UNPKG

pnpm-cdx

Version:

Generate a CycloneDX SBOM from a PNPM Node.js project.

github.com/benbenbenbenbenben/pnpm-cdx

benbenbenbenbenben/pnpm-cdx

54 lines (41 loc) 1.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# pnpm-cdx Generate a CycloneDX SBOM from a PNPM Node.js project. > ⚠️ pnpm-cdx is alpha, it generate license reports for GitLab CI. CycloneDX format is work in progress. ⚠️ # Installing The pnpm-cdx package includes both a CLI and a library with commonjs and esm entrypoints. Installation is as you would expect: **With pnpm:** ```bash pnpm add pnpm-cdx ``` **With yarn:** ```bash yarn add pnpm-cdx ``` **With npm:** ```bash npm i pnpm-cdx ``` ## Using in CI Typically in CI scenarios, you may prefer to install pnpm-cdx globally with your package managers global flag (usually `-g`), as in this contrived example adapted from this repository's [Earthly](https://earthly.dev/) [Earthfile](/Earthfile): ```earthly validate: FROM node:16-bullseye WORKDIR /app RUN npm i pnpm-cdx -g RUN pnpm-cdx gitlab -o gl-license-report.json SAVE ARTIFACT gl-license-report.json ``` # Usage ```typescript import { analyseProject } from "pnpm-cdx"; (async () => { // analyze *this* project const analysis = await analyseProject(".") // generate gitlab compatible license report const report = await analysis.generateReport({ format: "gitlab-license-report-2.1", }) // pretty print the report console.log(JSON.stringify(report, null, 2)) })() ```