JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 24816
  • Score
    100M100P100Q159145F
  • License Apache-2.0

Creates CycloneDX Software Bill-of-Materials (SBoM) from Node.js projects

Package Exports

  • @cyclonedx/bom

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (@cyclonedx/bom) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Build Status License Latest Website Group Discussion Twitter

CycloneDX Node.js Module

The CycloneDX module for Node.js creates a valid CycloneDX Softare Bill-of-Material (SBoM) containing an aggregate of all project dependencies. CycloneDX is a lightweight SBoM specification that is easily created, human and machine readable, and simple to parse. The resulting bom.xml can be used with tools such as OWASP Dependency-Track for the continuous analysis of components.

Usage

Installing

npm install -g @cyclonedx/bom

Getting Help

$ cyclonedx-bom -h
Usage:  cyclonedx-bom [OPTIONS] [path]
Options:
  -h        - this help
  -a <path> - merge in additional modules from other scanner
  -o <path> - write to file instead of stdout
  -v10      - generate CycloneDX v1.0
  -v11      - generate CycloneDX v1.1 (default)
  -ns       - do not generate bom serial number (schema v1.1 or higher)
  -d        - include devDependencies
  --version - print version number

Example

cyclonedx-bom -o bom.xml

License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.