Marco Ippolito

+1

Moving to runtime deprecation with https://github.com/nodejs/node/pull/51179

@syg the flag has moved to runtime deprecation, afaik it will be released in the next major (22).

I see that [CycloneDX](https://github.com/CycloneDX/cdxgen) is quite popular, should we give it a try? What kind of tool should we use?

So I gave it a try on my machine and unfortunately my macbook went OOM and crashed. Since Node is a fairly large project it's an expensive operation that falls...

The ideal goal is to ship a SBOM for every executable we release, since every platform might have slight difference settings, tools, dependendencies (? I'm not sure this is true)....

@pombredanne so my idea to get started is : 1. run cdxgen for each package in `/deps` folder for npm packages, 2. run cdxgen for tools and github actions 3....

I'm wondering which installation method should we use on our machine, link to guide [guide](https://github.com/CycloneDX/cdxgen#installing)

I'll remove events.on

@mcollina are there any other packages from this issue that could be worth trying to remove?