From 5cc55547e701b5d0756dbf9e5445ecdee17ae7ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gautier=20Ben=20A=C3=AFm?= Date: Fri, 12 Sep 2025 13:59:16 +0200 Subject: [PATCH 1/9] chore!: replace optional deps with peer deps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Gautier Ben Aïm --- package.json | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/package.json b/package.json index f6f2aa64c..83ddbb25d 100644 --- a/package.json +++ b/package.json @@ -83,13 +83,30 @@ "packageurl-js": "^2.0.1", "spdx-expression-parse": "^3.0.1 || ^4" }, - "optionalDependencies": { + "peerDependencies": { "ajv": "^8.12.0", "ajv-formats": "^3.0.1", "ajv-formats-draft2019": "^1.6.1", "libxmljs2": "^0.35||^0.37", "xmlbuilder2": "^3.0.2" }, + "peerDependenciesMeta": { + "ajv": { + "optional": true + }, + "ajv-formats": { + "optional": true + }, + "ajv-formats-draft2019": { + "optional": true + }, + "libxmljs2": { + "optional": true + }, + "xmlbuilder2": { + "optional": true + } + }, "devDependencies": { "@types/mocha": "^10", "@types/node": "ts5.7", From a49305eacfacc5899ce911521eb9c8740396061d Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Fri, 12 Sep 2025 19:43:16 +0200 Subject: [PATCH 2/9] Update README.md Signed-off-by: Jan Kowalleck --- README.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 90df7ddbf..2fd141020 100644 --- a/README.md +++ b/README.md @@ -120,12 +120,12 @@ pnpm add github:CycloneDX/cyclonedx-javascript-library yarn add @cyclonedx/cyclonedx-library@github:CycloneDX/cyclonedx-javascript-library # only with yarn-2 ``` -## Optional Dependencies +## Optional Peer Dependencies -Some dependencies are optional. +Some peer dependencies are optional. See the shipped `package.json` for version constraints. -* Serialization to XML on _Node.js_ requires any of: +* Serialization to XML on _Node.js_ requires all of: * [`xmlbuilder2`](https://www.npmjs.com/package/xmlbuilder2) * Validation of JSON on _Node.js_ requires all of: * [`ajv`](https://www.npmjs.com/package/ajv) From 96029e4084652fb9f77db79dc5e3f21befb91811 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 13 Sep 2025 11:01:35 +0200 Subject: [PATCH 3/9] docs Signed-off-by: Jan Kowalleck --- HISTORY.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/HISTORY.md b/HISTORY.md index 491a4d7eb..d1dbea064 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -6,6 +6,14 @@ All notable changes to this project will be documented in this file. +* BREAKING Changes + * Optional dependencies became optional peer dependencies (via [#1295]) +* Added + * Give downstream users control over optional dependencies ([#1294] via [#1295]) + +[#1294]: https://github.com/CycloneDX/cyclonedx-javascript-library/issues/1294 +[#1295]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/1295 + ## 8.6.0 -- 2025-09-09 * Changed From ff0df18b9c9316ce1c642bc9be898b52787481ca Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 13 Sep 2025 11:21:31 +0200 Subject: [PATCH 4/9] needed def deps Signed-off-by: Jan Kowalleck --- .github/workflows/nodejs.yml | 5 +++-- package.json | 5 +++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/nodejs.yml b/.github/workflows/nodejs.yml index fcffeb08a..9b8a9a70f 100644 --- a/.github/workflows/nodejs.yml +++ b/.github/workflows/nodejs.yml @@ -276,12 +276,13 @@ jobs: - name: setup library run: | set -ex + dev_constraints=' npm-run-all2 c8 mocha fast-glob rimraf ' echo "::group::install prod" npm i --ignore-scripts --omit=optional --omit=dev --loglevel=silly echo "::endgroup::" - echo "::endgroup::install dev" + echo "::group::install dev" ## install the needed dev-deps - npm i --ignore-scripts --omit=optional --no-save --loglevel=silly mocha c8 npm-run-all2 fast-glob + npm i --ignore-scripts --omit=optional --no-save --loglevel=silly $dev_constraints echo "::endgroup::" - name: fetch build artifact # see https://github.com/actions/download-artifact diff --git a/package.json b/package.json index 83ddbb25d..390cb6343 100644 --- a/package.json +++ b/package.json @@ -108,6 +108,11 @@ } }, "devDependencies": { + "ajv": "^8.12.0", + "ajv-formats": "^3.0.1", + "ajv-formats-draft2019": "^1.6.1", + "libxmljs2": "^0.35||^0.37", + "xmlbuilder2": "^3.0.2", "@types/mocha": "^10", "@types/node": "ts5.7", "@types/spdx-expression-parse": "^3", From 9697c0e64fb159c6480d6cf90c8a7eb5cb6fd0aa Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 13 Sep 2025 13:00:47 +0200 Subject: [PATCH 5/9] examples add optional dependencies Signed-off-by: Jan Kowalleck --- examples/node/typescript/example.cjs/package.json | 6 ++++++ examples/node/typescript/example.mjs/package.json | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/examples/node/typescript/example.cjs/package.json b/examples/node/typescript/example.cjs/package.json index 6542fa7b8..de556f4f4 100644 --- a/examples/node/typescript/example.cjs/package.json +++ b/examples/node/typescript/example.cjs/package.json @@ -7,6 +7,12 @@ "@cyclonedx/cyclonedx-library": "file:../../../..", "xmlbuilder2": "^3.0.2" }, + "optionalDependencies": { + "ajv": "^8.12.0", + "ajv-formats": "^3.0.1", + "ajv-formats-draft2019": "^1.6.1", + "libxmljs2": "^0.35||^0.37" + }, "devDependencies": { "@types/node": "*", "typescript": "^3.8 || ^4 || ^5" diff --git a/examples/node/typescript/example.mjs/package.json b/examples/node/typescript/example.mjs/package.json index 10ace5b0e..0e11739a9 100644 --- a/examples/node/typescript/example.mjs/package.json +++ b/examples/node/typescript/example.mjs/package.json @@ -10,6 +10,12 @@ "@cyclonedx/cyclonedx-library": "file:../../../..", "xmlbuilder2": "^3.0.2" }, + "optionalDependencies": { + "ajv": "^8.12.0", + "ajv-formats": "^3.0.1", + "ajv-formats-draft2019": "^1.6.1", + "libxmljs2": "^0.35||^0.37" + }, "devDependencies": { "@types/node": "*", "typescript": "^4 || ^5" From e06b92be7dc8b314e59710db6f4dc8aa3f9c7175 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 13 Sep 2025 13:06:22 +0200 Subject: [PATCH 6/9] examples add optional dependencies Signed-off-by: Jan Kowalleck --- examples/node/javascript/package.json | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/examples/node/javascript/package.json b/examples/node/javascript/package.json index 356e6a8f5..eb6467451 100644 --- a/examples/node/javascript/package.json +++ b/examples/node/javascript/package.json @@ -5,5 +5,11 @@ "dependencies": { "@cyclonedx/cyclonedx-library": "file:../../..", "xmlbuilder2": "^3.0.2" + }, + "optionalDependencies": { + "ajv": "^8.12.0", + "ajv-formats": "^3.0.1", + "ajv-formats-draft2019": "^1.6.1", + "libxmljs2": "^0.35||^0.37" } } From 3dcff690a7ff1c3d5b8f518417a1e10276b48a34 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 13 Sep 2025 13:26:34 +0200 Subject: [PATCH 7/9] exmaples: install lib as packed, not linked Signed-off-by: Jan Kowalleck --- examples/node/javascript/.gitignore | 1 + examples/node/javascript/.npmrc | 1 + examples/node/typescript/example.cjs/.gitignore | 1 + examples/node/typescript/example.cjs/.npmrc | 1 + examples/node/typescript/example.mjs/.gitignore | 1 + examples/node/typescript/example.mjs/.npmrc | 1 + examples/web/parcel/.gitignore | 1 + examples/web/parcel/.npmrc | 1 + examples/web/webpack/.gitignore | 1 + examples/web/webpack/.npmrc | 1 + 10 files changed, 10 insertions(+) create mode 100644 examples/node/javascript/.npmrc create mode 100644 examples/node/typescript/example.cjs/.npmrc create mode 100644 examples/node/typescript/example.mjs/.npmrc create mode 100644 examples/web/parcel/.npmrc create mode 100644 examples/web/webpack/.npmrc diff --git a/examples/node/javascript/.gitignore b/examples/node/javascript/.gitignore index 924f1c5bb..2594a7fd7 100644 --- a/examples/node/javascript/.gitignore +++ b/examples/node/javascript/.gitignore @@ -3,3 +3,4 @@ !/example.mjs !/example.cjs !/package.json +!/.npmrc diff --git a/examples/node/javascript/.npmrc b/examples/node/javascript/.npmrc new file mode 100644 index 000000000..c7d351733 --- /dev/null +++ b/examples/node/javascript/.npmrc @@ -0,0 +1 @@ +install-links=true diff --git a/examples/node/typescript/example.cjs/.gitignore b/examples/node/typescript/example.cjs/.gitignore index ebd816824..8e6bbe8e1 100644 --- a/examples/node/typescript/example.cjs/.gitignore +++ b/examples/node/typescript/example.cjs/.gitignore @@ -1,6 +1,7 @@ * !/.gitignore !/package.json +!/.npmrc !/tsconfig.json !/src !/src/** diff --git a/examples/node/typescript/example.cjs/.npmrc b/examples/node/typescript/example.cjs/.npmrc new file mode 100644 index 000000000..c7d351733 --- /dev/null +++ b/examples/node/typescript/example.cjs/.npmrc @@ -0,0 +1 @@ +install-links=true diff --git a/examples/node/typescript/example.mjs/.gitignore b/examples/node/typescript/example.mjs/.gitignore index ebd816824..7a7d6f17a 100644 --- a/examples/node/typescript/example.mjs/.gitignore +++ b/examples/node/typescript/example.mjs/.gitignore @@ -1,5 +1,6 @@ * !/.gitignore +!/.npmrc !/package.json !/tsconfig.json !/src diff --git a/examples/node/typescript/example.mjs/.npmrc b/examples/node/typescript/example.mjs/.npmrc new file mode 100644 index 000000000..c7d351733 --- /dev/null +++ b/examples/node/typescript/example.mjs/.npmrc @@ -0,0 +1 @@ +install-links=true diff --git a/examples/web/parcel/.gitignore b/examples/web/parcel/.gitignore index 553cd2d84..ab44af385 100644 --- a/examples/web/parcel/.gitignore +++ b/examples/web/parcel/.gitignore @@ -1,5 +1,6 @@ * !/.gitignore !/package.json +!/.npmrc !/src/ !/src/** diff --git a/examples/web/parcel/.npmrc b/examples/web/parcel/.npmrc new file mode 100644 index 000000000..c7d351733 --- /dev/null +++ b/examples/web/parcel/.npmrc @@ -0,0 +1 @@ +install-links=true diff --git a/examples/web/webpack/.gitignore b/examples/web/webpack/.gitignore index a702816e3..2e21278e2 100644 --- a/examples/web/webpack/.gitignore +++ b/examples/web/webpack/.gitignore @@ -1,6 +1,7 @@ * !/.gitignore !/package.json +!/.npmrc !/webpack.json !/src/ !/src/** diff --git a/examples/web/webpack/.npmrc b/examples/web/webpack/.npmrc new file mode 100644 index 000000000..c7d351733 --- /dev/null +++ b/examples/web/webpack/.npmrc @@ -0,0 +1 @@ +install-links=true From 2b95bcfcbe2683076677930e29797440ccb11901 Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 13 Sep 2025 13:30:36 +0200 Subject: [PATCH 8/9] docs Signed-off-by: Jan Kowalleck --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2fd141020..6534a903c 100644 --- a/README.md +++ b/README.md @@ -125,7 +125,7 @@ yarn add @cyclonedx/cyclonedx-library@github:CycloneDX/cyclonedx-javascript-libr Some peer dependencies are optional. See the shipped `package.json` for version constraints. -* Serialization to XML on _Node.js_ requires all of: +* Serialization to XML on _Node.js_ requires any of: * [`xmlbuilder2`](https://www.npmjs.com/package/xmlbuilder2) * Validation of JSON on _Node.js_ requires all of: * [`ajv`](https://www.npmjs.com/package/ajv) From 7a358d42753ad5f74968b9b4fc41b2da7b6c9fbb Mon Sep 17 00:00:00 2001 From: Jan Kowalleck Date: Sat, 13 Sep 2025 13:34:03 +0200 Subject: [PATCH 9/9] docs Signed-off-by: Jan Kowalleck --- examples/node/javascript/.npmrc | 4 ++++ examples/node/typescript/example.cjs/.npmrc | 4 ++++ examples/node/typescript/example.mjs/.npmrc | 4 ++++ examples/web/parcel/.npmrc | 4 ++++ examples/web/webpack/.npmrc | 4 ++++ 5 files changed, 20 insertions(+) diff --git a/examples/node/javascript/.npmrc b/examples/node/javascript/.npmrc index c7d351733..9fadac2bf 100644 --- a/examples/node/javascript/.npmrc +++ b/examples/node/javascript/.npmrc @@ -1 +1,5 @@ +; see the docs: https://docs.npmjs.com/cli/v11/using-npm/config + +; our lib has some peer deps that need to be installed. +; due to how node module resolution works, we must not install the lib as a symlink! install-links=true diff --git a/examples/node/typescript/example.cjs/.npmrc b/examples/node/typescript/example.cjs/.npmrc index c7d351733..9fadac2bf 100644 --- a/examples/node/typescript/example.cjs/.npmrc +++ b/examples/node/typescript/example.cjs/.npmrc @@ -1 +1,5 @@ +; see the docs: https://docs.npmjs.com/cli/v11/using-npm/config + +; our lib has some peer deps that need to be installed. +; due to how node module resolution works, we must not install the lib as a symlink! install-links=true diff --git a/examples/node/typescript/example.mjs/.npmrc b/examples/node/typescript/example.mjs/.npmrc index c7d351733..9fadac2bf 100644 --- a/examples/node/typescript/example.mjs/.npmrc +++ b/examples/node/typescript/example.mjs/.npmrc @@ -1 +1,5 @@ +; see the docs: https://docs.npmjs.com/cli/v11/using-npm/config + +; our lib has some peer deps that need to be installed. +; due to how node module resolution works, we must not install the lib as a symlink! install-links=true diff --git a/examples/web/parcel/.npmrc b/examples/web/parcel/.npmrc index c7d351733..9fadac2bf 100644 --- a/examples/web/parcel/.npmrc +++ b/examples/web/parcel/.npmrc @@ -1 +1,5 @@ +; see the docs: https://docs.npmjs.com/cli/v11/using-npm/config + +; our lib has some peer deps that need to be installed. +; due to how node module resolution works, we must not install the lib as a symlink! install-links=true diff --git a/examples/web/webpack/.npmrc b/examples/web/webpack/.npmrc index c7d351733..9fadac2bf 100644 --- a/examples/web/webpack/.npmrc +++ b/examples/web/webpack/.npmrc @@ -1 +1,5 @@ +; see the docs: https://docs.npmjs.com/cli/v11/using-npm/config + +; our lib has some peer deps that need to be installed. +; due to how node module resolution works, we must not install the lib as a symlink! install-links=true