Skip to content

Commit

Permalink
Change to npm
Browse files Browse the repository at this point in the history
  • Loading branch information
@ashlymat
ashlymat committed May 5, 2023
1 parent 7ee3377 commit a4566a3
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 6 deletions.
8 changes: 5 additions & 3 deletions pkg/npm/npm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -356,8 +356,9 @@ func (exec *Execute) checkIfLockFilesExist() (bool, bool, error) {
// CreateBOM generates BOM file using CycloneDX from all package.json files
func (exec *Execute) CreateBOM(packageJSONFiles []string) error {
execRunner := exec.Utils.GetExecRunner()
// Install CycloneDX Node.js module locally without saving in package.json
err := execRunner.RunExecutable("npm", "install", cycloneDxPackageVersion, "--no-save")
// Install CycloneDX Node.js module via npx without saving in package.json / polluting globals
// See https://github.com/CycloneDX/cyclonedx-node-npm#installation
err := execRunner.RunExecutable("npx", "--package", cycloneDxPackageVersion, "--call", "exit")
if err != nil {
return fmt.Errorf("failed to install cycloneDx package: %w", err)
}
Expand All @@ -366,14 +367,15 @@ func (exec *Execute) CreateBOM(packageJSONFiles []string) error {
for _, packageJSONFile := range packageJSONFiles {
path := filepath.Dir(packageJSONFile)
params := []string{
cycloneDxPackageVersion,
"--output-format",
"XML",
"--spec-version",
cycloneDxSchemaVersion,
"--output-file", filepath.Join(path, npmBomFilename),
packageJSONFile,
}
err := execRunner.RunExecutable("cyclonedx-npm", params...)
err := execRunner.RunExecutable("npx", params...)
if err != nil {
return fmt.Errorf("failed to generate cycloneDx BOM: %w", err)
}
Expand Down
6 changes: 3 additions & 3 deletions pkg/npm/npm_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -360,13 +360,13 @@ func TestNpm(t *testing.T) {

if assert.NoError(t, err) {
if assert.Equal(t, 3, len(utils.execRunner.Calls)) {
assert.Equal(t, mock.ExecCall{Exec: "npm", Params: []string{"install", "--global", "@cyclonedx/[email protected]", "--no-save"}}, utils.execRunner.Calls[0])
assert.Equal(t, mock.ExecCall{Exec: "cyclonedx-npm", Params: []string{"--output-format",
assert.Equal(t, mock.ExecCall{Exec: "npx", Params: []string{"--package", "@cyclonedx/[email protected]", "--call", "exit"}}, utils.execRunner.Calls[0])
assert.Equal(t, mock.ExecCall{Exec: "npx", Params: []string{"@cyclonedx/[email protected]", "--output-format",
"XML",
"--spec-version",
"1.4",
"--output-file", "bom-npm.xml", "package.json"}}, utils.execRunner.Calls[1])
assert.Equal(t, mock.ExecCall{Exec: "cyclonedx-npm", Params: []string{"--output-format",
assert.Equal(t, mock.ExecCall{Exec: "npx", Params: []string{"@cyclonedx/[email protected]", "--output-format",
"XML",
"--spec-version",
"1.4",
Expand Down

0 comments on commit a4566a3

Please sign in to comment.