fix!: align CycloneDX SBOM component names with SPDX (#9284) · npm/cli@faf7348 · GitHub
Skip to content

Commit faf7348

Browse files
cyphercodescyphercodes
authored
fix!: align CycloneDX SBOM component names with SPDX (#9284)
BREAKING CHANGE: `npm sbom --sbom-format=cyclonedx` now reports the `name` field from each package's `package.json` instead of the on-disk directory name. The `name`, `bom-ref`, and `purl` of the root component and of aliased dependencies may change. fixes: #9178 --------- Co-authored-by: cyphercodes <cyphercodes@users.noreply.github.com>
1 parent e20424b commit faf7348

3 files changed

Lines changed: 16 additions & 3 deletions

File tree

lib/utils/sbom-cyclonedx.js

Lines changed: 1 addition & 1 deletion

tap-snapshots/test/lib/commands/sbom.js.test.cjs

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -255,7 +255,7 @@ exports[`test/lib/commands/sbom.js TAP sbom basic sbom - cyclonedx > must match
255255
"component": {
256256
"bom-ref": "test-npm-sbom@1.0.0",
257257
"type": "application",
258-
"name": "prefix",
258+
"name": "test-npm-sbom",
259259
"version": "1.0.0",
260260
"scope": "required",
261261
"purl": "pkg:npm/test-npm-sbom@1.0.0",
@@ -457,7 +457,7 @@ exports[`test/lib/commands/sbom.js TAP sbom duplicate deps - cyclonedx > must ma
457457
"component": {
458458
"bom-ref": "test-npm-sbom@1.0.0",
459459
"type": "library",
460-
"name": "prefix",
460+
"name": "test-npm-sbom",
461461
"version": "1.0.0",
462462
"scope": "required",
463463
"purl": "pkg:npm/test-npm-sbom@1.0.0",

test/lib/utils/sbom-cyclonedx.js

Lines changed: 13 additions & 0 deletions

0 commit comments

Comments
 (0)