@cyclonedx/cdxgen

export function isSensitiveEnvironmentVariableName(varName: any): boolean; export function recordObservedActivity(kind: any, target: any, options?: {}): any; export function recordDecisionActivity(target: any, options?: {}): any; export function recordDiscoveryActivity(target: any, options?: {}): any; export function recordPolicyActivity(target: any, options?: {}): any; export function recordSymlinkResolution(sourcePath: any, resolvedPath: any, options?: {}): any; export function recordEnvironmentRead(varName: any, options?: {}): any; export function recordSensitiveFileRead(filePath: any, options?: {}): any; export function readEnvironmentVariable(varName: any, options?: {}): any; export function setDryRunMode(enabled: any): void; export function createDryRunError(action: any, target: any, reason: any): Error; export function isDryRunError(error: any): boolean; export function setActivityContext(context?: {}): void; export function resetActivityContext(): void; export function recordActivity(activity: any): any; export function getRecordedActivities(): any[]; export function resetRecordedActivities(): void; /** * Safely check if a file path exists without crashing due to a lack of permissions * * @param {String} filePath File path * @Boolean True if the path exists. False otherwise */ export function safeExistsSync(filePath: string): any; export function safeWriteSync(filePath: any, data: any, options: any): undefined; /** * Safely create a directory without crashing due to a lack of permissions * * @param {String} filePath File path * @param options {Options} mkdir options * @Boolean True if the path exists. False otherwise */ export function safeMkdirSync(filePath: string, options: Options): undefined; export function safeMkdtempSync(prefix: any, options?: undefined): any; export function safeRmSync(filePath: any, options?: undefined): undefined; export function safeUnlinkSync(filePath: any): undefined; export function safeCopyFileSync(src: any, dest: any, mode?: undefined): any; export function safeExtractArchive(sourcePath: any, targetPath: any, extractor: any, kind?: string, options?: undefined): Promise<boolean>; /** * Safe wrapper around spawnSync that enforces permission checks, injects default * options (maxBuffer, encoding, timeout), warns about unsafe Python and pip/uv * invocations, and records every executed command in the commandsExecuted set. * * @param {string} command The executable to spawn * @param {string[]} args Arguments to pass to the command * @param {Object} options Options forwarded to spawnSync (e.g. cwd, env, shell) * @returns {Object} spawnSync result object with status, stdout, stderr, and error fields */ export function safeSpawnSync(command: string, args: string[], options: Object): Object; /** * Determines whether license information should be fetched from remote sources, * based on the FETCH_LICENSE environment variable. * * @returns {boolean} True if the FETCH_LICENSE env var is set to "true" or "1" */ export function shouldFetchLicense(): boolean; /** * Determines whether remote package metadata should be fetched for enrichment. * * @returns {boolean} True when registry metadata enrichment is enabled. */ export function shouldFetchPackageMetadata(): boolean; /** * Determines whether VCS (version control system) information should be fetched * for Go packages, based on the GO_FETCH_VCS environment variable. * * @returns {boolean} True if the GO_FETCH_VCS env var is set to "true" or "1" */ export function shouldFetchVCS(): boolean; /** * Returns the Java executable command to use, resolved in priority order: * JAVA_CMD env var > JAVA_HOME/bin/java > "java". * * @returns {string} Path or name of the Java executable */ export function getJavaCommand(): string; /** * Returns the Python executable command to use, resolved in priority order: * PYTHON_CMD env var > CONDA_PYTHON_EXE env var > "python". * * @returns {string} Path or name of the Python executable */ export function getPythonCommand(): string; /** * Method to check if a given feature flag is enabled. * * @param {Object} cliOptions CLI options * @param {String} feature Feature flag * * @returns {Boolean} True if the feature is enabled */ export function isFeatureEnabled(cliOptions: Object, feature: string): boolean; /** * Method to check if the given project types are allowed by checking against include and exclude types passed from the CLI arguments. * * @param {Array} projectTypes project types to check * @param {Object} options CLI options * @param {Boolean} defaultStatus Default return value if there are no types provided */ export function hasAnyProjectType(projectTypes: any[], options: Object, defaultStatus?: boolean): any; /** * Determine whether the predictive dependency audit should run for the current * CLI invocation. * * OBOM-focused runs (`obom` or explicit `-t os` / OS aliases only) should keep * the direct BOM audit findings but skip the predictive dependency audit. * * @param {object} options CLI options * @param {string} [commandPath] Invoked command path or name * @returns {boolean} True when predictive dependency audit should run */ export function shouldRunPredictiveBomAudit(options: object, commandPath?: string): boolean; /** * Determine the default BOM audit categories for the current CLI invocation. * * OBOM-focused runs should default to the runtime-specific rule pack unless the * user explicitly requests other categories. * * @param {object} options CLI options * @param {string} [commandPath] Invoked command path or name * @returns {string | undefined} Default category string, if any */ export function getDefaultBomAuditCategories(options: object, commandPath?: string): string | undefined; /** * Convenient method to check if the given package manager is allowed. * * @param {String} name Package manager name * @param {Array} conflictingManagers List of package managers * @param {Object} options CLI options * * @returns {Boolean} True if the package manager is allowed */ export function isPackageManagerAllowed(name: string, conflictingManagers: any[], options: Object): boolean; export function isAllowedHttpHost(hostname: any, allowedHostsEnv?: any): boolean; /** * Method to get files matching a pattern * * @param {string} dirPath Root directory for search * @param {string} pattern Glob pattern (eg: *.gradle) * @param {Object} options CLI options * * @returns {Array[string]} List of matched files */ export function getAllFiles(dirPath: string, pattern: string, options?: Object): any; /** * Method to get files matching a pattern * * @param {string} dirPath Root directory for search * @param {string} pattern Glob pattern (eg: *.gradle) * @param {Boolean} includeDot whether hidden files can be included. * @param {Array} ignoreList Directory patterns to ignore * * @returns {Array[string]} List of matched files */ export function getAllFilesWithIgnore(dirPath: string, pattern: string, includeDot: boolean, ignoreList: any[]): any; /** * Return the current timestamp in YYYY-MM-DDTHH:MM:SSZ format. * * @returns {string} ISO formatted timestamp, without milliseconds. */ export function getTimestamp(): string; export function getTmpDir(): any; /** * Method to determine if a license is a valid SPDX license expression * * @param {string} license License string * @returns {boolean} true if the license is a valid SPDX license expression * @see https://spdx.dev/learn/handling-license-info/ **/ export function isSpdxLicenseExpression(license: string): boolean; /** * Convert the array of licenses to a CycloneDX 1.5 compliant license array. * This should return an array containing: * - one or more SPDX license if no expression is present * - the license of the expression if one expression is present * - a unified conditional 'OR' license expression if more than one expression is present * * @param {Array} licenses Array of licenses * @returns {Array} CycloneDX 1.5 compliant license array */ export function adjustLicenseInformation(licenses: any[]): any[]; /** * Performs a lookup + validation of the license specified in the * package. If the license is a valid SPDX license ID, set the 'id' * and url of the license object, otherwise, set the 'name' of the license * object. */ export function getLicenses(pkg: any): any[] | undefined; /** * Method to retrieve known license by known-licenses.json * * @param {String} licenseUrl Repository url * @param {String} pkg Bom ref * @return {Object} Objetct with SPDX license id or license name */ export function getKnownLicense(licenseUrl: string, pkg: string): Object; /** * Tries to find a file containing the license text based on commonly * used naming and content types. If a candidate file is found, add * the text to the license text object and stop. */ export function addLicenseText(pkg: any, l: any, licenseContent: any): void; /** * Read the file from the given path to the license text object and includes * content-type attribute, if not default. Returns the license text object. */ export function readLicenseText(licenseFilepath: any, licenseContentType: any): { content: any; } | null; /** * Fetches license information for a list of Swift packages by querying the * GitHub repository license API for packages hosted on github.com. * * @param {Object[]} pkgList List of Swift package objects with optional repository.url fields * @returns {Promise<Object[]>} Resolved list of package objects, each augmented with a license field where available */ export function getSwiftPackageMetadata(pkgList: Object[]): Promise<Object[]>; /** * Method to retrieve metadata for npm packages by querying npmjs * * @param {Array} pkgList Package list */ export function getNpmMetadata(pkgList: any[]): Promise<any[]>; export function parsePkgJson(pkgJsonFile: any, simple?: boolean, securityProps?: boolean): Promise<any[]>; /** * Parse nodejs package lock file * * @param {string} pkgLockFile package-lock.json file * @param {object} options Command line options */ export function parsePkgLock(pkgLockFile: string, options?: object): Promise<{ pkgList: any; dependenciesList: any; }>; /** * Given a lock file this method would return an Object with the identity as the key and parsed name and value * eg: "@actions/core@^1.2.6", "@actions/core@^1.6.0": * version "1.6.0" * would result in two entries * * @param {string} lockData Yarn Lockfile data */ export function yarnLockToIdentMap(lockData: string): {}; /** * Parse nodejs yarn lock file * * @param {string} yarnLockFile yarn.lock file * @param {Object} parentComponent parent component * @param {Array[String]} workspacePackages Workspace packages * @param {Object} workspaceSrcFiles Workspace package.json files * @param {Object} _workspaceDirectDeps Direct dependencies of each workspace * @param {Object} depsWorkspaceRefs Workspace references for each dependency */ export function parseYarnLock(yarnLockFile: string, parentComponent?: Object, workspacePackages?: any, workspaceSrcFiles?: Object, _workspaceDirectDeps?: Object, depsWorkspaceRefs?: Object): Promise<{ pkgList: any[]; dependenciesList: any[]; }>; /** * Parse nodejs shrinkwrap deps file * * @param {string} swFile shrinkwrap-deps.json file */ export function parseNodeShrinkwrap(swFile: string): Promise<any[]>; /** * Parse pnpm workspace file * * @param {string} workspaceFile pnpm-workspace.yaml * @returns {object} Object containing packages and catalogs */ export function parsePnpmWorkspace(workspaceFile: string): object; /** * Helper function to create a properly encoded workspace PURL * * @param {string} packageName - Package name (e.g., "@babel/core") * @param {string} version - Package version * @returns {string} Encoded PURL string */ export function createNpmWorkspacePurl(packageName: string, version: string): string; /** * Parses the workspaces field from a package.json file and returns the list of * workspace glob patterns. Handles both array and object (with packages key) formats. * * @param {string} packageJsonFile Path to the package.json file to parse * @returns {Object} Object with a packages array of workspace glob patterns, or an empty object on error */ export function parseYarnWorkspace(packageJsonFile: string): Object; /** * Helper function to find a package path in pnpm node_modules structure * * @param {string} baseDir Base directory containing node_modules * @param {string} packageName Package name (with or without scope) * @param {string} version Package version * @returns {string|null} Path to the package directory or null if not found */ export function findPnpmPackagePath(baseDir: string, packageName: string, version: string): string | null; /** * pnpm packages with metadata from local node_modules * * @param {Array} pkgList Package list to enhance * @param {string} lockFilePath Path to the pnpm-lock.yaml file * @returns {Array} Enhanced package list */ export function pnpmMetadata(pkgList: any[], lockFilePath: string): any[]; /** * Parse nodejs pnpm lock file * * @param {string} pnpmLock pnpm-lock.yaml file * @param {Object} parentComponent parent component * @param {Array[String]} workspacePackages Workspace packages * @param {Object} workspaceSrcFiles Workspace package.json files * @param {Object} workspaceCatalogs Workspace catalogs * @param {Object} workspaceDirectDeps Direct dependencies of each workspace * @param {Object} depsWorkspaceRefs Workspace references for each dependency */ export function parsePnpmLock(pnpmLock: string, parentComponent?: Object, workspacePackages?: any, workspaceSrcFiles?: Object, _workspaceCatalogs?: {}, _workspaceDirectDeps?: {}, depsWorkspaceRefs?: Object): Promise<{ pkgList?: undefined; dependenciesList?: undefined; parentSubComponents?: undefined; } | { pkgList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; parentSubComponents: { group: any; name: any; version: any; type: string; purl: string; "bom-ref": string; }[]; }>; /** * Parse bower json file * * @param {string} bowerJsonFile bower.json file */ export function parseBowerJson(bowerJsonFile: string): Promise<any[]>; /** * Parse minified js file * * @param {string} minJsFile min.js file */ export function parseMinJs(minJsFile: string): Promise<any[]>; /** * Parse pom file * * @param {string} pomFile pom file to parse * @returns {Object} Object containing pom properties, modules, and array of dependencies */ export function parsePom(pomFile: string): Object; /** * Parse maven tree output * @param {string} rawOutput Raw string output * @param {string} pomFile .pom file for evidence * * @returns {Object} Object containing packages and dependencies */ export function parseMavenTree(rawOutput: string, pomFile: string): Object; /** * Parse mill dependencies from file * * @param {string} module name of the module * @param {map} dependencies the parsed dependencies * @param {map} relations a map containing all relations * @param {string} millRootPath root of the project * * @returns the bom-ref of the module */ export function parseMillDependency(module: string, dependencies: map, relations: map, millRootPath: string): any; /** * Parse gradle dependencies output * @param {string} rawOutput Raw string output * @param {string} rootProjectName Root project name * @param {map} gradleModules Cache with all gradle modules that have already been read * @param {string} gradleRootPath Root path where Gradle is to be run when getting module information */ export function parseGradleDep(rawOutput: string, rootProjectName?: string, gradleModules?: map, gradleRootPath?: string): Promise<{ pkgList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; } | { pkgList?: undefined; dependenciesList?: undefined; }>; /** * Parse clojure cli dependencies output * @param {string} rawOutput Raw string output */ export function parseCljDep(rawOutput: string): any[]; /** * Parse lein dependency tree output * @param {string} rawOutput Raw string output */ export function parseLeinDep(rawOutput: string): Object[]; /** * Recursively walks a parsed EDN map node produced by the Leiningen dependency * tree and collects unique dependency entries into the deps array. * * @param {Object} node Parsed EDN node (expected to have a "map" property) * @param {Object} keys_cache Cache object used to deduplicate entries by group-name-version key * @param {Object[]} deps Accumulator array of dependency objects with group, name, and version fields * @returns {Object[]} The populated deps array */ export function parseLeinMap(node: Object, keys_cache: Object, deps: Object[]): Object[]; /** * Parse gradle projects output * * @param {string} rawOutput Raw string output */ export function parseGradleProjects(rawOutput: string): { rootProject: string; projects: any[]; }; /** * Parse gradle properties output * * @param {string} rawOutput Raw string output * @param {string} gradleModuleName The name (or 'path') of the module as seen from the root of the project */ export function parseGradleProperties(rawOutput: string, gradleModuleName?: string): { rootProject: string; projects: any[]; metadata: { group: string; version: string; properties: never[]; }; }; /** * Execute gradle properties command using multi-threading and return parsed output * * @param {string} dir Directory to execute the command * @param {array} allProjectsStr List of all sub-projects (including the preceding `:`) * @param {array} extraArgs List of extra arguments to use when calling gradle * * @returns {string} The combined output for all subprojects of the Gradle properties task */ export function executeParallelGradleProperties(dir: string, allProjectsStr: array, extraArgs?: array): string; /** * Parse bazel action graph output * @param {string} rawOutput Raw string output */ export function parseBazelActionGraph(rawOutput: string): any[]; /** * Parse bazel skyframe state output * @param {string} rawOutput Raw string output */ export function parseBazelSkyframe(rawOutput: string): any[]; /** * Parse bazel BUILD file * @param {string} rawOutput Raw string output */ export function parseBazelBuild(rawOutput: string): any[]; /** * Parse dependencies in Key:Value format */ export function parseKVDep(rawOutput: any): any[]; /** * Method to find the spdx license id from name * * @param {string} name License full name */ export function findLicenseId(name: string): any; /** * Method to guess the spdx license id from license contents * * @param {string} content License file contents */ export function guessLicenseId(content: string): any; /** * Method to retrieve metadata for maven packages by querying maven central * * @param {Array} pkgList Package list * @param {Object} jarNSMapping Jar Namespace mapping object * @param {Boolean} force Force fetching of license * * @returns {Array} Updated package list */ export function getMvnMetadata(pkgList: any[], jarNSMapping?: Object, force?: boolean): any[]; /** * Method to compose URL of pom.xml * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {String} fullUrl */ export function composePomXmlUrl({ urlPrefix, group, name, version }: string): string; /** * Method to fetch pom.xml data and parse it to JSON * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {Object|undefined} */ export function fetchPomXmlAsJson({ urlPrefix, group, name, version }: string): Object | undefined; /** * Method to fetch pom.xml data * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {Promise<String>} */ export function fetchPomXml({ urlPrefix, group, name, version }: string): Promise<string>; /** * Method extract single or multiple license entries that might appear in pom.xml * * @param {Object|Array} license */ export function parseLicenseEntryOrArrayFromPomXml(license: Object | any[]): any[] | undefined; /** * Method to parse pom.xml in search of a comment containing license text * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {Promise<String>} License ID */ export function extractLicenseCommentFromPomXml({ urlPrefix, group, name, version, }: string): Promise<string>; /** * Method to parse python requires_dist attribute found in pypi setup.py * * @param {String} dist_string string */ export function parsePyRequiresDist(dist_string: string): { name: string; version: string; } | undefined; /** * Method to mimic pip version solver using node-semver * * @param {Array} versionsList List of version numbers available * @param {*} versionSpecifiers pip version specifier */ export function guessPypiMatchingVersion(versionsList: any[], versionSpecifiers: any): any; /** * Method to retrieve metadata for python packages by querying pypi * * @param {Array} pkgList Package list * @param {Boolean} fetchDepsInfo Fetch dependencies info from pypi */ export function getPyMetadata(pkgList: any[], fetchDepsInfo: boolean): Promise<any[]>; /** * Method to parse bdist_wheel metadata (dist-info/METADATA) * * @param {string} mDataFile bdist_wheel metadata file * @param {string} rawMetadata Raw metadata * */ export function parseBdistMetadata(mDataFile: string, rawMetadata?: string): { name: string; version: string; description: string; author: string; licenses: never[]; externalReferences: never[]; properties: never[]; }[]; /** * Method to parse pipfile.lock data * * @param {Object} lockData JSON data from Pipfile.lock */ export function parsePiplockData(lockData: Object): Promise<any[]>; /** * Method to parse python pyproject.toml file * * @param {string} tomlFile pyproject.toml file * @returns {Object} Object with parent component, root dependencies, and metadata. */ export function parsePyProjectTomlFile(tomlFile: string): Object; /** * Method to parse python lock files such as poetry.lock, pdm.lock, uv.lock, and pylock.toml. * * @param {string} lockData Raw TOML text from poetry.lock, pdm.lock, uv.lock, or pylock.toml * @param {string} lockFile Lock file name for evidence * @param {string} pyProjectFile pyproject.toml file */ export function parsePyLockData(lockData: string, lockFile: string, pyProjectFile: string): Promise<{ pkgList: any[]; dependenciesList: any[]; parentComponent?: undefined; rootList?: undefined; pyLockProperties?: undefined; workspaceWarningShown?: undefined; } | { parentComponent: any; pkgList: any[]; rootList: { name: any; version: any; description: any; properties: never[]; }[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; pyLockProperties: any[]; workspaceWarningShown: boolean; }>; /** * Method to parse requirements.txt file. This must be replaced with atom parsedeps. * * @param {String} reqFile Requirements.txt file * @param {Boolean} fetchDepsInfo Fetch dependencies info from pypi * * @returns {Promise[Array<Object>]} List of direct dependencies from the requirements file */ export function parseReqFile(reqFile: string, fetchDepsInfo?: boolean): any; /** * Parse environment markers into structured format * * @param {String} markersStr Raw markers string * @returns {Array<Object>} Structured markers array */ export function parseReqEnvMarkers(markersStr: string): Array<Object>; /** * Method to find python modules by parsing the imports and then checking with PyPI to obtain the latest version * * @param {string} src directory * @param {Array} epkgList Existing package list * @param {Object} options CLI options * @returns List of packages */ export function getPyModules(src: string, epkgList: any[], options: Object): Promise<{ allImports: {}; pkgList: any; dependenciesList: { ref: string; dependsOn: never[]; }[]; modList: any; }>; /** * Method to parse setup.py data * * @param {Object} setupPyData Contents of setup.py */ export function parseSetupPyFile(setupPyData: Object): Promise<Object[]>; /** * Method to parse pixi.lock data * * @param {String} pixiLockFileName pixi.lock file name * @param {String} path File path */ export function parsePixiLockFile(pixiLockFileName: string, path: string): { pkgList: any; formulationList: any[]; rootList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; frozen: boolean; }; /** * Method to parse pixi.toml file * * @param {String} pixiToml */ export function parsePixiTomlFile(pixiToml: string): { description: any; name: any; version: any; homepage: any; repository: any; }; /** * Method to construct a GitHub API url for the given repo metadata * @param {Object} repoMetadata Repo metadata with group and name * @return {String|undefined} github api url (or undefined - if not enough data) */ export function repoMetadataToGitHubApiUrl(repoMetadata: Object): string | undefined; /** * Method to run cli command `pixi install` * * */ export function generatePixiLockFile(_path: any): void; /** * Method to split GitHub url into its parts * @param {String} repoUrl Repository url * @return {[String]} parts from url */ export function getGithubUrlParts(repoUrl: string): [string]; /** * Method to construct GitHub api url from repo metadata or one of multiple formats of repo URLs * @param {String} repoUrl Repository url * @param {Object} repoMetadata Object containing group and package name strings * @return {String|undefined} github api url (or undefined - if not a GitHub repo) */ export function toGitHubApiUrl(repoUrl: string, repoMetadata: Object): string | undefined; /** * Method to retrieve repo license by querying github api * * @param {String} repoUrl Repository url * @param {Object} repoMetadata Object containing group and package name strings * @return {Promise<String>} SPDX license id */ export function getRepoLicense(repoUrl: string, repoMetadata: Object): Promise<string>; /** * Method to get go pkg license from go.dev site. * * @param {Object} repoMetadata Repo metadata */ export function getGoPkgLicense(repoMetadata: Object): Promise<any>; /** * Builds a Go package component object containing purl, bom-ref, integrity hash, * and optionally license and VCS external reference information. * * @param {string} group Package group (module path prefix, may be empty) * @param {string} name Package name (full module path when group is empty) * @param {string} version Package version string * @param {string} hash Integrity hash (e.g. "sha256-…"), used as _integrity * @returns {Promise<Object>} Component object ready for inclusion in a BOM package list */ export function getGoPkgComponent(group: string, name: string, version: string, hash: string): Promise<Object>; /** * Method to parse go.mod files * * @param {String} goModData Contents of go.mod file * @param {Object} gosumMap Data from go.sum files * * @returns {Object} Object containing parent component, rootList and packages list */ export function parseGoModData(goModData: string, gosumMap: Object): Object; /** * Parses a Go modules text file (e.g. vendor/modules.txt) and returns a list of * Go package components. Cross-references the go.sum map for integrity hashes and * sets scope and confidence based on hash availability. * * @param {string} txtFile Path to the modules.txt file * @param {Object} gosumMap Map of "module@version" keys to sha256 hash values from go.sum * @returns {Promise<Object[]>} List of Go package component objects with evidence */ export function parseGoModulesTxt(txtFile: string, gosumMap: Object): Promise<Object[]>; /** * Parse go list output * * @param {string} rawOutput Output from go list invocation * @param {Object} gosumMap go.sum data * @returns Object with parent component and List of packages */ export function parseGoListDep(rawOutput: string, gosumMap: Object): Promise<{ parentComponent: {}; pkgList: Object[]; }>; /** * Parse go mod graph * * @param {string} rawOutput Output from go mod graph invocation * @param {string} goModFile go.mod file * @param {Object} gosumMap Hashes from gosum for lookups * @param {Array} epkgList Existing package list * @param {Object} parentComponent Current parent component * * @returns Object containing List of packages and dependencies */ export function parseGoModGraph(rawOutput: string, goModFile: string, gosumMap: Object, epkgList?: any[], parentComponent?: Object): Promise<{ pkgList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; parentComponent: any; rootList: any; }>; /** * Parse go mod why output. * * @param {string} rawOutput Output from go mod why * @returns {string|undefined} package name or none */ export function parseGoModWhy(rawOutput: string): string | undefined; /** * Parse go sum data * @param {string} gosumData Content of go.sum * @returns package list */ export function parseGosumData(gosumData: string): Promise<any[]>; /** * Parses the contents of a Gopkg.lock or Gopkg.toml file (dep tool format) and * returns a list of Go package components. Optionally fetches license information * for each package when FETCH_LICENSE is enabled. * * @param {string} gopkgData Raw string contents of the Gopkg lock/toml file * @returns {Promise<Object[]>} List of Go package component objects */ export function parseGopkgData(gopkgData: string): Promise<Object[]>; /** * Parses the output of `go version -m` (build info) and returns a list of Go * package components for each "dep" line, including name, version, and integrity hash. * * @param {string} buildInfoData Raw string output from `go version -m` * @returns {Promise<Object[]>} List of Go package component objects */ export function parseGoVersionData(buildInfoData: string): Promise<Object[]>; /** * Method to query rubygems api for gems details * * @param {Array} pkgList List of packages with metadata */ export function getRubyGemsMetadata(pkgList: any[]): Promise<any[]>; /** * Utility method to convert a gem package name to a CamelCased module name. Low accuracy. * * @param name Package name */ export function toGemModuleNames(name: any): string[]; /** * Collect all namespaces for a given gem present at the given gemHome * * @param {String} rubyCommand Ruby command to use if bundle is not available * @param {String} bundleCommand Bundle command to use * @param {String} gemHome Value to use as GEM_HOME env variable * @param {String} gemName Name of the gem * @param {String} filePath File path to the directory containing the Gemfile or .bundle directory * * @returns {Array<string>} List of module names */ export function collectGemModuleNames(rubyCommand: string, bundleCommand: string, gemHome: string, gemName: string, filePath: string): Array<string>; /** * Method to parse Gemspec file contents * * @param {string} gemspecData Gemspec data * @param {string} gemspecFile File name for evidence. */ export function parseGemspecData(gemspecData: string, gemspecFile: string): Promise<any[]>; /** * Method to parse Gemfile.lock * * @param {object} gemLockData Gemfile.lock data * @param {string} lockFile Lock file */ export function parseGemfileLockData(gemLockData: object, lockFile: string): Promise<any[] | { pkgList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; rootList: any[]; }>; /** * Method to retrieve metadata for rust packages by querying crates * * @param {Array} pkgList Package list */ export function getCratesMetadata(pkgList: any[]): Promise<any[]>; /** * Method to retrieve metadata for dart packages by querying pub.dev * * @param {Array} pkgList Package list */ export function getDartMetadata(pkgList: any[]): Promise<any[]>; /** * Method to parse cargo.toml data * * The component described by a [package] section will be put at the front of * the list, regardless of if [package] appears before or after * [dependencies]. Found dependencies will be placed at the back of the * list. * * The Cargo documentation specifies that the [package] section should appear * first as a convention, but it is not enforced. * https://doc.rust-lang.org/stable/style-guide/cargo.html#formatting-conventions * * @param {String} cargoTomlFile cargo.toml file * @param {boolean} simple Return a simpler representation of the component by skipping extended attributes and license fetch. * @param {Object} pkgFilesMap Object with package name and list of files * * @returns {Array} Package list */ export function parseCargoTomlData(cargoTomlFile: string, simple?: boolean, pkgFilesMap?: Object, context?: {}): any[]; /** * Parse a Cargo.lock file to find components within the Rust project. * * @param {String} cargoLockFile A path to a Cargo.lock file. The Cargo.lock-file path may be used as information for extended attributes, such as manifest based evidence. * @param {boolean} simple Return a simpler representation of the component by skipping extended attributes and license fetch. * @param {Object} pkgFilesMap Object with package name and list of files * * @returns {Array} A list of the project's components as described by the Cargo.lock-file. */ export function parseCargoData(cargoLockFile: string, simple?: boolean, pkgFilesMap?: Object): any[]; /** * Build a Cargo dependency graph from manifest relationships so workspace roots * and member-to-member links can complement lockfile-derived dependency data. * * @param {string} cargoTomlFile Cargo.toml path * @param {object} [context] manifest graph context * @returns {object[]} Cargo dependency relationships */ export function parseCargoManifestDependencyData(cargoTomlFile: string, context?: object): object[]; /** * Parses a Cargo.lock file's TOML data and returns a flat dependency graph as an * array of objects mapping each package purl to the purls it directly depends on. * * @param {string} cargoLockData Raw TOML string contents of a Cargo.lock file * @returns {Object[]} Array of dependency relationship objects with ref and dependsOn fields */ export function parseCargoDependencyData(cargoLockData: string): Object[]; /** * Parses tab-separated cargo-auditable binary metadata output and returns a list * of Rust package components. Optionally fetches crates.io metadata when * FETCH_LICENSE is enabled. * * @param {string} cargoData Tab-separated string output from cargo-auditable or similar tool * @returns {Promise<Object[]>} List of Rust package component objects with group, name, and version */ export function parseCargoAuditableData(cargoData: string): Promise<Object[]>; /** * Method to parse pubspec.lock files. * * @param pubLockData Contents of lock data * @param lockFile Filename for setting evidence * * @returns {Object} */ export function parsePubLockData(pubLockData: any, lockFile: any): Object; /** * Parses a Dart pub package's pubspec.yaml content and returns a list containing * a single component object with name, description, version, homepage, and purl. * * @param {string} pubYamlData Raw YAML string contents of a pubspec.yaml file * @returns {Object[]} List containing a single Dart package component object */ export function parsePubYamlData(pubYamlData: string): Object[]; /** * Parses Helm chart YAML data (Chart.yaml or repository index.yaml) and returns * a list of Helm chart component objects including the chart itself and any * declared dependencies or index entries. * * @param {string} helmData Raw YAML string contents of a Helm Chart.yaml or index.yaml file * @returns {Object[]} List of Helm chart component objects with name, version, and optional homepage/repository */ export function parseHelmYamlData(helmData: string): Object[]; /** * Recursively walks a parsed YAML/JSON object structure to find container image * references stored under common keys (image, repository, dockerImage, etc.) and * appends discovered image and service entries to pkgList while tracking seen * images in imgList to avoid duplicates. * * @param {Object|Array|string} keyValueObj The object, array, or string node to inspect * @param {Object[]} pkgList Accumulator array that receives {image} and {service} entries * @param {string[]} imgList Accumulator array of image name strings already seen * @returns {string[]} The updated imgList */ export function recurseImageNameLookup(keyValueObj: Object | any[] | string, pkgList: Object[], imgList: string[]): string[]; /** * Parses the contents of a Dockerfile or Containerfile and returns a list of * base image objects referenced by FROM instructions, substituting ARG default * values where possible and skipping multi-stage build alias references. * * @param {string} fileContents Raw string contents of the Dockerfile/Containerfile * @returns {Object[]} Array of objects with an image property for each unique base image */ export function parseContainerFile(fileContents: string): Object[]; /** * Parses a Bitbucket Pipelines YAML file and extracts all Docker image references * used as build environments and pipe references (docker:// pipes are normalized). * * @param {string} fileContents Raw string contents of the bitbucket-pipelines.yml file * @returns {Object[]} Array of objects with an image property for each referenced image or pipe */ export function parseBitbucketPipelinesFile(fileContents: string): Object[]; /** * Parses container specification data such as Docker Compose files, Kubernetes * manifests, Tekton tasks, Skaffold configs, or Kustomize overlays (YAML, possibly * multi-document) and returns a list of image, service, and OCI spec entries. * * @param {string} dcData Raw YAML string contents of the container spec file * @returns {Object[]} Array of objects with image, service, or ociSpec properties */ export function parseContainerSpecData(dcData: string): Object[]; /** * Identifies the data flow direction of a Privado processing object based on its * sinkId value: "write" sinks map to "inbound", "read" sinks to "outbound", and * HTTP/gRPC sinks to "bi-directional". * * @param {Object} processingObj Privado processing object, expected to have a sinkId property * @returns {string} Flow direction string: "inbound", "outbound", "bi-directional", or "unknown" */ export function identifyFlow(processingObj: Object): string; /** * Parses a Privado data flow JSON file and returns a list of service objects * enriched with data classifications, endpoints, trust-boundary flag, violations, * and git metadata properties extracted from the scan result. * * @param {string} f Path to the Privado scan result JSON file * @returns {Object[]} List of service component objects suitable for a SaaSBOM */ export function parsePrivadoFile(f: string): Object[]; /** * Parses an OpenAPI specification (JSON or YAML string) and returns a list * containing a single service object with name, version, endpoints, and * authentication flag derived from the spec's info, servers, paths, and * securitySchemes sections. * * @param {string} oaData Raw JSON or YAML string contents of an OpenAPI specification * @returns {Object[]} List containing a single service component object */ export function parseOpenapiSpecData(oaData: string): Object[]; /** * Parses Haskell Cabal freeze file content and extracts package name and version * pairs from constraint lines (lines containing " =="). * * @param {string} cabalData Raw string contents of a Cabal freeze file * @returns {Object[]} List of package objects with name and version fields */ export function parseCabalData(cabalData: string): Object[]; /** * Parses an Elixir mix.lock file and extracts Hex package name and version pairs * from lines containing ":hex". * * @param {string} mixData Raw string contents of a mix.lock file * @returns {Object[]} List of package objects with name and version fields */ export function parseMixLockData(mixData: string): Object[]; /** * Parses a GitHub Actions workflow YAML file and returns a list of action * components for each step that uses an external action (steps with a "uses" * field). Each component captures the action name, group, version/commit SHA, * version pinning type, job context (runner, permissions, environment), and * workflow-level metadata (triggers, concurrency, write permissions). * * @param {string} f Path to the GitHub Actions workflow YAML file * @returns {Object[]} List of action component objects with purl, properties, and evidence */ export function parseGitHubWorkflowData(f: string): Object[]; /** * Parse Google Cloud Build YAML data and extract container image steps as packages. * * @param {string} cbwData Raw YAML string of a Cloud Build configuration file * @returns {Object[]} Array of package objects parsed from the build steps */ export function parseCloudBuildData(cbwData: string): Object[]; /** * Map a Conan package reference string to a PackageURL string, name, and version. * * Parses a full Conan package reference of the form * `name/version@user/channel#recipe_revision:package_id#package_revision` * and returns the equivalent purl string together with the extracted name and version. * * @param {string} conanPkgRef Conan package reference string * @returns {Array} Tuple of [purlString, name, version], or [null, null, null] on parse failure */ export function mapConanPkgRefToPurlStringAndNameAndVersion(conanPkgRef: string): any[]; /** * Parse Conan lock file data (conan.lock) and return the package list, dependency map, * and parent component dependencies. * * Supports both the legacy `graph_lock.nodes` format (Conan 1.x) and the newer * `requires` format (Conan 2.x). * * @param {string} conanLockData Raw JSON string of the Conan lock file * @returns {{ pkgList: Object[], dependencies: Object, parentComponentDependencies: string[] }} */ export function parseConanLockData(conanLockData: string): { pkgList: Object[]; dependencies: Object; parentComponentDependencies: string[]; }; /** * Parse a Conan conanfile.txt and extract required and optional packages. * * @param {string} conanData Raw text contents of a conanfile.txt * @returns {Object[]} Array of package objects with purl, name, version, and scope */ export function parseConanData(conanData: string): Object[]; /** * Parse Collider lock file data (collider.lock) and return the package list and * parent component dependencies. * * @param {string} colliderLockData Raw JSON string of the Collider lock file * @param {string} lockFile Source lock file path * @returns {{ pkgList: Object[], dependencies: Object, parentComponentDependencies: string[] }} */ export function parseColliderLockData(colliderLockData: string, lockFile: string): { pkgList: Object[]; dependencies: Object; parentComponentDependencies: string[]; }; /** * Parse Leiningen project.clj data and extract dependency packages. * * @param {string} leinData Raw text contents of a Leiningen project.clj file * @returns {Object[]} Array of package objects with group, name, and version */ export function parseLeiningenData(leinData: string): Object[]; /** * Parse EDN (Extensible Data Notation) deps.edn data and extract dependency packages. * * Handles Clojure deps.edn files, extracting packages listed under the `:deps` key. * * @param {string} rawEdnData Raw EDN text contents of a deps.edn file * @returns {Object[]} Array of package objects with group, name, and version */ export function parseEdnData(rawEdnData: string): Object[]; /** * Method to parse .nupkg files * * @param {String} nupkgFile .nupkg file * @returns {Object} Object containing package list and dependencies */ export function parseNupkg(nupkgFile: string): Object; /** * Method to parse flake.nix files * * @param {String} flakeNixFile flake.nix file to parse * @returns {Object} Object containing package information */ export function parseFlakeNix(flakeNixFile: string): Object; /** * Method to parse flake.lock files * * @param {String} flakeLockFile flake.lock file to parse * @returns {Object} Object containing locked dependency information */ export function parseFlakeLock(flakeLockFile: string): Object; /** * Method to parse .nuspec files * * @param {String} nupkgFile .nupkg file * @param {String} nuspecData Raw nuspec data * @returns {Object} Object containing package list and dependencies */ export function parseNuspecData(nupkgFile: string, nuspecData: string): Object; /** * Parse a C# packages.config XML file and return a list of NuGet package components. * * @param {string} pkgData Raw XML string of a packages.config file * @param {string} pkgFile Path to the packages.config file, used for evidence properties * @returns {Object[]} Array of NuGet package objects with purl, name, and version */ export function parseCsPkgData(pkgData: string, pkgFile: string): Object[]; /** * Method to find all text nodes in PropertyGroup elements in .props files. * * @param {String} propsFiles .props files in this project * * @returns {Object} Containing text nodes from PropertyGroup elements and their values */ export function getPropertyGroupTextNodes(propsFiles: string): Object; /** * Method to parse .csproj like xml files * * @param {String} csProjData Raw data * @param {String} projFile File name * @param {Object} pkgNameVersions Package name - version map object * * @returns {Object} Containing parent component, package, and dependencies */ export function parseCsProjData(csProjData: string, projFile: string, pkgNameVersions?: Object, msbuildInstalled?: boolean, pkgVersionLabelCandidates?: {}): Object; /** * Parse a .NET project.assets.json file and return the package list and dependency tree. * * Extracts NuGet packages and their transitive dependency relationships from the * `libraries` and `targets` sections of a project.assets.json file produced by * the .NET restore process. * * @param {string} csProjData Raw JSON string of the project.assets.json file * @param {string} assetsJsonFile Path to the project.assets.json file, used for evidence properties * @returns {{ pkgList: Object[], dependenciesList: Object[] }} */ export function parseCsProjAssetsData(csProjData: string, assetsJsonFile: string): { pkgList: Object[]; dependenciesList: Object[]; }; /** * Parse a .NET packages.lock.json file and return the package list, dependency tree, * and list of direct/root dependencies. * * @param {string} csLockData Raw JSON string of the packages.lock.json file * @param {string} pkgLockFile Path to the packages.lock.json file, used for evidence properties * @returns {{ pkgList: Object[], dependenciesList: Object[], rootList: Object[] }} */ export function parseCsPkgLockData(csLockData: string, pkgLockFile: string): { pkgList: Object[]; dependenciesList: Object[]; rootList: Object[]; }; /** * Parse a Paket dependency manager lock file (paket.lock) and return the package list * and dependency tree. * * @param {string} paketLockData Raw text contents of the paket.lock file * @param {string} pkgLockFile Path to the paket.lock file, used for evidence properties * @returns {{ pkgList: Object[], dependenciesList: Object[] }} */ export function parsePaketLockData(paketLockData: string, pkgLockFile: string): { pkgList: Object[]; dependenciesList: Object[]; }; /** * Parse composer.json file * * @param {string} composerJsonFile composer.json file * * @returns {Object} Object with rootRequires and parent component */ export function parseComposerJson(composerJsonFile: string): Object; /** * Parse composer lock file * * @param {string} pkgLockFile composer.lock file * @param {array} rootRequires require section from composer.json */ export function parseComposerLock(pkgLockFile: string, rootRequires: array): never[] | { pkgList: { group: any; name: any; purl: string; "bom-ref": string; version: any; repository: any; license: any; description: any; scope: string; properties: { name: string; value: string; }[]; evidence: { identity: { field: string; confidence: number; methods: { technique: string; confidence: number; value: string; }[]; }; }; }[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; rootList: { group: any; name: any; purl: string; "bom-ref": string; version: any; repository: any; license: any; description: any; scope: string; properties: { name: string; value: string; }[]; evidence: { identity: { field: string; confidence: number; methods: { technique: string; confidence: number; value: string; }[]; }; }; }[]; }; /** * Parse an sbt dependency tree output file and return the package list and dependency tree. * * Reads a file produced by the sbt `dependencyTree` command and extracts Maven artifact * coordinates