purl generated for few components as part cyclonedx BOM is incorrect - Githubissues

RetireJS / retire.js

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

https://retirejs.github.io/retire.js/

Other

3.6k stars 412 forks source link

purl generated for few components as part cyclonedx BOM is incorrect #410

Closed rashmimehta300 closed 1 year ago

rashmimehta300 commented 1 year ago

Retire.js version: (retire --version): 4.3.1

node version: (node --version): 18.13.0

Description: purl generated for angularjs and jquery datatables are incorrect pkg:npm/angularjs@1.6.5 pkg:npm/jquery.datatables@1.13.4

Expected behaviour: purl generated should be pkg:npm/angular@1.6.5 pkg:npm/datatables@1.13.4

If this is a false positive or false negative:

How did you run the tool? Command line? Browser extension? Command line
Can you provide a link to the file(s) containing the libraries?
Are the libraries bundeled with a minifier? If so which one?

eoftedal commented 1 year ago

Thanks!