Open
Conversation
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅 You can expedite processing of your PR by using this template to provide context and additional information. Before actually opening a PR please make sure that it does NOT fall into any of the following categories 🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even ∞ ban from interacting with the project depending on reoccurrence and severity. 🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged if all other typos in the same file are also fixed with the same PR 🚫 If you fail to provide any _Description_ below, your PR will be considered spam. If you do not check the _Affirmation_ box below, your PR will not be merged. 🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will not be merged. If you used AI tools to assist you in writing code, but fail to provide the required disclosure, your PR will not be merged. 🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅--> ### Description <!-- ✍️--> in #1343 some contrib implementations were moved, and the old exports were kept. they are marked deprecated -- and now the were removed * Removed * Entrypoint `Builders` (via [#1377]) * Entrypoint `Factories` (via [#1377]) * Entrypoint `Utils` (via [#1377]) * Deprecated symbol `Builders` ([#1346] via [#1377]) * Deprecated symbol `Builders.FromNodePackageJson` ([#1346] via [#1377]) * Deprecated symbol `Builders.FromNodePackageJson.ToolBuilder` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Builders.ToolBuilder` instead. * Deprecated symbol `Builders.FromNodePackageJson.ComponentBuilder` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Builders.ComponentBuilder` instead. * Deprecated symbol `Factories` ([#1346] via [#1377]) * Deprecated symbol `Factories.FromNodePackageJson` ([#1346] via [#1377]) * Deprecated symbol `Factories.FromNodePackageJson.ExternalReferenceFactory` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Factories.ExternalReferenceFactory` instead. * Deprecated symbol `Factories.FromNodePackageJson.PackageUrlFactory` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Factories.PackageUrlFactory` instead. * Deprecated symbol `Factories.LicenseFactory` ([#1346] via [#1377]) Use `Contrib.License.Factories.LicenseFactory` instead. * Deprecated symbol `Factories.PackageUrlFactory` ([#1346] via [#1377]) Use `Contrib.PackageUrl.Factories.PackageUrlFactory` instead. * Deprecated symbol `Types.NodePackageJson` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Types.NodePackageJson` instead. * Deprecated symbol `Types.assertNodePackageJson` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Types.assertNodePackageJson` instead. * Deprecated symbol `Types.isNodePackageJson` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Types.isNodePackageJson` instead. * Deprecated symbol `Utils` ([#1346] via [#1377]) * Deprecated symbol `Utils.BomUtility` ([#1346] via [#1377]) * Deprecated symbol `Utils.BomUtility.randomSerialNumber` ([#1346] via [#1377]) Use `Contrib.Bom.Utils.randomSerialNumber` instead. * Deprecated symbol `Utils.LicenseUtility` ([#1346] via [#1377]) * Deprecated symbol `Utils.LicenseUtility.FsUtils` ([#1346] via [#1377]) Use `Contrib.License.Utils.FsUtils` instead. * Deprecated symbol `Utils.LicenseUtility.PathUtils` ([#1346] via [#1377]) * Use `Contrib.License.Utils.PathUtils` instead. * Deprecated symbol `Utils.LicenseUtility.FileAttachment` ([#1346] via [#1377]) Use `Contrib.License.Utils.FileAttachment` instead. * Deprecated symbol `Utils.LicenseUtility.ErrorReporter` ([#1346] via [#1377]) Use `Contrib.License.Utils.ErrorReporter` instead. * Deprecated symbol `Utils.LicenseUtility.LicenseEvidenceGatherer` ([#1346] via [#1377]) Use `Contrib.License.Utils.LicenseEvidenceGatherer` instead. * Deprecated symbol `Utils.NpmjsUtility` ([#1346] via [#1377]) * Deprecated symbol `Utils.NpmjsUtility.parsePackageIntegrity` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Utils.parsePackageIntegrity` instead. * Deprecated symbol `Utils.NpmjsUtility.defaultRegistryMatcher` ([#1346] via [#1377]) Use `Contrib.FromNodePackageJson.Utils.defaultRegistryMatcher` instead. fixes: #1346 ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md) guidelines
<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅 You can expedite processing of your PR by using this template to provide context and additional information. Before actually opening a PR please make sure that it does NOT fall into any of the following categories 🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even ∞ ban from interacting with the project depending on reoccurrence and severity. 🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged if all other typos in the same file are also fixed with the same PR 🚫 If you fail to provide any _Description_ below, your PR will be considered spam. If you do not check the _Affirmation_ box below, your PR will not be merged. 🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will not be merged. If you used AI tools to assist you in writing code, but fail to provide the required disclosure, your PR will not be merged. 🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅--> ### Description <!-- ✍️--> `Component.purl` is a `string` now. No longer dependon external standards and 3rd-party libraries nor data models. Resolves or fixes issue: #1348 ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md) guidelines Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅 You can expedite processing of your PR by using this template to provide context and additional information. Before actually opening a PR please make sure that it does NOT fall into any of the following categories 🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even ∞ ban from interacting with the project depending on reoccurrence and severity. 🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged if all other typos in the same file are also fixed with the same PR 🚫 If you fail to provide any _Description_ below, your PR will be considered spam. If you do not check the _Affirmation_ box below, your PR will not be merged. 🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will not be merged. If you used AI tools to assist you in writing code, but fail to provide the required disclosure, your PR will not be merged. 🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅--> ### Description BREAKING Changes: removed symbols * `Contrib.PackageUrl.Factories.PackageUrlFactory` * `Contrib.FromNodePackageJson.Factories.PackageUrlFactory` No longer depend on `packageurl-js@^2.0.1` Resolves or fixes issue: #1348 ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md) guidelines --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅 You can expedite processing of your PR by using this template to provide context and additional information. Before actually opening a PR please make sure that it does NOT fall into any of the following categories 🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even ∞ ban from interacting with the project depending on reoccurrence and severity. 🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged if all other typos in the same file are also fixed with the same PR 🚫 If you fail to provide any _Description_ below, your PR will be considered spam. If you do not check the _Affirmation_ box below, your PR will not be merged. 🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will not be merged. If you used AI tools to assist you in writing code, but fail to provide the required disclosure, your PR will not be merged. 🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅--> ### Description <!-- ✍️--> set dev-engines Resolves or fixes issue: #1301 ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md) guidelines Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
This was
linked to
issues
Feb 20, 2026
<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅 You can expedite processing of your PR by using this template to provide context and additional information. Before actually opening a PR please make sure that it does NOT fall into any of the following categories 🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even ∞ ban from interacting with the project depending on reoccurrence and severity. 🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged if all other typos in the same file are also fixed with the same PR 🚫 If you fail to provide any _Description_ below, your PR will be considered spam. If you do not check the _Affirmation_ box below, your PR will not be merged. 🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will not be merged. If you used AI tools to assist you in writing code, but fail to provide the required disclosure, your PR will not be merged. 🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅--> ### Description <!-- ✍️--> A clear and concise summary of the change and which issue (if any) it fixes. Should also include relevant motivation and context. Resolves or fixes issue: <!-- ✍️ Add GitHub issue number in format `#0000` or `none` --> ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md) guidelines Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
<!--🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅 You can expedite processing of your PR by using this template to provide context and additional information. Before actually opening a PR please make sure that it does NOT fall into any of the following categories 🚫 Spam PRs (accidental or intentional) - these will result in a 30-days or even ∞ ban from interacting with the project depending on reoccurrence and severity. 🚫 Lazy typo fixing PRs - if you fix a typo in a file, your PR will only be merged if all other typos in the same file are also fixed with the same PR 🚫 If you fail to provide any _Description_ below, your PR will be considered spam. If you do not check the _Affirmation_ box below, your PR will not be merged. 🚫 If you do not check one of the _AI Tool Disclosure_ boxes below, your PR will not be merged. If you used AI tools to assist you in writing code, but fail to provide the required disclosure, your PR will not be merged. 🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅🔅--> ### Description <!-- ✍️--> * Constructor of `Contrib.License.Factories.LicenseFactory` got an injectable argument `spdxExpressionValidate` for validating SPDX Expressions * Dependency `spdx-expression-parse` became a suggested (optional peer-dependency) library Used as an injectable in `Contrib.License.Factories.LicenseFactory.constructor`. Resolves or fixes issue: <!-- ✍️ Add GitHub issue number in format `#0000` or `none` --> ### AI Tool Disclosure - [x] My contribution does not include any AI-generated content - [ ] My contribution includes AI-generated content, as disclosed below: - AI Tools: `[e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]` - LLMs and versions: `[e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]` - Prompts: `[Summarize the key prompts or instructions given to the AI tools]` ### Affirmation - [x] My code follows the [CONTRIBUTING.md](https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/CONTRIBUTING.md) guidelines --------- Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
Closed
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Builders(via #1377)Factories(via #1377)Utils(via #1377)Contrib/PackageUrl(via #1378)Builders(#1346 via #1377)Builders.FromNodePackageJson(#1346 via #1377)Builders.FromNodePackageJson.ToolBuilder(#1346 via #1377)Use
Contrib.FromNodePackageJson.Builders.ToolBuilderinstead.Builders.FromNodePackageJson.ComponentBuilder(#1346 via #1377)Use
Contrib.FromNodePackageJson.Builders.ComponentBuilderinstead.Factories(#1346 via #1377)Factories.FromNodePackageJson(#1346 via #1377)Factories.FromNodePackageJson.ExternalReferenceFactory(#1346 via #1377)Use
Contrib.FromNodePackageJson.Factories.ExternalReferenceFactoryinstead.Factories.FromNodePackageJson.PackageUrlFactory(#1346 via #1377)Use
packageurl-jsdownstream.Factories.LicenseFactory(#1346, #1348 via #1377, #1378)Use
Contrib.License.Factories.LicenseFactoryinstead.Factories.PackageUrlFactory(#1346 via #1377)Use
packageurl-jsdownstream.Types.NodePackageJson(#1346, #1348 via #1377, #1378)Use
Contrib.FromNodePackageJson.Types.NodePackageJsoninstead.Types.assertNodePackageJson(#1346 via #1377)Use
Contrib.FromNodePackageJson.Types.assertNodePackageJsoninstead.Types.isNodePackageJson(#1346 via #1377)Use
Contrib.FromNodePackageJson.Types.isNodePackageJsoninstead.Utils(#1346 via #1377)Utils.BomUtility(#1346 via #1377)Utils.BomUtility.randomSerialNumber(#1346 via #1377)Use
Contrib.Bom.Utils.randomSerialNumberinstead.Utils.LicenseUtility(#1346 via #1377)Utils.LicenseUtility.FsUtils(#1346 via #1377)Use
Contrib.License.Utils.FsUtilsinstead.Utils.LicenseUtility.PathUtils(#1346 via #1377)Contrib.License.Utils.PathUtilsinstead.Utils.LicenseUtility.FileAttachment(#1346 via #1377)Use
Contrib.License.Utils.FileAttachmentinstead.Utils.LicenseUtility.ErrorReporter(#1346 via #1377)Use
Contrib.License.Utils.ErrorReporterinstead.Utils.LicenseUtility.LicenseEvidenceGatherer(#1346 via #1377)Use
Contrib.License.Utils.LicenseEvidenceGathererinstead.Utils.NpmjsUtility(#1346 via #1377)Utils.NpmjsUtility.parsePackageIntegrity(#1346 via #1377)Use
Contrib.FromNodePackageJson.Utils.parsePackageIntegrityinstead.Utils.NpmjsUtility.defaultRegistryMatcher(#1346 via #1377)Use
Contrib.FromNodePackageJson.Utils.defaultRegistryMatcherinstead.Contrib.PackageUrl.Factories.PackageUrlFactory(#1348 via #1378)Use
packageurl-jsdownstream.Contrib.FromNodePackageJson.Factories.PackageUrlFactory(#1348 via #1378)Use
packageurl-jsdownstream.SPDX.isValidSpdxLicenseExpression(#1348 via #1382)Use package
spdx-expression-parseinstead.Component.purlis astringnow, wasPackaheUrl(#1348 via #1379)Contrib.License.Factories.LicenseFactorygot an injectable argumentspdxExpressionValidatefor validating SPDX License Expressions (#1348 via #1382)Suggested implementation is
spdx-expression-parse.packageurl-jsbecame a suggested (optional peer-dependency) library (#1348 via #1378)You may use it to craft and parse PackageURLs downstream.
spdx-expression-parsebecame a suggested (optional peer-dependency) library (#1348 via #1382)Used as an injectable in
Contrib.License.Factories.LicenseFactory.constructor.package.json(#1301 via #1380)