purl of moment.js is still wrong - Githubissues

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

https://retirejs.github.io/retire.js/

Other

3.66k stars 414 forks source link

purl of moment.js is still wrong #409

Closed rashmimehta300 closed 1 year ago

rashmimehta300 commented 1 year ago

Retire.js version: (retire --version): 4.3.0

node version: (node --version): v18.13.0

Description: purl of moment.js is still wrong It is coming as npm:npm/moment@2.8.4

Expected behaviour: purl should be pkg:npm/moment@2.8.4

If this is a false positive or false negative:

How did you run the tool? Command line? Browser extension? Commandline
Can you provide a link to the file(s) containing the libraries?
Are the libraries bundeled with a minifier? If so which one?