceful-fs@4.1.3", + "bundle-dependencies@1.0.2|pify@2.3.0", + "bundle-dependencies@1.0.2|pinkie-promise@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|pify@2.3.0" + }, + { + "ref": "bundle-dependencies@1.0.2|pinkie-promise@2.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|pinkie@2.0.4" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|pinkie@2.0.4" + }, + { + "ref": "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|find-up@1.1.0", + "bundle-dependencies@1.0.2|object-assign@4.0.1", + "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "bundle-dependencies@1.0.2|symbol@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|find-up@1.1.0", + "bundle-dependencies@1.0.2|read-pkg@1.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|read-pkg@1.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|load-json-file@1.1.0", + "bundle-dependencies@1.0.2|normalize-package-data@2.3.5", + "bundle-dependencies@1.0.2|path-type@1.1.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|require-main-filename@1.0.1" + }, + { + "ref": "bundle-dependencies@1.0.2|semver@5.1.0" + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4" + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-exceptions@1.0.4", + "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|spdx-license-ids@1.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|string-width@1.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|code-point-at@1.0.0", + "bundle-dependencies@1.0.2|is-fullwidth-code-point@1.0.0", + "bundle-dependencies@1.0.2|strip-ansi@3.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|strip-ansi@3.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|ansi-regex@2.0.0" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|strip-bom@2.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|is-utf8@0.2.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|symbol@0.2.1" + }, + { + "ref": "bundle-dependencies@1.0.2|validate-npm-package-license@3.0.1", + "dependsOn": [ + "bundle-dependencies@1.0.2|spdx-correct@1.0.2", + "bundle-dependencies@1.0.2|spdx-expression-parse@1.0.2" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|window-size@0.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|wrap-ansi@1.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|string-width@1.0.1" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|y18n@3.2.0" + }, + { + "ref": "bundle-dependencies@1.0.2|yargs-parser@2.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|camelcase@2.1.0", + "bundle-dependencies@1.0.2|lodash.assign@4.0.3" + ] + }, + { + "ref": "bundle-dependencies@1.0.2|yargs@4.1.0", + "dependsOn": [ + "bundle-dependencies@1.0.2|camelcase@2.1.0", + "bundle-dependencies@1.0.2|cliui@3.1.0", + "bundle-dependencies@1.0.2|decamelize@1.1.2", + "bundle-dependencies@1.0.2|os-locale@1.4.0", + "bundle-dependencies@1.0.2|pkg-conf@1.1.1", + "bundle-dependencies@1.0.2|read-pkg-up@1.0.1", + "bundle-dependencies@1.0.2|require-main-filename@1.0.1", + "bundle-dependencies@1.0.2|string-width@1.0.1", + "bundle-dependencies@1.0.2|window-size@0.2.0", + "bundle-dependencies@1.0.2|y18n@3.2.0", + "bundle-dependencies@1.0.2|yargs-parser@2.1.0" + ] + }, + { + "ref": "demo-bundled-deps@0.0.0", + "dependsOn": [ + "bundle-dependencies@1.0.2" + ] + } + ] +} \ No newline at end of file diff --git a/tests/fixtures/bom.xml b/tests/fixtures/bom.xml new file mode 100644 index 000000000..d1e143e03 --- /dev/null +++ b/tests/fixtures/bom.xml @@ -0,0 +1,1742 @@ + + + + + + @cyclonedx + cyclonedx-library + 4.0.0 + + + https://github.com/CycloneDX/cyclonedx-javascript-library/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/CycloneDX/cyclonedx-javascript-library.git + as detected from PackageJson property "repository.url" + + + https://github.com/CycloneDX/cyclonedx-javascript-library#readme + as detected from PackageJson property "homepage" + + + + + @cyclonedx + cyclonedx-npm + 1.12.1 + + + https://github.com/CycloneDX/cyclonedx-node-npm/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/CycloneDX/cyclonedx-node-npm.git + as detected from PackageJson property "repository.url" + + + https://github.com/CycloneDX/cyclonedx-node-npm#readme + as detected from PackageJson property "homepage" + + + + + + demo-bundled-deps + 0.0.0 + demo: demo-bundled-deps -- showcase how bundled deps look like + + + Apache-2.0 + + + pkg:npm/demo-bundled-deps@0.0.0 + + + true + + + + + + Gajus Kuizinas + bundle-dependencies + 1.0.2 + Generates bundledDependencies package.json value using values of the dependencies property. + + 7ccf50f6125c5f56589f28ef7874e9b4566aa4b2833b681dc5186e07c30d498110bc2ea42260c31f6d37f09fed1df72e5742511948fc9fc6b10d8d009c59177c + + + + BSD-3-Clause + + + pkg:npm/bundle-dependencies@1.0.2 + + + https://registry.npmjs.org/bundle-dependencies/-/bundle-dependencies-1.0.2.tgz + as detected from npm-ls property "resolved" + + + https://github.com/gajus/bundle-dependencies/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/gajus/bundle-dependencies.git + as detected from PackageJson property "repository.url" + + + https://github.com/gajus/bundle-dependencies#readme + as detected from PackageJson property "homepage" + + + + node_modules/bundle-dependencies + + + + Sindre Sorhus + ansi-regex + 2.0.0 + Regular expression for matching ANSI escape codes + + + MIT + + + pkg:npm/ansi-regex@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/ansi-regex.git + + + https://github.com/sindresorhus/ansi-regex/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/ansi-regex.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/ansi-regex + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/ansi-regex + + + + Sindre Sorhus + builtin-modules + 1.1.1 + List of the Node.js builtin modules + + + MIT + + + pkg:npm/builtin-modules@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/builtin-modules.git + + + https://github.com/sindresorhus/builtin-modules/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/builtin-modules.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/builtin-modules#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/builtin-modules + + + + Sindre Sorhus + camelcase + 2.1.0 + Convert a dash/dot/underscore/space separated string to camelCase: foo-bar → fooBar + + + MIT + + + pkg:npm/camelcase@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/camelcase.git + + + https://github.com/sindresorhus/camelcase/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/camelcase.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/camelcase#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/camelcase + + + + Ben Coe + cliui + 3.1.0 + easily create complex multi-column command-line-interfaces + + + ISC + + + pkg:npm/cliui@3.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/cliui.git + + + https://github.com/bcoe/cliui/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/cliui.git + as detected from PackageJson property "repository.url" + + + https://github.com/bcoe/cliui + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/cliui + + + + Sindre Sorhus + code-point-at + 1.0.0 + ES2015 String#codePointAt() ponyfill + + + MIT + + + pkg:npm/code-point-at@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/code-point-at.git + + + https://github.com/sindresorhus/code-point-at/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/code-point-at.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/code-point-at + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/code-point-at + + + + Sindre Sorhus + decamelize + 1.1.2 + Convert a camelized string into a lowercased one with a custom separator: unicornRainbow → unicorn_rainbow + + + MIT + + + pkg:npm/decamelize@1.1.2?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/decamelize.git + + + https://github.com/sindresorhus/decamelize/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/decamelize.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/decamelize + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/decamelize + + + + error-ex + 1.3.0 + Easy error subclassing and stack customization + + + MIT + + + pkg:npm/error-ex@1.3.0?vcs_url=git%2Bhttps%3A//github.com/qix-/node-error-ex.git + + + https://github.com/qix-/node-error-ex/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/qix-/node-error-ex.git + as detected from PackageJson property "repository.url" + + + https://github.com/qix-/node-error-ex#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/error-ex + + + + Sindre Sorhus + escape-string-regexp + 1.0.5 + Escape RegExp special characters + + + MIT + + + pkg:npm/escape-string-regexp@1.0.5?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/escape-string-regexp.git + + + https://github.com/sindresorhus/escape-string-regexp/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/escape-string-regexp.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/escape-string-regexp + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/escape-string-regexp + + + + Sindre Sorhus + find-up + 1.1.0 + Find a file by walking up parent directories + + + MIT + + + pkg:npm/find-up@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/find-up.git + + + https://github.com/sindresorhus/find-up/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/find-up.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/find-up + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/find-up + + + + graceful-fs + 4.1.3 + A drop-in replacement for fs, making various improvements. + + + ISC + + + pkg:npm/graceful-fs@4.1.3?vcs_url=git%2Bhttps%3A//github.com/isaacs/node-graceful-fs.git + + + https://github.com/isaacs/node-graceful-fs/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/isaacs/node-graceful-fs.git + as detected from PackageJson property "repository.url" + + + https://github.com/isaacs/node-graceful-fs#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/graceful-fs + + + + Rebecca Turner + hosted-git-info + 2.1.4 + Provides metadata and conversions from repository urls for Github, Bitbucket and Gitlab + + + ISC + + + pkg:npm/hosted-git-info@2.1.4?vcs_url=git%2Bhttps%3A//github.com/npm/hosted-git-info.git + + + https://github.com/npm/hosted-git-info/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/npm/hosted-git-info.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/hosted-git-info + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/hosted-git-info + + + + Sindre Sorhus + invert-kv + 1.0.0 + Invert the key/value of an object. Example: {foo: 'bar'} → {bar: 'foo'} + + + MIT + + + pkg:npm/invert-kv@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/invert-kv.git + + + https://github.com/sindresorhus/invert-kv/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/invert-kv.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/invert-kv + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/invert-kv + + + + Qix + is-arrayish + 0.2.1 + Determines if an object can be used as an array + + + MIT + + + pkg:npm/is-arrayish@0.2.1?vcs_url=git%2Bhttps%3A//github.com/qix-/node-is-arrayish.git + + + https://github.com/qix-/node-is-arrayish/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/qix-/node-is-arrayish.git + as detected from PackageJson property "repository.url" + + + https://github.com/qix-/node-is-arrayish#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-arrayish + + + + Sindre Sorhus + is-builtin-module + 1.0.0 + Check if a string matches the name of a Node.js builtin module + + + MIT + + + pkg:npm/is-builtin-module@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-builtin-module.git + + + https://github.com/sindresorhus/is-builtin-module/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/is-builtin-module.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/is-builtin-module + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-builtin-module + + + + Sindre Sorhus + is-fullwidth-code-point + 1.0.0 + Check if the character represented by a given Unicode code point is fullwidth + + + MIT + + + pkg:npm/is-fullwidth-code-point@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/is-fullwidth-code-point.git + + + https://github.com/sindresorhus/is-fullwidth-code-point/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/is-fullwidth-code-point.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/is-fullwidth-code-point + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-fullwidth-code-point + + + + wayfind + is-utf8 + 0.2.1 + Detect if a buffer is utf8 encoded. + + + MIT + + + pkg:npm/is-utf8@0.2.1?vcs_url=git%2Bhttps%3A//github.com/wayfind/is-utf8.git + + + https://github.com/wayfind/is-utf8/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/wayfind/is-utf8.git + as detected from PackageJson property "repository.url" + + + https://github.com/wayfind/is-utf8#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/is-utf8 + + + + Sindre Sorhus + lcid + 1.0.0 + Mapping between standard locale identifiers and Windows locale identifiers (LCID) + + + MIT + + + pkg:npm/lcid@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/lcid.git + + + https://github.com/sindresorhus/lcid/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/lcid.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/lcid + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lcid + + + + Sindre Sorhus + load-json-file + 1.1.0 + Read and parse a JSON file + + + MIT + + + pkg:npm/load-json-file@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/load-json-file.git + + + https://github.com/sindresorhus/load-json-file/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/load-json-file.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/load-json-file + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/load-json-file + + + + John-David Dalton + lodash.assign + 4.0.3 + The lodash method `_.assign` exported as a module. + + + MIT + + + pkg:npm/lodash.assign@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.assign + + + + John-David Dalton + lodash.keys + 4.0.3 + The lodash method `_.keys` exported as a module. + + + MIT + + + pkg:npm/lodash.keys@4.0.3?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.keys + + + + John-David Dalton + lodash.rest + 4.0.1 + The lodash method `_.rest` exported as a module. + + + MIT + + + pkg:npm/lodash.rest@4.0.1?vcs_url=git%2Bhttps%3A//github.com/lodash/lodash.git + + + https://github.com/lodash/lodash/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/lodash/lodash.git + as detected from PackageJson property "repository.url" + + + https://lodash.com/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/lodash.rest + + + + Meryn Stol + normalize-package-data + 2.3.5 + Normalizes data that can be found in package.json files. + + + BSD-2-Clause + + + pkg:npm/normalize-package-data@2.3.5?vcs_url=git%3A//github.com/npm/normalize-package-data.git + + + https://github.com/npm/normalize-package-data/issues + as detected from PackageJson property "bugs.url" + + + git://github.com/npm/normalize-package-data.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/normalize-package-data#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/normalize-package-data + + + + Sindre Sorhus + number-is-nan + 1.0.0 + ES6 Number.isNaN() ponyfill + + + MIT + + + pkg:npm/number-is-nan@1.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/number-is-nan.git + + + https://github.com/sindresorhus/number-is-nan/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/number-is-nan.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/number-is-nan#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/number-is-nan + + + + Sindre Sorhus + object-assign + 4.0.1 + ES6 Object.assign() ponyfill + + + MIT + + + pkg:npm/object-assign@4.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/object-assign.git + + + https://github.com/sindresorhus/object-assign/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/object-assign.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/object-assign#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/object-assign + + + + Sindre Sorhus + os-locale + 1.4.0 + Get the system locale + + + MIT + + + pkg:npm/os-locale@1.4.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/os-locale.git + + + https://github.com/sindresorhus/os-locale/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/os-locale.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/os-locale + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/os-locale + + + + Sindre Sorhus + parse-json + 2.2.0 + Parse JSON with more helpful errors + + + MIT + + + pkg:npm/parse-json@2.2.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/parse-json.git + + + https://github.com/sindresorhus/parse-json/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/parse-json.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/parse-json + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/parse-json + + + + Sindre Sorhus + path-exists + 2.1.0 + Check if a path exists + + + MIT + + + pkg:npm/path-exists@2.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-exists.git + + + https://github.com/sindresorhus/path-exists/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/path-exists.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/path-exists + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/path-exists + + + + Sindre Sorhus + path-type + 1.1.0 + Check if a path is a file, directory, or symlink + + + MIT + + + pkg:npm/path-type@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/path-type.git + + + https://github.com/sindresorhus/path-type/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/path-type.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/path-type + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/path-type + + + + Sindre Sorhus + pify + 2.3.0 + Promisify a callback-style function + + + MIT + + + pkg:npm/pify@2.3.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pify.git + + + https://github.com/sindresorhus/pify/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/pify.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/pify + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pify + + + + Vsevolod Strukchinsky + pinkie-promise + 2.0.0 + ES2015 Promise ponyfill + + + MIT + + + pkg:npm/pinkie-promise@2.0.0?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie-promise.git + + + https://github.com/floatdrop/pinkie-promise/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/floatdrop/pinkie-promise.git + as detected from PackageJson property "repository.url" + + + https://github.com/floatdrop/pinkie-promise + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pinkie-promise + + + + Vsevolod Strukchinsky + pinkie + 2.0.4 + Itty bitty little widdle twinkie pinkie ES2015 Promise implementation + + + MIT + + + pkg:npm/pinkie@2.0.4?vcs_url=git%2Bhttps%3A//github.com/floatdrop/pinkie.git + + + https://github.com/floatdrop/pinkie/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/floatdrop/pinkie.git + as detected from PackageJson property "repository.url" + + + https://github.com/floatdrop/pinkie + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pinkie + + + + Sindre Sorhus + pkg-conf + 1.1.1 + Get namespaced config from the closest package.json + + + MIT + + + pkg:npm/pkg-conf@1.1.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/pkg-conf.git + + + https://github.com/sindresorhus/pkg-conf/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/pkg-conf.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/pkg-conf#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/pkg-conf + + + + Sindre Sorhus + read-pkg-up + 1.0.1 + Read the closest package.json file + + + MIT + + + pkg:npm/read-pkg-up@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg-up.git + + + https://github.com/sindresorhus/read-pkg-up/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/read-pkg-up.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/read-pkg-up + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/read-pkg-up + + + + Sindre Sorhus + read-pkg + 1.1.0 + Read a package.json file + + + MIT + + + pkg:npm/read-pkg@1.1.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/read-pkg.git + + + https://github.com/sindresorhus/read-pkg/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/read-pkg.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/read-pkg + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/read-pkg + + + + Ben Coe + require-main-filename + 1.0.1 + shim for require.main.filename() that works in as many environments as possible + + + ISC + + + pkg:npm/require-main-filename@1.0.1?vcs_url=git%2Bssh%3A//git%40github.com/yargs/require-main-filename.git + + + https://github.com/yargs/require-main-filename/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/yargs/require-main-filename.git + as detected from PackageJson property "repository.url" + + + https://github.com/yargs/require-main-filename#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/require-main-filename + + + + semver + 5.1.0 + The semantic version parser used by npm. + + + ISC + + + pkg:npm/semver@5.1.0?vcs_url=git%2Bhttps%3A//github.com/npm/node-semver.git + + + https://github.com/npm/node-semver/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/npm/node-semver.git + as detected from PackageJson property "repository.url" + + + https://github.com/npm/node-semver#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/semver + + + + Kyle E. Mitchell + spdx-correct + 1.0.2 + correct invalid SPDX identifiers + + + Apache-2.0 + + + pkg:npm/spdx-correct@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-correct.js.git + + + https://github.com/kemitchell/spdx-correct.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-correct.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-correct.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-correct + + + + The Linux Foundation + spdx-exceptions + 1.0.4 + list of SPDX standard license exceptions + + + CC-BY-3.0 + + + pkg:npm/spdx-exceptions@1.0.4?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-exceptions.json.git + + + https://github.com/kemitchell/spdx-exceptions.json/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-exceptions.json.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-exceptions.json#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-exceptions + + + + Kyle E. Mitchell + spdx-expression-parse + 1.0.2 + parse SPDX license expressions + + (MIT AND CC-BY-3.0) + + pkg:npm/spdx-expression-parse@1.0.2?vcs_url=git%2Bhttps%3A//github.com/kemitchell/spdx-expression-parse.js.git + + + https://github.com/kemitchell/spdx-expression-parse.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/spdx-expression-parse.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/spdx-expression-parse.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-expression-parse + + + + Shinnosuke Watanabe + spdx-license-ids + 1.2.0 + A list of SPDX license identifiers + + + Unlicense + + + pkg:npm/spdx-license-ids@1.2.0?vcs_url=git%2Bhttps%3A//github.com/shinnn/spdx-license-ids.git + + + https://github.com/shinnn/spdx-license-ids/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/shinnn/spdx-license-ids.git + as detected from PackageJson property "repository.url" + + + https://github.com/shinnn/spdx-license-ids#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/spdx-license-ids + + + + Sindre Sorhus + string-width + 1.0.1 + Get the visual width of a string - the number of columns required to display it + + + MIT + + + pkg:npm/string-width@1.0.1?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/string-width.git + + + https://github.com/sindresorhus/string-width/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/string-width.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/string-width + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/string-width + + + + Sindre Sorhus + strip-ansi + 3.0.1 + Strip ANSI escape codes + + + MIT + + + pkg:npm/strip-ansi@3.0.1?vcs_url=git%2Bhttps%3A//github.com/chalk/strip-ansi.git + + + https://github.com/chalk/strip-ansi/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/chalk/strip-ansi.git + as detected from PackageJson property "repository.url" + + + https://github.com/chalk/strip-ansi + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/strip-ansi + + + + Sindre Sorhus + strip-bom + 2.0.0 + Strip UTF-8 byte order mark (BOM) from a string/buffer + + + MIT + + + pkg:npm/strip-bom@2.0.0?vcs_url=git%2Bhttps%3A//github.com/sindresorhus/strip-bom.git + + + https://github.com/sindresorhus/strip-bom/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/sindresorhus/strip-bom.git + as detected from PackageJson property "repository.url" + + + https://github.com/sindresorhus/strip-bom + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/strip-bom + + + + Sean McArthur + symbol + 0.2.1 + ES6 Symbols in your ES5. + + + MPLv2.0 + + + pkg:npm/symbol@0.2.1?vcs_url=git%3A//github.com/seanmonstar/symbol.git + + + https://github.com/seanmonstar/symbol/issues + as detected from PackageJson property "bugs.url" + + + git://github.com/seanmonstar/symbol.git + as detected from PackageJson property "repository.url" + + + https://github.com/seanmonstar/symbol#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/symbol + + + + Kyle E. Mitchell + validate-npm-package-license + 3.0.1 + Give me a string and I'll tell you if it's a valid npm package license string + + + Apache-2.0 + + + pkg:npm/validate-npm-package-license@3.0.1?vcs_url=git%2Bhttps%3A//github.com/kemitchell/validate-npm-package-license.js.git + + + https://github.com/kemitchell/validate-npm-package-license.js/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/kemitchell/validate-npm-package-license.js.git + as detected from PackageJson property "repository.url" + + + https://github.com/kemitchell/validate-npm-package-license.js#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/validate-npm-package-license + + + + Jon Schlinkert + window-size + 0.2.0 + Reliable way to to get the height and width of the terminal/console in a node.js environment. + + + MIT + + + pkg:npm/window-size@0.2.0?vcs_url=git%2Bhttps%3A//github.com/jonschlinkert/window-size.git + + + https://github.com/jonschlinkert/window-size/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/jonschlinkert/window-size.git + as detected from PackageJson property "repository.url" + + + https://github.com/jonschlinkert/window-size + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/window-size + + + + Sindre Sorhus + wrap-ansi + 1.0.0 + Wordwrap a string with ANSI escape codes + + + MIT + + + pkg:npm/wrap-ansi@1.0.0?vcs_url=git%2Bhttps%3A//github.com/chalk/wrap-ansi.git + + + https://github.com/chalk/wrap-ansi/issues + as detected from PackageJson property "bugs.url" + + + git+https://github.com/chalk/wrap-ansi.git + as detected from PackageJson property "repository.url" + + + https://github.com/chalk/wrap-ansi#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/wrap-ansi + + + + Ben Coe + y18n + 3.2.0 + the bare-bones internationalization library used by yargs + + + ISC + + + pkg:npm/y18n@3.2.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/y18n.git + + + https://github.com/bcoe/y18n/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/y18n.git + as detected from PackageJson property "repository.url" + + + https://github.com/bcoe/y18n + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/y18n + + + + Ben Coe + yargs-parser + 2.1.0 + the mighty option parser used by yargs + + + ISC + + + pkg:npm/yargs-parser@2.1.0?vcs_url=git%2Bssh%3A//git%40github.com/yargs/yargs-parser.git + + + https://github.com/yargs/yargs-parser/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/yargs/yargs-parser.git + as detected from PackageJson property "repository.url" + + + https://github.com/yargs/yargs-parser#readme + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/yargs-parser + + + + yargs + 4.1.0 + Light-weight option parsing with an argv hash. No optstrings attached. + + + MIT + + + pkg:npm/yargs@4.1.0?vcs_url=git%2Bssh%3A//git%40github.com/bcoe/yargs.git + + + https://github.com/bcoe/yargs/issues + as detected from PackageJson property "bugs.url" + + + git+ssh://git@github.com/bcoe/yargs.git + as detected from PackageJson property "repository.url" + + + http://yargs.js.org/ + as detected from PackageJson property "homepage" + + + + true + node_modules/bundle-dependencies/node_modules/yargs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/tests/fixtures/nested_bom.json b/tests/fixtures/nested_bom.json new file mode 100644 index 000000000..4393ca115 --- /dev/null +++ b/tests/fixtures/nested_bom.json @@ -0,0 +1,36 @@ +{ + "$schema": "https://cyclonedx.org/schema/bom-1.5.schema.json", + "bomFormat": "CycloneDX", + "specVersion": "1.5", + "components": [ + { + "type": "framework", + "name": "FrameworkA", + "version": "1.0", + "scope": "required", + "purl": "pkg:npm/FrameworkA@1.0", + "components": [ + { + "type": "library", + "name": "LibA", + "version": "1.1", + "scope": "required", + "purl": "pkg:npm/LibA@1.1" + }, + { + "type": "library", + "name": "LibB", + "version": "1.2", + "purl": "pkg:pypi/LibB@1.2" + } + ] + }, + { + "type": "application", + "name": "AppA", + "version": "1.0", + "scope": "required", + "purl": "pkg:pypi/AppA@1.0" + } + ] +} \ No newline at end of file