@cyclonedx/bom
Advanced tools
Meta-package for known CycloneDX Software Bill of Materials (SBOM) generators
This is a so-called meta-package, it does not ship any own functionality, but it is a collection of optional dependencies.
This package's dependencies are tools* with one purpose in common:
generate CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects.
| ecosystem | actual tool |
|---|---|
| npm | @cyclonedx/cyclonedx-npm |
| pnpm | To be announced, suggestions welcome. Candidate: cyclonedx-node-pnpm |
| yarn | @cyclonedx/yarn-plugin-cyclonedx |
*) You should not depend on this very meta-package, instead depend on the actual tool that fits your specific (eco)system.
There are systems, that are not node-targeting, but use node as a runtime/compiler environment, or use node package registry as a distribution system. These systems are out of scope. Therefore, the following tools are not part of this very meta-package.
| system | actual tool(s) |
|---|---|
| Angular | @cyclonedx/webpack-plugin with Angular |
| Bower | None. (Bower is deprecated!) |
| esbuild | To be announced, suggestions welcome. Candidate: cyclonedx-esbuild-plugin |
| Parcel | To be announced, suggestions welcome |
| React | @cyclonedx/webpack-plugin with React |
| Rollup | rollup-plugin-sbom |
| Rspack/Rsbuild | To be announced, suggestions welcome |
| Svelte | To be announced, suggestions welcome |
| Vite | rollup-plugin-sbom with Vite |
| webpack | @cyclonedx/webpack-plugin |
If you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization, then you might want to try @cyclonedx/cyclonedx-library.
You want to have a certain node-based tool added?
Feel free to open issues, bugreports or pull requests.
See the CONTRIBUTING file for details.
CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.
This project used to be a tool-set and a library to work and generate CycloneDX Software Bill-of-Materials (SBOM) from npm and yarn based projects.
Since version 4.0, this was all split to individual projects, and this project changed to a bare meta-package.
Previous versions of this very package are still available via npmjs versions and github releases
4.1.0 - 2024-06-26
@cyclonedx/yarn-plugin-cyclonedx (via [#365])FAQs
Meta-package for known CycloneDX Software Bill of Materials (SBOM) generators
The npm package @cyclonedx/bom receives a total of 19,886 weekly downloads. As such, @cyclonedx/bom popularity was classified as popular.
We found that @cyclonedx/bom demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
AGENTS.md is a fast-growing open format giving AI coding agents a shared, predictable way to understand project setup, style, and workflows.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.