The CycloneDX module for Node.js creates a valid CycloneDX Software Bill-of-Materials (SBOM) containing an aggregate of all project dependencies. CycloneDX is a lightweight SBOM specification that is easily created, human and machine readable, and simple to parse.
Node.js v12.0.0 or higher
npm install -g @cyclonedx/bom$ cyclonedx-bom -h
Usage: cyclonedx-bom [OPTIONS] [path]
Creates CycloneDX Software Bill-of-Materials (SBOM) from Node.js projects
Options:
-v, --version output the version number
-d, --include-dev Include devDependencies (default: false)
-l, --include-license-text Include full license text (default: false)
-o, --output <output> Write BOM to file (default: "bom.xml")
-t, --type <type> Project type (default: "library")
-ns, --no-serial-number Do not include BOM serial number
-h, --help display help for commandcyclonedx-bomcyclonedx-bom -o bom.xmlcyclonedx-bom -o bom.jsonThe following table provides information on the version of this node module, the CycloneDX schema version supported, as well as the output format options. Use the latest possible version of this node module that is the compatible with the CycloneDX version supported by the target system. Or use the CycloneDX CLI Tool to convert to older specification versions as required.
| Version | Schema Version | Format(s) |
|---|---|---|
| 3.0.x | CycloneDX v1.3 | XML/JSON |
| 2.0.x | CycloneDX v1.2 | XML/JSON |
| 1.1.x | CycloneDX v1.1 | XML |
| 1.0x | CycloneDX v1.0 | XML |
CycloneDX Node Module is Copyright (c) OWASP Foundation. All Rights Reserved.
Permission to modify and redistribute is granted under the terms of the Apache 2.0 license. See the LICENSE file for the full license.