From f2ae6c0b3f84b1b09a93e70ca6ba2bd83a2d8b2b Mon Sep 17 00:00:00 2001 From: Ashly Mathew Date: Tue, 2 May 2023 16:24:01 +0200 Subject: [PATCH] fix(npm): Update npm cycloneDx to cyclonedx-npm --- pkg/npm/npm.go | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/pkg/npm/npm.go b/pkg/npm/npm.go index b0db883de5..2cc455c94f 100644 --- a/pkg/npm/npm.go +++ b/pkg/npm/npm.go @@ -14,7 +14,9 @@ import ( ) const ( - npmBomFilename = "bom-npm.xml" + npmBomFilename = "bom-npm.xml" + cycloneDxPackageVersion = "@cyclonedx/cyclonedx-npm@1.11.0" + cycloneDxSchemaVersion = "1.4" ) // Execute struct holds utils to enable mocking and common parameters @@ -355,22 +357,26 @@ func (exec *Execute) checkIfLockFilesExist() (bool, bool, error) { func (exec *Execute) CreateBOM(packageJSONFiles []string) error { execRunner := exec.Utils.GetExecRunner() // Install CycloneDX Node.js module locally without saving in package.json - err := execRunner.RunExecutable("npm", "install", "@cyclonedx/bom@^3.10.6", "--no-save") + err := execRunner.RunExecutable("npm", "install", "--global", cycloneDxPackageVersion, "--no-save") if err != nil { - return err + return fmt.Errorf("failed to install cycloneDx package: %w", err) } if len(packageJSONFiles) > 0 { for _, packageJSONFile := range packageJSONFiles { - path := filepath.Dir(packageJSONFile) + //path := filepath.Dir(packageJSONFile) params := []string{ - "cyclonedx-bom", - path, - "--output", filepath.Join(path, npmBomFilename), + "--output-format", + "XML", + "--spec-version", + cycloneDxSchemaVersion, + "--no-validate", + "--output-file", filepath.Join(filepath.Dir(packageJSONFile), npmBomFilename), + packageJSONFile, } - err := execRunner.RunExecutable("npx", params...) + err := execRunner.RunExecutable("cyclonedx-npm", params...) if err != nil { - return err + return fmt.Errorf("failed to generate cycloneDx BOM: %w", err) } } }