diff --git a/node/CHANGELOG.md b/node/CHANGELOG.md index 0aab648b..4bd87ecf 100644 --- a/node/CHANGELOG.md +++ b/node/CHANGELOG.md @@ -1,5 +1,11 @@ # Changelog +## [5.2.4] + +### Bugfix + +- Fix name vs group for scoped components in CycloneDX output + ## [5.2.3] ### Bugfix diff --git a/node/lib/retire.js b/node/lib/retire.js index e75e0b95..d493a1ef 100644 --- a/node/lib/retire.js +++ b/node/lib/retire.js @@ -4,7 +4,7 @@ */ var exports = exports || {}; -exports.version = '5.2.3'; +exports.version = '5.2.4'; function isDefined(o) { return typeof o !== 'undefined'; diff --git a/node/package-lock.json b/node/package-lock.json index 3ab783ec..6cd81906 100644 --- a/node/package-lock.json +++ b/node/package-lock.json @@ -1,12 +1,12 @@ { "name": "retire", - "version": "5.2.3", + "version": "5.2.4", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "retire", - "version": "5.2.3", + "version": "5.2.4", "license": "Apache-2.0", "dependencies": { "ansi-colors": "^4.1.1", diff --git a/node/package.json b/node/package.json index b909e0bb..5dec1f87 100644 --- a/node/package.json +++ b/node/package.json @@ -2,7 +2,7 @@ "author": "Erlend Oftedal ", "name": "retire", "description": "Retire is a tool for detecting use of vulnerable libraries", - "version": "5.2.3", + "version": "5.2.4", "license": "Apache-2.0", "repository": { "type": "git", diff --git a/node/src/reporters/cyclonedx-1_6-json.ts b/node/src/reporters/cyclonedx-1_6-json.ts index 1c6aad75..4390dc96 100644 --- a/node/src/reporters/cyclonedx-1_6-json.ts +++ b/node/src/reporters/cyclonedx-1_6-json.ts @@ -71,9 +71,11 @@ function configureCycloneDXJSONLogger(logger: Logger, writer: Writer, config: Lo existing.evidence.occurrences.push(...missing); return undefined; } + const nameParts = dep.component.split('/').reverse(); const result = { type: 'library', - name: dep.component, + name: nameParts[0], + group: nameParts[1], version: dep.version, purl: purl, hashes: hashes, diff --git a/node/src/reporters/cyclonedx-json.ts b/node/src/reporters/cyclonedx-json.ts index e080df78..c5dd4b85 100644 --- a/node/src/reporters/cyclonedx-json.ts +++ b/node/src/reporters/cyclonedx-json.ts @@ -67,9 +67,11 @@ function configureCycloneDXJSONLogger(logger: Logger, writer: Writer, config: Lo existing.properties.push(...missing); return undefined; } + const nameParts = dep.component.split('/').reverse(); const result = { type: 'library', - name: dep.component, + name: nameParts[0], + group: nameParts[1], version: dep.version, purl: purl, hashes: hashes, diff --git a/node/src/reporters/cyclonedx.ts b/node/src/reporters/cyclonedx.ts index f823165b..7dc2ca7d 100644 --- a/node/src/reporters/cyclonedx.ts +++ b/node/src/reporters/cyclonedx.ts @@ -58,9 +58,10 @@ function configureCycloneDXLogger(logger: Logger, writer: Writer, config: Logger const purl = generatePURL(dep); if (seen.has(purl)) return ''; seen.add(purl); + const nameParts = dep.component.split('/').reverse(); return ` - ${dep.component} + ${nameParts[0]}${nameParts.length > 1 ? `\n ${nameParts[1]}` : ''} ${dep.version}${hashes} ${mapLicenses(dep.licenses)} ${purl}