UNPKG

@dev-build-deploy/reuse-it

Version:

(ReUSE) Copyright and License management library

github.com/dev-build-deploy/reuse-it

dev-build-deploy/reuse-it

80 lines (79 loc) 2.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
"use strict"; /* SPDX-FileCopyrightText: 2023 Kevin de Jong <monkaii@hotmail.com> SPDX-License-Identifier: MIT */ Object.defineProperty(exports, "__esModule", { value: true }); exports.SoftwareBillOfMaterials = void 0; const file_1 = require("./file"); /** * SPDX Software Bill of Materials (SBOM) * * By default the following values are set: * - SPDX ID: SPDXRef-DOCUMENT * - SPDX Version: SPDX-2.3 * - Document Namespace: http://spdx.org/spdxdocs/spdx-v2.3-45eae250-b782-46dd-9723-62ec3bed2a7c * - Data License: CC0-1.0 * * @class SoftwareBillOfMaterials * @member SPDXID The SPDX ID of the element * @member spdxVersion The SPDX version * @member name The name of the SBOM * @member documentNamespace The namespace of the SBOM * @member dataLicense The license of the SBOM itself * @member creationInfo The creation information of the SBOM * @member relationships The relationships between the document and its elements * @member files The files associated with thethe SBOM * @see https://spdx.github.io/spdx-spec/2-document-creation-information/ * @see https://spdx.github.io/spdx-spec/3-relationships-between-SPDX-elements/ */ class SoftwareBillOfMaterials { constructor(name, tool) { this.SPDXID = "SPDXRef-DOCUMENT"; this.spdxVersion = "SPDX-2.3"; this.documentNamespace = "http://spdx.org/spdxdocs/spdx-v2.3-45eae250-b782-46dd-9723-62ec3bed2a7c"; this.dataLicense = "CC0-1.0"; this.relationships = []; this.files = []; this.name = name; this.creationInfo = { comment: `Generated by ${tool}`, created: new Date().toISOString(), creators: [`Tool: ${tool}`] }; } /** * Adds a file to the SBOM. * Additionally, this will create a DESCRIBES relationship between the SBOM and the file. * * NOTE: This will ignore any .license or dep5 files by default. * * @param file The file to add */ async addFile(file) { // Ignore any .license, Debian Copyright or LICENSE files by default if (file.endsWith(".license") || file.endsWith(".reuse/dep5") || file.includes("LICENSES/")) { return; } const spdxFile = await file_1.SpdxFile.fromFile(file); this.files.push(spdxFile); this.relationships.push({ spdxElementId: this.SPDXID, relationshipType: "DESCRIBES", relatedSpdxElement: spdxFile.SPDXID }); } /** * Adds multiple files in bulk to the SBOM. * * @param files List of files to add */ async addFiles(files) { const promises = []; files.forEach(file => { promises.push(this.addFile(file)); }); await Promise.all(promises); } } exports.SoftwareBillOfMaterials = SoftwareBillOfMaterials;