1.0.2

Maintenance release.

Dependencies

• Widened the range of requirement packageurl-js to >=0.0.6 <0.0.8, was ^0.0.7. (#130 via #131)

1.0.1

Maintenance release.

Misc

• Use TypeScript v4.7.4 now, was v4.6.4. (via #55)

Dependencies

• Raised the requirement of packageurl-js to ^0.0.7, was ^0.0.6. (via #123)

1.0.0

Initial release.

Responsibilities

• Provide a general purpose JavaScript-implementation of CycloneDX for Node.js and WebBrowsers.
• Provide typing for said implementation, so developers and dev-tools can rely on it.
• Provide data models to work with CycloneDX.
• Provide a JSON- and an XML-normalizer, that...
  • supports all shipped data models.
  • respects any injected CycloneDX Specification and generates valid output according to it.
  • can be configured to generate reproducible/deterministic output.
  • can prepare data structures for JSON- and XML-serialization.
• Serialization:
  • Provide a universal JSON-serializer for all target environments.
  • Provide an XML-serializer for all target environments.
  • Support the downstream implementation of custom XML-serializers tailored to specific environments
    by providing an abstract base class that takes care of normalization and BomRef-discrimination.
    This is done, because there is no universal XML support in JavaScript.

Capabilities & Features

• Enums for the following use cases:
  • AttachmentEncoding
  • ComponentScope
  • ComponentType
  • ExternalReferenceType
  • HashAlgorithm
• Data models for the following use cases:
  • Attachment
  • Bom
  • BomRef, BomRefRepository
  • Component, ComponentRepository
  • ExternalReference, ExternalReferenceRepository
  • HashContent, Hash, HashRepository
  • LicenseExpression, NamedLicense, SpdxLicense, LicenseRepository
  • Metadata
  • OrganizationalContact, OrganizationalContactRepository
  • OrganizationalEntity
  • SWID
  • Tool, ToolRepository
• Factories for the following use cases:
  • Create data models from any license descriptor string
  • Specific to Node.js: create data models from PackageJson-like data structures
• Builders for the following use cases:
  • Specific to Node.js: create deep data models from PackageJson-like data structures
• Implementation of the CycloneDX Specification for the following versions:
  • 1.4
  • 1.3
  • 1.2
• Normalizers that convert data models to JSON structures
• Normalizers that convert data models to XML structures
• Universal serializer that converts Bom data models to JSON string
• Serializer that converts Bom data models to XML string:
  • Specific to WebBrowsers: implementation utilizes browser-specific document generators and printers.
  • Specific to Node.js: implementation plugs/requires/utilizes one of the following optional libraries
    • xmlbuilder2

1.0.0-beta.7

• fix: XML normalize scope correctly
• fix: Component.description get picked up from optional properties in constructor
• fix: `Component.supplier in constructor

1.0.0-beta.6

change

• allow dependency graphs without an entry

1.0.0-beta.5

changed

• Component builder no longer calculates the purl - use the new factory for that.

Added

• factory that makes a PackageUrl from a Component data model.

1.0.0-beta.4

added

• FromPackageJson builders and factories

1.0.0-beta.3

breaking

• Some normalizers method normalizeIter() was reworked to normalizeRepository()
• Most Repository models' static method compareItems() was reworked to non-static method sorted()

Motivation: comparing items was never intended to be a feature of a Repository, but a helper to get a sorted list. This behavior was fixed up.

see #66

1.0.0-beta.2

minor changes in the CI processes and in documentations

1.0.0-beta.1

initial implementation

Responsibilities

• Provide a general purpose JavaScript-implementation of [CycloneDX][CycloneDX] for Node.js and WebBrowsers.
• Provide typing for said implementation, so developers and dev-tools can rely on it.
• Provide data models to work with CycloneDX.
• Provide a JSON- and an XML-normalizer, that...
  • supports all shipped data models.
  • respects any injected [CycloneDX Specification][CycloneDX-spec] and generates valid output according to it.
  • can be configured to generate reproducible/deterministic output.
  • can prepare data structures for JSON- and XML-serialization.
• Serialization:
  • Provide a universal JSON-serializer for all target environments.
  • Provide an XML-serializer for all target environments.
  • Support the downstream implementation of custom XML-serializers tailored to specific environments
    by providing an abstract base class that takes care of normalization and BomRef-discrimination.
    This is done, because there is no universal XML support in JavaScript.

Capabilities

• Enums for the following use cases
  • AttachmentEncoding
  • ComponentScope
  • ComponentType
  • ExternalReferenceType
  • HashAlgorithm
• Data models for the following use cases
  • Attachment
  • Bom
  • BomRef, BomRefRepository
  • Component, ComponentRepository
  • ExternalReference, ExternalReferenceRepository
  • HashContent, Hash, HashRepository
  • LicenseExpression, NamedLicense, SpdxLicense, LicenseRepository
  • Metadata
  • OrganizationalContact, OrganizationalContactRepository
  • OrganizationalEntity
  • SWID
  • Tool, ToolRepository
• Factory, that can create data models from any license descriptor string
• Implementation of the [CycloneDX Specification][CycloneDX-spec] for the following versions:
  • 1.4
  • 1.3
  • 1.2
• Normalizers that convert data models to JSON structures
• Normalizers that convert data models to XML structures
• Universal serializer that converts Bom data models to JSON string
• Serializer that converts Bom data models to XML string:
  • Specific to WebBrowsers: implementation utilizes browser-specific document generators and printers.
  • Specific to Node.js: implementation plugs/requires/utilizes one of the following optional libraries
    • xmlbuilder2
    • ... to be continued ... (pull requests are welcome)