Fix encoding of PURLs in SBOM output

RetireJS · Aug 20, 2024 · 1bef86e · 1bef86e
1 parent 3eeed9c
commit 1bef86e
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 13 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # Changelog
 
+## 1.6.3
+
+### Bugfix
+
+* Fix encoding of PURLs in SBOM output
+
 ## 1.6.2
 
 ### Bugfix

diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,7 +1,7 @@
 {
   "author": "Erlend Oftedal <[email protected]>",
   "name": "retire-site-scanner",
-  "version": "1.6.2",
+  "version": "1.6.3",
   "license": "Apache-2.0",
   "description": "A scanner for checking a web site using retire.js",
   "main": "dist/index.js",
@@ -24,7 +24,7 @@
   "dependencies": {
     "cacheable-lookup": "^7.0.0",
     "puppeteer": "^23.1.0",
-    "retire": "^5.2.1",
+    "retire": "^5.2.2",
     "source-map": "^0.7.4"
   },
   "devDependencies": {

diff --git a/src/log.ts b/src/log.ts
@@ -1,6 +1,7 @@
 type LogLevel = "DBG" | "INF" | "ERR" | "WRN" | "TRC";
 import crypto, { randomUUID } from "crypto";
 import { Component } from "retire/lib/types";
+import { generatePURL } from "retire/lib/reporters/utils";
 import { unique } from "./utils";
 const pjson = require("../package.json");
 
@@ -188,11 +189,6 @@ function formatContentTypes(
     .join(" ");
 }
 
-function generatePURL(component: Component): string {
-  if (component.basePurl) return component.basePurl + "@" + component.version;
-  return `pkg:npm/${component.npmname ?? component.component}@${component.version}`;
-}
-
 export function convertToCycloneDX(resultToConvert: typeof collectedResults) {
   const components = new Map<string, CycloneDXComponent>();
   const vulnerabilities: Array<CycloneDXVulnerability> = [];