This PR adds recursive calls to ReadDependencies() in NpmDependencyScanner to add sub-dependencies to the sbom file (file format version 1 and 2). Those had been missing so far when they were required in a different version.
It also checks for the name property when reading files of format version 2 or 3. If present, this property seems to contain a name alias (basically what the 'npm:' prefix did in the versionproperty in the old format).
This PR also adds a Distinct() to the project dependencies in ProGetClient before calling the BomWriter. This eliminates redundant entries in the sbom file (mainly for NuGet when a product consists of several csproj-files) and can significantly reduce its file size. In my test case an 8 MB file was reduced to approx. 70 KB!
This PR adds recursive calls to
ReadDependencies()inNpmDependencyScannerto add sub-dependencies to the sbom file (file format version 1 and 2). Those had been missing so far when they were required in a different version.It also checks for the
nameproperty when reading files of format version 2 or 3. If present, this property seems to contain a name alias (basically what the 'npm:' prefix did in theversionproperty in the old format).This PR also adds a
Distinct()to the project dependencies inProGetClientbefore calling theBomWriter. This eliminates redundant entries in the sbom file (mainly for NuGet when a product consists of several csproj-files) and can significantly reduce its file size. In my test case an 8 MB file was reduced to approx. 70 KB!