{"id":20617822,"url":"https://github.com/cyclonedx/cyclonedx-node-module","last_synced_at":"2025-05-15T15:08:48.024Z","repository":{"id":37734875,"uuid":"93290329","full_name":"CycloneDX/cyclonedx-node-module","owner":"CycloneDX","description":"creates CycloneDX Software-Bill-of-Materials (SBOM) from node-based projects","archived":false,"fork":false,"pushed_at":"2025-02-08T08:57:03.000Z","size":1189,"stargazers_count":127,"open_issues_count":0,"forks_count":38,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-04-11T21:12:25.031Z","etag":null,"topics":["bom","cyclonedx","dependency-graph","meta-package","metapackage","node","nodejs","sbom","sbom-generator","sbom-tool","software-bill-of-materials"],"latest_commit_sha":null,"homepage":"https://cyclonedx.org/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CycloneDX.png","metadata":{"files":{"readme":"README.md","changelog":"HISTORY.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"custom":["https://owasp.org/donate/?reponame=www-project-cyclonedx\u0026title=OWASP+CycloneDX"]}},"created_at":"2017-06-04T04:34:48.000Z","updated_at":"2025-04-02T08:32:59.000Z","dependencies_parsed_at":"2023-01-29T14:01:00.544Z","dependency_job_id":"8ac02e50-ad83-4c19-9c73-8b76ac15b4e7","html_url":"https://github.com/CycloneDX/cyclonedx-node-module","commit_stats":{"total_commits":384,"total_committers":30,"mean_commits":12.8,"dds":0.6588541666666667,"last_synced_commit":"168dab9a19a5836762574732ea986fb25174573d"},"previous_names":[],"tags_count":45,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fcyclonedx-node-module","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fcyclonedx-node-module/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fcyclonedx-node-module/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CycloneDX%2Fcyclonedx-node-module/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CycloneDX","download_url":"https://codeload.github.com/CycloneDX/cyclonedx-node-module/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248480428,"owners_count":21110937,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bom","cyclonedx","dependency-graph","meta-package","metapackage","node","nodejs","sbom","sbom-generator","sbom-tool","software-bill-of-materials"],"created_at":"2024-11-16T12:06:07.508Z","updated_at":"2025-04-11T21:12:30.245Z","avatar_url":"https://github.com/CycloneDX.png","language":null,"readme":"# CycloneDX BOM\n\n[![shield_npm-version]][link_npm]\n[![shield_gh-workflow-test]][link_gh-workflow-test]\n[![shield_license]][license_file]  \n[![shield_website]][link_website]\n[![shield_slack]][link_slack]\n[![shield_groups]][link_discussion]\n[![shield_twitter-follow]][link_twitter]\n\n----\n\nThis is a so-called **meta-package**, it does not ship any own functionality, but it is a collection of optional dependencies.\nThis package's dependencies are tools* with one purpose in common:  \ngenerate _[CycloneDX][link_website]_ Software-Bill-of-Materials (SBOM) from _node_-based projects.\n\n| ecosystem | actual tool |\n|:---------:|:------------|\n| _npm_ | [@cyclonedx/cyclonedx-npm](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-npm) |\n| _pnpm_ | To be announced, suggestions welcome. \u003cbr/\u003e Candidate: [cyclonedx-node-pnpm](https://github.com/CycloneDX/cyclonedx-node-pnpm) |\n| _yarn_ | [@cyclonedx/yarn-plugin-cyclonedx](https://www.npmjs.com/package/%40cyclonedx/yarn-plugin-cyclonedx) |\n\n*) You should not depend on this very meta-package, instead depend on the actual tool that fits your specific (eco)system.\n\n## Out of Scope\n\nThere are systems, that are not node-targeting, but use node as a runtime/compiler environment, or use node package registry as a distribution system.\nThese systems are out of scope. Therefore, the following tools are not part of this very meta-package.\n\n| system | actual tool(s) |\n|:------:|:---------------|\n| _Angular_ | [@cyclonedx/webpack-plugin with _Angular_](https://www.npmjs.com/package/%40cyclonedx/webpack-plugin?activeTab=readme#user-content-use-with-angular) |\n| _Bower_ | None. (_Bower_ is [deprecated](https://bower.io/blog/2017/how-to-migrate-away-from-bower/)!) |\n| _esbuild_ | To be announced, suggestions welcome. \u003cbr/\u003e Candidate: [cyclonedx-esbuild-plugin](https://github.com/CycloneDX/cyclonedx-esbuild-plugin) |\n| _Parcel_ | To be announced, suggestions welcome |\n| _React_ | [@cyclonedx/webpack-plugin with _React_](https://www.npmjs.com/package/%40cyclonedx/webpack-plugin?activeTab=readme#user-content-use-with-react) |\n| _Rollup_ | [rollup-plugin-sbom](https://www.npmjs.com/package/rollup-plugin-sbom?activeTab=readme) |\n| _Rspack_/_Rsbuild_ | To be announced, suggestions welcome |\n| _Svelte_ | To be announced, suggestions welcome |\n| _Vite_ | [rollup-plugin-sbom with _Vite_](https://www.npmjs.com/package/rollup-plugin-sbom?activeTab=readme#usage-with-vite) |\n| _webpack_ | [@cyclonedx/webpack-plugin](https://www.npmjs.com/package/%40cyclonedx/webpack-plugin) |\n\n## Library\n\nIf you are looking for a JavaScript/TypeScript library for working with CycloneDX, its data models or serialization,\nthen you might want to try [@cyclonedx/cyclonedx-library](https://www.npmjs.com/package/%40cyclonedx/cyclonedx-library).\n\n## Contributing\n\nYou want to have a certain node-based tool added?  \nFeel free to open issues, bugreports or pull requests.  \nSee the [CONTRIBUTING][contributing_file] file for details.\n\n## Copyright \u0026 License\n\nCycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.\n\nPermission to modify and redistribute is granted under the terms of the Apache 2.0 license.  \nSee the [LICENSE][license_file] file for the full license.\n\n----\n\n## Previous versions\n\nThis project used to be a tool-set and a library to work and generate [CycloneDX][link_website] Software Bill-of-Materials (SBOM) from _npm_ and _yarn_ based projects.  \nSince version 4.0, this was all split to individual projects, and this project changed to a bare meta-package.\n\nPrevious versions of this very package are still available\nvia [npmjs versions](https://www.npmjs.com/package/@cyclonedx/bom?activeTab=versions)\nand [github releases](https://github.com/CycloneDX/cyclonedx-node-module/releases)\n\n[license_file]: https://github.com/CycloneDX/cyclonedx-node-module/blob/master/LICENSE\n[contributing_file]: https://github.com/CycloneDX/cyclonedx-node-module/blob/master/CONTRIBUTING.md\n\n[shield_gh-workflow-test]: https://img.shields.io/github/actions/workflow/status/CycloneDX/cyclonedx-node-module/nodejs.yml?branch=master\u0026logo=GitHub\u0026logoColor=white \"build\"\n[shield_npm-version]: https://img.shields.io/npm/v/%40cyclonedx%2fbom/latest?label=npm\u0026logo=npm\u0026logoColor=white \"npm\"\n[shield_docker-version]: https://img.shields.io/docker/v/cyclonedx/cyclonedx-node?logo=docker\u0026logoColor=white\u0026label=docker \"docker\"\n[shield_license]: https://img.shields.io/badge/license-Apache%202.0-brightgreen.svg?logo=open%20source%20initiative\u0026logoColor=white \"license\"\n[shield_website]: https://img.shields.io/badge/https://-cyclonedx.org-blue.svg \"homepage\"\n[shield_slack]: https://img.shields.io/badge/slack-join-blue?logo=Slack\u0026logoColor=white \"slack join\"\n[shield_groups]: https://img.shields.io/badge/discussion-groups.io-blue.svg \"groups discussion\"\n[shield_twitter-follow]: https://img.shields.io/badge/Twitter-follow-blue?logo=Twitter\u0026logoColor=white \"twitter follow\"\n[link_gh-workflow-test]: https://github.com/CycloneDX/cyclonedx-node-module/actions/workflows/nodejs.yml?query=branch%3Amaster\n[link_npm]: https://www.npmjs.com/package/%40cyclonedx/bom\n[link_docker]: https://hub.docker.com/r/cyclonedx/cyclonedx-node\n[link_website]: https://cyclonedx.org/\n[link_slack]: https://cyclonedx.org/slack/invite\n[link_discussion]: https://groups.io/g/CycloneDX\n[link_twitter]: https://twitter.com/CycloneDX_Spec\n","funding_links":["https://owasp.org/donate/?reponame=www-project-cyclonedx\u0026title=OWASP+CycloneDX"],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclonedx%2Fcyclonedx-node-module","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyclonedx%2Fcyclonedx-node-module","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyclonedx%2Fcyclonedx-node-module/lists"}