@cyclonedx/bom
Advanced tools
Meta-package for known CycloneDX Software Bill of Materials (SBOM) generators
This is a so-called meta-package, it does not ship any own functionality, but it is a collection of optional dependencies.
This package's dependencies are tools* with one purpose in common:
generate CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects.
| ecosystem | actual tool |
|---|---|
| npm | @cyclonedx/cyclonedx-npm |
| pnpm | To be announced, suggestions welcome. Candidate: cyclonedx-node-pnpm |
| yarn | @cyclonedx/yarn-plugin-cyclonedx |
*) You should not depend on this very meta-package, instead depend on the actual tool that fits your specific (eco)system.
There are systems, that are not node-targeting, but use node as a runtime/compiler environment, or use node package registry as a distribution system. These systems are out of scope. Therefore, the following tools are not part of this very meta-package.
| system | actual tool(s) |
|---|---|
| Angular | @cyclonedx/webpack-plugin with Angular |
| Bower | None. (Bower is deprecated!) |
| esbuild | To be announced, suggestions welcome. Candidate: cyclonedx-esbuild-plugin |
| Parcel | To be announced, suggestions welcome |
| React | @cyclonedx/webpack-plugin with React |
| Rollup | rollup-plugin-sbom |
| Rspack/Rsbuild | To be announced, suggestions welcome |
| Svelte | To be announced, suggestions welcome |
| Vite | rollup-plugin-sbom with Vite |
| webpack | @cyclonedx/webpack-plugin |
If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, then you might want to try @cyclonedx/cyclonedx-library.
You want to have a certain node-based tool added?
Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.
CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
This project used to be a tool-set and a library to work and generate CycloneDX Software Bill-of-Materials (SBOM) from npm and yarn based projects.
Since version 4.0, this was all split to individual projects, and this project changed to a bare meta-package.
Previous versions of this very package are still available via npmjs versions and github releases
FAQs
Meta-package for known CycloneDX Software Bill of Materials (SBOM) generators
We found that @cyclonedx/bom demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
An advanced npm supply chain attack is leveraging Ethereum smart contracts for decentralized, persistent malware control, evading traditional defenses.
Security News
Research
Attackers are impersonating Sindre Sorhus on npm with a fake 'chalk-node' package containing a malicious backdoor to compromise developers' projects.
Security News
The npm package for the LottieFiles Player web component was hit with a supply chain attack after a software engineer's npmjs credentials were compromised.
