File Manager

X7ROOT File Manager

Current Path: /opt/alt/alt-nodejs22/root/usr/lib/node_modules/npm/lib/utils

opt / alt / alt-nodejs22 / root / usr / lib / node_modules / npm / lib / utils /

ðŸ“ ..
ðŸ“„ audit-error.js(1.02 KB)
ðŸ“„ auth.js(3.21 KB)
ðŸ“„ cmd-list.js(2.89 KB)
ðŸ“„ completion.fish(1.56 KB)
ðŸ“„ completion.sh(1.85 KB)
ðŸ“„ did-you-mean.js(1.16 KB)
ðŸ“„ display.js(15.38 KB)
ðŸ“„ error-message.js(14.79 KB)
ðŸ“„ explain-dep.js(3.03 KB)
ðŸ“„ explain-eresolve.js(2.56 KB)
ðŸ“„ format-bytes.js(629 B)
ðŸ“„ format-search-stream.js(4.7 KB)
ðŸ“„ format.js(1.91 KB)
ðŸ“„ get-identity.js(802 B)
ðŸ“„ get-workspaces.js(1.71 KB)
ðŸ“„ installed-deep.js(1.1 KB)
ðŸ“„ installed-shallow.js(583 B)
ðŸ“„ is-windows.js(177 B)
ðŸ“„ log-file.js(7.78 KB)
ðŸ“„ npm-usage.js(2.02 KB)
ðŸ“„ open-url.js(2.36 KB)
ðŸ“„ output-error.js(767 B)
ðŸ“„ ping.js(262 B)
ðŸ“„ queryable.js(9.56 KB)
ðŸ“„ read-user-info.js(1.91 KB)
ðŸ“„ reify-finish.js(886 B)
ðŸ“„ reify-output.js(5.65 KB)
ðŸ“„ sbom-cyclonedx.js(5.21 KB)
ðŸ“„ sbom-spdx.js(4.59 KB)
ðŸ“„ tar.js(3.47 KB)
ðŸ“„ timers.js(2.07 KB)
ðŸ“„ update-workspaces.js(1013 B)
ðŸ“„ validate-lockfile.js(1023 B)
ðŸ“„ verify-signatures.js(11.92 KB)

Editing: sbom-spdx.js

const crypto = require('node:crypto')
const normalizeData = require('normalize-package-data')
const npa = require('npm-package-arg')
const ssri = require('ssri')

const SPDX_SCHEMA_VERSION = 'SPDX-2.3'
const SPDX_DATA_LICENSE = 'CC0-1.0'
const SPDX_IDENTIFER = 'SPDXRef-DOCUMENT'

const NO_ASSERTION = 'NOASSERTION'

const REL_DESCRIBES = 'DESCRIBES'
const REL_PREREQ = 'PREREQUISITE_FOR'
const REL_OPTIONAL = 'OPTIONAL_DEPENDENCY_OF'
const REL_DEV = 'DEV_DEPENDENCY_OF'
const REL_DEP = 'DEPENDENCY_OF'

const REF_CAT_PACKAGE_MANAGER = 'PACKAGE-MANAGER'
const REF_TYPE_PURL = 'purl'

const spdxOutput = ({ npm, nodes, packageType }) => {
  const rootNode = nodes.find(node => node.isRoot)
  const childNodes = nodes.filter(node => !node.isRoot && !node.isLink)
  const rootID = rootNode.pkgid
  const uuid = crypto.randomUUID()
  const ns = `http://spdx.org/spdxdocs/${npa(rootID).escapedName}-${rootNode.version}-${uuid}`

const relationships = []
  const seen = new Set()
  for (let node of nodes) {
    if (node.isLink) {
      node = node.target
    }

if (seen.has(node)) {
      continue
    }
    seen.add(node)

const rels = [...node.edgesOut.values()]
      // Filter out edges that are linking to nodes not in the list
      .filter(edge => nodes.find(n => n === edge.to))
      .map(edge => toSpdxRelationship(node, edge))
      .filter(rel => rel)

relationships.push(...rels)
  }

const extraRelationships = nodes.filter(node => node.extraneous)
    .map(node => toSpdxRelationship(rootNode, { to: node, type: 'optional' }))

relationships.push(...extraRelationships)

const bom = {
    spdxVersion: SPDX_SCHEMA_VERSION,
    dataLicense: SPDX_DATA_LICENSE,
    SPDXID: SPDX_IDENTIFER,
    name: rootID,
    documentNamespace: ns,
    creationInfo: {
      created: new Date().toISOString(),
      creators: [
        `Tool: npm/cli-${npm.version}`,
      ],
    },
    documentDescribes: [toSpdxID(rootNode)],
    packages: [toSpdxItem(rootNode, { packageType }), ...childNodes.map(toSpdxItem)],
    relationships: [
      {
        spdxElementId: SPDX_IDENTIFER,
        relatedSpdxElement: toSpdxID(rootNode),
        relationshipType: REL_DESCRIBES,
      },
      ...relationships,
    ],
  }

return bom
}

const toSpdxItem = (node, { packageType }) => {
  normalizeData(node.package)

// Calculate purl from package spec
  let spec = npa(node.pkgid)
  spec = (spec.type === 'alias') ? spec.subSpec : spec
  const purl = npa.toPurl(spec) + (isGitNode(node) ? `?vcs_url=${node.resolved}` : '')

/* For workspace nodes, use the location from their linkNode */
  let location = node.location
  if (node.isWorkspace && node.linksIn.size > 0) {
    location = node.linksIn.values().next().value.location
  }

let license = node.package?.license
  if (license) {
    if (typeof license === 'object') {
      license = license.type
    }
  }

const pkg = {
    name: node.packageName,
    SPDXID: toSpdxID(node),
    versionInfo: node.version,
    packageFileName: location,
    description: node.package?.description || undefined,
    primaryPackagePurpose: packageType ? packageType.toUpperCase() : undefined,
    downloadLocation: (node.isLink ? undefined : node.resolved) || NO_ASSERTION,
    filesAnalyzed: false,
    homepage: node.package?.homepage || NO_ASSERTION,
    licenseDeclared: license || NO_ASSERTION,
    externalRefs: [
      {
        referenceCategory: REF_CAT_PACKAGE_MANAGER,
        referenceType: REF_TYPE_PURL,
        referenceLocator: purl,
      },
    ],
  }

if (node.integrity) {
    const integrity = ssri.parse(node.integrity, { single: true })
    pkg.checksums = [{
      algorithm: integrity.algorithm.toUpperCase(),
      checksumValue: integrity.hexDigest(),
    }]
  }
  return pkg
}

const toSpdxRelationship = (node, edge) => {
  let type
  switch (edge.type) {
    case 'peer':
      type = REL_PREREQ
      break
    case 'optional':
      type = REL_OPTIONAL
      break
    case 'dev':
      type = REL_DEV
      break
    default:
      type = REL_DEP
  }

return {
    spdxElementId: toSpdxID(edge.to),
    relatedSpdxElement: toSpdxID(node),
    relationshipType: type,
  }
}

const toSpdxID = (node) => {
  let name = node.packageName

// Strip leading @ for scoped packages
  name = name.replace(/^@/, '')

// Replace slashes with dots
  name = name.replace(/\//g, '.')

return `SPDXRef-Package-${name}-${node.version}`
}

const isGitNode = (node) => {
  if (!node.resolved) {
    return
  }

try {
    const { type } = npa(node.resolved)
    return type === 'git' || type === 'hosted'
  } catch (err) {
    /* istanbul ignore next */
    return false
  }
}

module.exports = { spdxOutput }

X7ROOT File Manager

Editing: sbom-spdx.js

Upload File

Create Folder