Giter VIP home page Giter VIP logo

Comments (6)

stevespringett avatar stevespringett commented on June 24, 2024 1

This fix will be included in the upcoming 2.0.0 release.

from cyclonedx-node-module.

scolytus avatar scolytus commented on June 24, 2024

FYI: Dependency Track relies on this format pkg:npm/angular/%40angular%[email protected] and does not work with pkg:npm/%40angular/[email protected].

from cyclonedx-node-module.

stevespringett avatar stevespringett commented on June 24, 2024

It should be producing scoped packages in the following format: pkg:npm/%40angular/[email protected]. If it doesn't, then that is certainly a defect.

from cyclonedx-node-module.

scolytus avatar scolytus commented on June 24, 2024

@stevespringett on my machine it's reproducible, see for example:
https://github.com/scolytus/dependency-demo/blob/master/boms/angular20200506.bom.xml

I also checked the implementation in Dependency Track, it also relies on this faulty behavior for scoped packages, it does not use purl.namespace at all for npm analysis.
Shall I open an issue there as well?

And just for completeness, OSS Index understands neither version, see OSSIndex/vulns#91

from cyclonedx-node-module.

stevespringett avatar stevespringett commented on June 24, 2024

Thank you.

I also checked the implementation in Dependency Track, it also relies on this faulty behavior for scoped packages, it does not use purl.namespace at all for npm analysis.
Shall I open an issue there as well?

Yes please

from cyclonedx-node-module.

stevespringett avatar stevespringett commented on June 24, 2024

2.0.0 was pushed to npm. closing.

from cyclonedx-node-module.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.