cyclonedx-webpack-plugin
cyclonedx-webpack-plugin copied to clipboard
CycloneDX
Generate CycloneDX Software Bill of Materials (SBOM) from webpack bundles at compile time.
Bumps the eslint group with 2 updates in the / directory: [eslint](https://github.com/eslint/eslint) and [eslint-plugin-simple-import-sort](https://github.com/lydell/eslint-plugin-simple-import-sort). Updates `eslint` from 8.57.0 to 9.2.0 Release notes Sourced from eslint's releases. v9.2.0 Features 8485d76 feat:...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
TODO - [x] have setups for yarn - [ ] have setups for pnpm - [ ] have tests in pipeline (matrix) - [ ] have reproducible test results
https://www.npmjs.com/package/npm-run-all is outdated, use https://www.npmjs.com/package/npm-run-all2 instead
https://www.npmjs.com/package/eslint-config-standard-with-typescript is deprecated. > This package has been deprecated > Author message: `Please use eslint-config-love, instead.` new: https://www.npmjs.com/package/eslint-config-love?activeTab=readme
## Describe the bug If luxon is used in the application. The plugin fails include it in the output. ## To Reproduce ### Setup ```bash git clone https://github.com/CycloneDX/cyclonedx-webpack-plugin.git cd cyclonedx-webpack-plugin...
## Is your feature request related to a problem? Please describe. I tried running this plugin in [rspack](https://www.rspack.dev/) / [rsbuild](https://rsbuild.dev/), but am getting the error: > TypeError: Cannot read properties...
## Is your feature request related to a problem? Please describe. If a BOM was generated as reproducible, this should be easily visible from the BOM. Therefore, https://github.com/CycloneDX/cyclonedx-property-taxonomy/pull/70 exists ##...
currently, SBOM "components" are detected based an a `package.json` file. thats cool for most situatons. but what if there is just no `package.json`? or it is untrusted for reasons? Let's...
## Is your feature request related to a problem? Please describe. CycloneDX 1.5 supports formulation: https://cyclonedx.org/guides/sbom/formulation This could be used to document how webpack was configured and how it compiled/packed...
install testbeds with `npm i --install-links` so that they apply the actual tool, without linking and without external dependencies from that link .... unfortunately this might break the local dev...