Retire not generating correct purl when creating cyclonedx bom

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

https://retirejs.github.io/retire.js/

Other

3.66k stars 414 forks source link

Retire not generating correct purl when creating cyclonedx bom #406

Closed rashmimehta300 closed 1 year ago

rashmimehta300 commented 1 year ago

Retire.js version: 4.2.1

node version: 18.13.0

Description: Retire not generating correct purl when creating cyclonedx bom which when consumed by dependency track does not shows vulnerability. purl generated is pkg:npm/moment.js@2.8.4

Expected behaviour: purl should be generated as pkg:npm/moment@2.8.4

How did you run the tool? Command line? Browser extension? command line