Download the spdx-sbom-generator binaries to cloned repo folder
Execute npm install in comman-line tool
node_module will be created with all dependencies
Execute composer install in comman-line tool
Vendor folder will be created with all dependencies
Execute ./spdx-sbom-generator to create SPDX files
As expected SPDX file is created for both npm and composer. However data missing in 2 SPDX Document Information and in 3 Package Information for root package in npm SPDX file. PFA SPDX files for reference
NOTE: Composer SPDX file has the data for both the sections
custom_auth_multiSPDXfiles.zip