{"id":18374692,"url":"https://github.com/jupiterone/node-cdx-bom","last_synced_at":"2025-08-17T13:37:00.294Z","repository":{"id":41976078,"uuid":"364346569","full_name":"JupiterOne/node-cdx-bom","owner":"JupiterOne","description":"Generate a unique, recursively merged SBOM for NodeJS projects and monorepos.","archived":false,"fork":false,"pushed_at":"2024-01-02T19:13:36.000Z","size":80,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-11T03:58:35.506Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JupiterOne.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":"CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2021-05-04T18:15:07.000Z","updated_at":"2021-11-29T18:50:44.000Z","dependencies_parsed_at":"2023-10-13T14:15:32.195Z","dependency_job_id":"d8a7ddb1-7bcb-4f63-84dd-393f99a2dcdd","html_url":"https://github.com/JupiterOne/node-cdx-bom","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/JupiterOne/node-cdx-bom","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fnode-cdx-bom","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fnode-cdx-bom/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fnode-cdx-bom/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fnode-cdx-bom/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JupiterOne","download_url":"https://codeload.github.com/JupiterOne/node-cdx-bom/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JupiterOne%2Fnode-cdx-bom/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270856563,"owners_count":24657688,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T00:15:42.855Z","updated_at":"2025-08-17T13:37:00.271Z","avatar_url":"https://github.com/JupiterOne.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# node-cdx-bom\n\nThis project provides a CLI tool (via NPM and Docker) that may be used to generate a\n[CycloneDX](https://cyclonedx.org) Software Bill-of-Materials (BOM) for a\nNodeJS project/repo.\n\n## Installing from NPM\n\n```\nnpm install -g @jupiterone/node-cdx-bom\n```\n\nNOTE: this tool relies on [cyclonedx-cli](https://github.com/CycloneDX/cyclonedx-cli/releases). The binary should be installed as `cyclonedx` somewhere in your PATH prior to running the `node-cdx-bom` command.\n\n## Building a docker image\n\n```\ndocker build -t jupiterone/node-cdx-bom:latest .\n```\n\n## Running node-cdx-bom\n\nTry:\n\n```\ncd my-project-repo\nnode-cdx-bom\n - or -\ndocker run -v $PWD:/src jupiterone/node-cdx-bom /src/bom.json\n```\n\nThis will generate a `bom.json` file in your project root.\n\nNOTE: you must specify `/src` as your Docker volume mount target (`-v $PWD:/src`)!\n\n## Assumptions\n\n* You're only interested in generating a BOM for packages you actually use in\n  production and `devDependencies` aren't of interest/in-scope.  These are ignored.\n* node_modules are present (You've run `npm install` or `yarn install` first.)\n* node_modules of all sub-packages of interest are present (if monorepo)\n* deploy/ packages (if any) are out-of-scope, and should be ignored.\n\nThe discovered packages that remain are, therefore, required.  These are\nmarked as such by setting the property `scope: 'required'` for each of the\nBOM `components[]`.\n\n## Environment Variables\n\nTo override the location of the ignored deploy dir, set the IGNORE_DIR variable.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fnode-cdx-bom","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjupiterone%2Fnode-cdx-bom","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjupiterone%2Fnode-cdx-bom/lists"}