JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 24816
  • Score
    100M100P100Q152594F
  • License Apache-2.0

Meta-package for known CycloneDX Software Bill of Materials (SBOM) generators

Package Exports

    This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@cyclonedx/bom) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

    Readme

    CycloneDX BOM

    shield_npm-version shield_gh-workflow-test shield_license
    shield_website shield_slack shield_groups shield_twitter-follow

    This is a so-called meta-package, it does not ship any own functionality, but it is a collection of optional dependencies. This package's dependencies are tools* with one purpose in common:
    generate CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects.

    ecosystem actual tool
    npm @cyclonedx/cyclonedx-npm
    pnpm To be announced, suggestions welcome.
    Candidate: cyclonedx-node-pnpm
    yarn @cyclonedx/yarn-plugin-cyclonedx

    *) You should not depend on this very meta-package, instead depend on the actual tool that fits your specific (eco)system.

    Out of Scope

    There are systems, that are not node-targeting, but use node as a runtime/compiler environment, or use node package registry as a distribution system. These systems are out of scope. Therefore, the following tools are not part of this very meta-package.

    system actual tool(s)
    Angular Utilize @cyclonedx/cyclonedx-esbuild or @cyclonedx/webpack-plugin
    Bower None. (Bower is deprecated!)
    esbuild @cyclonedx/cyclonedx-esbuild
    Parcel To be announced, suggestions welcome
    React Utilize @cyclonedx/webpack-plugin
    Rollup rollup-plugin-sbom
    Rspack/Rsbuild To be announced, suggestions welcome
    Svelte To be announced, suggestions welcome
    Vite Utilize rollup-plugin-sbom
    webpack @cyclonedx/webpack-plugin

    Library

    If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, then you might want to try @cyclonedx/cyclonedx-library.

    Contributing

    You want to have a certain node-based tool added?
    Feel free to open issues, bugreports or pull requests.
    See the CONTRIBUTING file for details.

    Copyright & License

    CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.

    Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
    See the LICENSE file for the full license.

    Previous versions

    This project used to be a tool-set and a library to work and generate CycloneDX Software Bill-of-Materials (SBOM) from npm and yarn based projects.
    Since version 4.0, this was all split to individual projects, and this project changed to a bare meta-package.

    Previous versions of this very package are still available via npmjs versions and github releases