Closed tomsontom closed 1 month ago
A possible fix would be to make [
getPackageDescription
] smarter and check if there's a name and version and search on if none is in the loadedpackage.json
nope. not intended for now. see https://github.com/CycloneDX/cyclonedx-webpack-plugin/issues/778#issuecomment-1494201468
A fix would be, if "luxon" added a (proper) name to the package they defined in luxon/src/package.json
:tipping_hand_person:
the example from the provided To Reproduce
section caused the following SBOM files:
bom.from-example.zip
possible solution: if component has no name, then add it anyway with a name like component at [relative path to package.json]
.
@tomsontom could you pullrequest/help shape a setup for regression tests? something similar to https://github.com/CycloneDX/cyclonedx-webpack-plugin/tree/master/tests/integration/regression-issue745
I'll take a look next week
should be fixed by #1284
closed, as this is expected to be fixed as showd in multiple integration tests.
if you think this is still open, please open a new issue.
Describe the bug
If luxon is used in the application. The plugin fails include it in the output.
To Reproduce
Setup
Use luxon
Change app.component.ts to look like this:
Run build
Expected behavior
I would expect that
dist/.bom/bom.json
to contain luxonScreenshots or output-paste
luxon not contained
Environment
Additional context
The reason luxon is not contained in the output is that "node_modules/luxon/src" contains a filed named "package.json" with the following content
See https://github.com/moment/luxon/blob/3125686af82d9a25c7267a1cf1eb838a3d41144f/src/package.json#L1 and so cyclone is unable to find a name and skips luxon in the output.
A possible fix would be to make https://github.com/CycloneDX/cyclonedx-webpack-plugin/blob/ac87cd733ddb620fdc68dbe4b257e8aabdb02311/src/_helpers.ts#L28 smarter and check if there's a name and version and search on if none is in the loaded
package.json