Skip to content

Commit 397ab83

Browse files
jkowalleckjkowalleck
authored
v10.0.0 (#1376)
* **BREAKING** changes * Removed deprecated symbols * Removed PackageUrl factories * No longer use external standards' implementations directly * Removed * Entrypoint `Builders` (via [#1377]) * Entrypoint `Factories` (via [#1377]) * Entrypoint `Utils` (via [#1377]) * Entrypoint `Contrib/PackageUrl` (via [#1378]) * Deprecated symbol `Builders` ([#1346] via [#1377]) * Deprecated symbol `Builders.FromNodePackageJson` ([#1346] via [#1377]) * Deprecated symbol `Builders.FromNodePackageJson.ToolBuilder` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Builders.ToolBuilder` instead. * Deprecated symbol `Builders.FromNodePackageJson.ComponentBuilder` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Builders.ComponentBuilder` instead. * Deprecated symbol `Factories` ([#1346] via [#1377]) * Deprecated symbol `Factories.FromNodePackageJson` ([#1346] via [#1377]) * Deprecated symbol `Factories.FromNodePackageJson.ExternalReferenceFactory` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory` instead. * Deprecated symbol `Factories.FromNodePackageJson.PackageUrlFactory` ([#1346] via [#1377]) Use `packageurl-js` downstream. * Deprecated symbol `Factories.LicenseFactory` ([#1346], [#1348] via [#1377], [#1378]) Use `Contrib.License.Factories.LicenseFactory` instead. * Deprecated symbol `Factories.PackageUrlFactory` ([#1346] via [#1377]) Use `packageurl-js` downstream. * Deprecated symbol `Types.NodePackageJson` ([#1346], [#1348] via [#1377], [#1378]) Use `Contrib.FromNodePackageJson.Types.NodePackageJson` instead. * Deprecated symbol `Types.assertNodePackageJson` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Types.assertNodePackageJson` instead. * Deprecated symbol `Types.isNodePackageJson` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Types.isNodePackageJson` instead. * Deprecated symbol `Utils` ([#1346] via [#1377]) * Deprecated symbol `Utils.BomUtility` ([#1346] via [#1377]) * Deprecated symbol `Utils.BomUtility.randomSerialNumber` ([#1346] via [#1377]) Use `Contrib.Bom.Utils.randomSerialNumber` instead. * Deprecated symbol `Utils.LicenseUtility` ([#1346] via [#1377]) * Deprecated symbol `Utils.LicenseUtility.FsUtils` ([#1346] via [#1377]) Use `Contrib.License.Utils.FsUtils` instead. * Deprecated symbol `Utils.LicenseUtility.PathUtils` ([#1346] via [#1377]) * Use `Contrib.License.Utils.PathUtils` instead. * Deprecated symbol `Utils.LicenseUtility.FileAttachment` ([#1346] via [#1377]) Use `Contrib.License.Utils.FileAttachment` instead. * Deprecated symbol `Utils.LicenseUtility.ErrorReporter` ([#1346] via [#1377]) Use `Contrib.License.Utils.ErrorReporter` instead. * Deprecated symbol `Utils.LicenseUtility.LicenseEvidenceGatherer` ([#1346] via [#1377]) Use `Contrib.License.Utils.LicenseEvidenceGatherer` instead. * Deprecated symbol `Utils.NpmjsUtility` ([#1346] via [#1377]) * Deprecated symbol `Utils.NpmjsUtility.parsePackageIntegrity` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Utils.parsePackageIntegrity` instead. * Deprecated symbol `Utils.NpmjsUtility.defaultRegistryMatcher` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Utils.defaultRegistryMatcher` instead. * Symbol `Contrib.PackageUrl.Factories.PackageUrlFactory` ([#1348] via [#1378]) Use `packageurl-js` downstream. * Symbol `Contrib.FromNodePackageJson.Factories.PackageUrlFactory` ([#1348] via [#1378]) Use `packageurl-js` downstream. * Symbol `SPDX.isValidSpdxLicenseExpression` ([#1348] via [#1382]) Use package `spdx-expression-parse` instead. * Changed * `Component.purl` is a `string` now, was `PackaheUrl` ([#1348] via [#1379]) * Constructor of `Contrib.License.Factories.LicenseFactory` got an injectable argument `spdxExpressionValidate` for validating SPDX License Expressions ([#1348] via [#1382]) Suggested implementation is `spdx-expression-parse`. * Dependencies * Dependency `packageurl-js` became a suggested (optional peer-dependency) library ([#1348] via [#1378]) You may use it to craft and parse PackageURLs downstream. * Dependency `spdx-expression-parse` became a suggested (optional peer-dependency) library ([#1348] via [#1382]) Used as an injectable in `Contrib.License.Factories.LicenseFactory.constructor`. * Chore * Set dev-engines in `package.json` ([#1301] via [#1380]) [#1301]: #1301 [#1346]: #1346 [#1348]: #1348 [#1360]: #1360 [#1374]: #1374 [#1377]: #1377 [#1378]: #1378 [#1379]: #1379 [#1380]: #1380 [#1382]: #1382
2 parents d0cab76 + 21e9cf8 commit 397ab83

63 files changed

Lines changed: 328 additions & 1807 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/nodejs.yml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -364,9 +364,6 @@ jobs:
364364
- name: run example
365365
run: node -- 'example.${{ matrix.js-type }}'
366366
working-directory: ${{ env.EXAMPLE_DIR }}
367-
- name: run deprecated
368-
run: node -- 'deprecated.${{ matrix.js-type }}'
369-
working-directory: ${{ env.EXAMPLE_DIR }}
370367

371368
example-TS:
372369
needs: [ 'build' ]

HISTORY.md

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,84 @@ All notable changes to this project will be documented in this file.
66

77
<!-- add unreleased items here -->
88

9+
* BREAKING changes
10+
* Removed deprecated symbols
11+
* Removed PackageUrl factories
12+
* No longer use external standards' implementations directly
13+
* Removed
14+
* Entrypoint `Builders` (via [#1377])
15+
* Entrypoint `Factories` (via [#1377])
16+
* Entrypoint `Utils` (via [#1377])
17+
* Entrypoint `Contrib/PackageUrl` (via [#1378])
18+
* Deprecated symbol `Builders` ([#1346] via [#1377])
19+
* Deprecated symbol `Builders.FromNodePackageJson` ([#1346] via [#1377])
20+
* Deprecated symbol `Builders.FromNodePackageJson.ToolBuilder` ([#1346] via [#1377])
21+
Use `Contrib.FromNodePackageJson.Builders.ToolBuilder` instead.
22+
* Deprecated symbol `Builders.FromNodePackageJson.ComponentBuilder` ([#1346] via [#1377])
23+
Use `Contrib.FromNodePackageJson.Builders.ComponentBuilder` instead.
24+
* Deprecated symbol `Factories` ([#1346] via [#1377])
25+
* Deprecated symbol `Factories.FromNodePackageJson` ([#1346] via [#1377])
26+
* Deprecated symbol `Factories.FromNodePackageJson.ExternalReferenceFactory` ([#1346] via [#1377])
27+
Use `Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory` instead.
28+
* Deprecated symbol `Factories.FromNodePackageJson.PackageUrlFactory` ([#1346] via [#1377])
29+
Use `packageurl-js` downstream.
30+
* Deprecated symbol `Factories.LicenseFactory` ([#1346], [#1348] via [#1377], [#1378])
31+
Use `Contrib.License.Factories.LicenseFactory` instead.
32+
* Deprecated symbol `Factories.PackageUrlFactory` ([#1346] via [#1377])
33+
Use `packageurl-js` downstream.
34+
* Deprecated symbol `Types.NodePackageJson` ([#1346], [#1348] via [#1377], [#1378])
35+
Use `Contrib.FromNodePackageJson.Types.NodePackageJson` instead.
36+
* Deprecated symbol `Types.assertNodePackageJson` ([#1346] via [#1377])
37+
Use `Contrib.FromNodePackageJson.Types.assertNodePackageJson` instead.
38+
* Deprecated symbol `Types.isNodePackageJson` ([#1346] via [#1377])
39+
Use `Contrib.FromNodePackageJson.Types.isNodePackageJson` instead.
40+
* Deprecated symbol `Utils` ([#1346] via [#1377])
41+
* Deprecated symbol `Utils.BomUtility` ([#1346] via [#1377])
42+
* Deprecated symbol `Utils.BomUtility.randomSerialNumber` ([#1346] via [#1377])
43+
Use `Contrib.Bom.Utils.randomSerialNumber` instead.
44+
* Deprecated symbol `Utils.LicenseUtility` ([#1346] via [#1377])
45+
* Deprecated symbol `Utils.LicenseUtility.FsUtils` ([#1346] via [#1377])
46+
Use `Contrib.License.Utils.FsUtils` instead.
47+
* Deprecated symbol `Utils.LicenseUtility.PathUtils` ([#1346] via [#1377])
48+
* Use `Contrib.License.Utils.PathUtils` instead.
49+
* Deprecated symbol `Utils.LicenseUtility.FileAttachment` ([#1346] via [#1377])
50+
Use `Contrib.License.Utils.FileAttachment` instead.
51+
* Deprecated symbol `Utils.LicenseUtility.ErrorReporter` ([#1346] via [#1377])
52+
Use `Contrib.License.Utils.ErrorReporter` instead.
53+
* Deprecated symbol `Utils.LicenseUtility.LicenseEvidenceGatherer` ([#1346] via [#1377])
54+
Use `Contrib.License.Utils.LicenseEvidenceGatherer` instead.
55+
* Deprecated symbol `Utils.NpmjsUtility` ([#1346] via [#1377])
56+
* Deprecated symbol `Utils.NpmjsUtility.parsePackageIntegrity` ([#1346] via [#1377])
57+
Use `Contrib.FromNodePackageJson.Utils.parsePackageIntegrity` instead.
58+
* Deprecated symbol `Utils.NpmjsUtility.defaultRegistryMatcher` ([#1346] via [#1377])
59+
Use `Contrib.FromNodePackageJson.Utils.defaultRegistryMatcher` instead.
60+
* Symbol `Contrib.PackageUrl.Factories.PackageUrlFactory` ([#1348] via [#1378])
61+
Use `packageurl-js` downstream.
62+
* Symbol `Contrib.FromNodePackageJson.Factories.PackageUrlFactory` ([#1348] via [#1378])
63+
Use `packageurl-js` downstream.
64+
* Symbol `SPDX.isValidSpdxLicenseExpression` ([#1348] via [#1382])
65+
Use package `spdx-expression-parse` instead.
66+
* Changed
67+
* `Component.purl` is a `string` now, was `PackaheUrl` ([#1348] via [#1379])
68+
* Constructor of `Contrib.License.Factories.LicenseFactory` got an injectable argument `spdxExpressionValidate` for validating SPDX License Expressions ([#1348] via [#1382])
69+
Suggested implementation is `spdx-expression-parse`.
70+
* Dependencies
71+
* Dependency `packageurl-js` became a suggested (optional peer-dependency) library ([#1348] via [#1378])
72+
You may use it to craft and parse PackageURLs downstream.
73+
* Dependency `spdx-expression-parse` became a suggested (optional peer-dependency) library ([#1348] via [#1382])
74+
Used as an injectable in `Contrib.License.Factories.LicenseFactory.constructor`.
75+
* Chore
76+
* Set dev-engines in `package.json` ([#1301] via [#1380])
77+
78+
[#1301]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1301
79+
[#1346]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1346
80+
[#1348]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1348
81+
[#1377]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1377
82+
[#1378]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1378
83+
[#1379]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1379
84+
[#1380]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1380
85+
[#1382]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1382
86+
987
## 9.5.0 -- 2026-03-02
1088

1189
* Added

README.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -82,7 +82,6 @@ written in _TypeScript_ and compiled for the target.
8282
* Gather license evidences from files (for _Node.js_ only)
8383
* Factories for the following use cases:
8484
* Create data models from any license descriptor string
85-
* Create `PackageURL` from `Component` data models
8685
* Specific to _Node.js_: create data models from PackageJson-like data structures and derived data
8786
* Builders for the following use cases:
8887
* Specific to _Node.js_: create deep data models `Tool` or `Component` from PackageJson-like data structures
@@ -135,6 +134,12 @@ Some features require optional peer dependencies — see `package.json` for vers
135134
* [`libxmljs2`](https://www.npmjs.com/package/libxmljs2)
136135
* the system might need to meet the requirements for [`node-gyp`](https://github.com/TooTallNate/node-gyp#installation), in certain cases.
137136

137+
In addition, we have some suggestions for related 3rd-party standards:
138+
* [`packageurl-js`](https://www.npmjs.com/package/packageurl-js)
139+
for crafting and parsing PackageURLs.
140+
* [`spdx-expression-parse`](https://www.npmjs.com/package/spdx-expression-parse)
141+
for validating SPDX License Expressions.
142+
138143
## Usage
139144

140145
See extended [examples].

examples/node/javascript/deprecated.cjs

Lines changed: 0 additions & 60 deletions
This file was deleted.

examples/node/javascript/deprecated.mjs

Lines changed: 0 additions & 60 deletions
This file was deleted.

examples/node/javascript/example.cjs

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,10 @@ const CDX = require('@cyclonedx/cyclonedx-library')
2525
// const { Bom, Component } = require('@cyclonedx/cyclonedx-library/Models')
2626
// const { ComponentType } = require('@cyclonedx/cyclonedx-library/Enums')
2727

28-
const lFac = new CDX.Contrib.License.Factories.LicenseFactory()
29-
const purlFac = new CDX.Contrib.PackageUrl.Factories.PackageUrlFactory('generic')
28+
const spdxExpressionParser = require('spdx-expression-parse')
29+
30+
31+
const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
3032

3133
const bom = new CDX.Models.Bom()
3234
bom.metadata.component = new CDX.Models.Component(
@@ -44,7 +46,7 @@ const componentA = new CDX.Models.Component(
4446
}
4547
)
4648
componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
47-
componentA.purl = purlFac.makeFromComponent(componentA)
49+
componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
4850

4951
bom.components.add(componentA)
5052
bom.metadata.component.dependencies.add(componentA.bomRef)

examples/node/javascript/example.mjs

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -25,8 +25,10 @@ import * as CDX from '@cyclonedx/cyclonedx-library'
2525
// import { Bom, Component } from '@cyclonedx/cyclonedx-library/Models'
2626
// import { ComponentType } from '@cyclonedx/cyclonedx-library/Enums'
2727

28-
const lFac = new CDX.Contrib.License.Factories.LicenseFactory()
29-
const purlFac = new CDX.Contrib.PackageUrl.Factories.PackageUrlFactory('generic')
28+
import spdxExpressionParser from 'spdx-expression-parse'
29+
30+
31+
const lFac = new CDX.Contrib.License.Factories.LicenseFactory(spdxExpressionParser)
3032

3133
const bom = new CDX.Models.Bom()
3234
bom.metadata.component = new CDX.Models.Component(
@@ -44,7 +46,7 @@ const componentA = new CDX.Models.Component(
4446
}
4547
)
4648
componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
47-
componentA.purl = purlFac.makeFromComponent(componentA)
49+
componentA.purl = `pkg:generic/${componentA.group}/${componentA.name}@${componentA.version}`
4850

4951
bom.components.add(componentA)
5052
bom.metadata.component.dependencies.add(componentA.bomRef)

examples/node/javascript/package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
},
99
"dependencies": {
1010
"@cyclonedx/cyclonedx-library": "file:../../..",
11+
"spdx-expression-parse": "^3.0.1||^4",
1112
"xmlbuilder2": "^3.0.2||^4.0.0"
1213
},
1314
"optionalDependencies": {

examples/node/typescript/example.cjs/package.json

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@
88
},
99
"dependencies": {
1010
"@cyclonedx/cyclonedx-library": "file:../../../..",
11+
"spdx-expression-parse": "^3.0.1||^4",
1112
"xmlbuilder2": "^3.0.2||^4.0.0"
1213
},
1314
"optionalDependencies": {
@@ -18,11 +19,12 @@
1819
},
1920
"devDependencies": {
2021
"@types/node": "*",
22+
"@types/spdx-expression-parse": "^3",
2123
"typescript": "^3.8 || ^4 || ^5"
2224
},
2325
"scripts": {
2426
"prebuild": "tsc -b --clean",
2527
"build": "tsc -b",
26-
"example": "node dist/example.js && node dist/deprecated.js"
28+
"example": "node dist/example.js"
2729
}
2830
}

examples/node/typescript/example.cjs/src/deprecated.ts

Lines changed: 0 additions & 68 deletions
This file was deleted.

0 commit comments

Comments
 (0)