Michael Schlenker
Michael Schlenker
Ok, i got it to work (somewhat) by simply creating a mostly empty `package.json` in the toplevel directory. The output isn't perfect but with some post processing it should be...
Yes, the `npm ls` lists at least lists the toplevel packages, adding appropriate `--depth` gets the dependencies as well. ``` img\npm ls --global +-- @cyclonedx/[email protected] +-- [email protected] +-- [email protected] +--...
@jkowalleck: The story about the external SBOM of a global install is actually fairly easy, even if unusual. I build some kind of SDK for developing specific enterprisey web applications...
Ok, thank you. Yes, i did not understand it from the documentation. But in hindsight, its documented there. So that part is unnecessary, but the --global is still useful.
This looks like an underspecified `HashType.from_composite_str` method, it should probably document the recognized prefixes. The Blake2 RFC (https://datatracker.ietf.org/doc/html/rfc7693) mentions two forms of Blake2: Blake2b for 64-bit and Blake2s for 32-bit...
Pull Request added, i also noticed the SHA3 prefix was also broken in similar ways.