Comments (4)
ForestEckhardt
commented on August 9, 2024
There does not appear to be any straight forward tooling from NPM to facilitate the retrieval of module information. However, because the modules themselves contain package.json files we could walk the node_modules directory and parse all of the information such as name, version, license, repository, etc. out of the package.json itself as these are standard fields. Another benefit of this approach is that is will for for any node package manager (i.e. npm, yarn) as it relies on the contents of the node_modules folder as opposed to the functionality built into the package manager.
from npm-install.
ryanmoran
commented on August 9, 2024
Have you looked into https://github.com/CycloneDX/cyclonedx-node-module?
from npm-install.
sophiewigmore
commented on August 9, 2024
Just checked it out! This tool is awesome, it gets almost everything we want:
name, version, description, hash, source URI, license ID, package URL for each node module. I'm thinking we can try to run this tool along side the npm install or yarn install buildpack. We may need to do some additional work to generate CPEs and deprecation dates.
The tool outputs in CycloneDX which will be ideal if/when we officially support CycloneDX. For the time being, with the current TOML format we support we can likely pull the information off of the JSON, and pass it into the same BOM Generator we currently use in node-engine and yarn
from npm-install.
sophiewigmore
commented on August 9, 2024
Closing in favour of the suite of issues to implement this.
from npm-install.
Related Issues (20)
- Implement RFC0044: Disable SBOM
- Different run-image and build-image users causing runtime failure HOT 2
- Failure: Create Draft Release workflow HOT 1
- Chmod fails when running as non-root user HOT 3
- Support Jammy Jellyfish
- A project with cached dependencies fails to start on subsequent builds HOT 2
- Failure: Create Draft Release workflow HOT 50
- Restarting o Docker Container results in errors executing the symlink script.
- Enable Debug Logging
- Build fails when `npm-cache` is supplied beforehand
- Failure: Go get update workflow HOT 3
- /tmp/node_modules directory is missing during run time HOT 5
- Project with a linked module fails with "Module not found" HOT 1
- build fails when using npm workspaces and `node_modules` is required during build and launch HOT 6
- Failure: Approve bot PR workflow HOT 1
- Locally installed packages not loading on container start
- Failure: Update GitHub config workflow
- Anchore Go Library - Vulnerabilities
- npm install is not installing devDependencies HOT 2
- Always overriding NODE_ENV with development HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from npm-install.