Merge pull request #11 from gesa/publication-edits

Formatting edits for 2nd edition publication

Author: stevespringett

excerpts/0x00-Header.html

@@ -212,21 +212,20 @@
   }
 </style>
 <pre class="metadata">
-  title: CycloneDX Bill of Materials Specification
+  title: CycloneDX Bill of materials specification
   shortname: ECMA-424
-  status: draft
+  status: standard
   location: https://tc54.org/ecma424/
   markEffects: true
-  <!-- version: DRAFT -->
   version: 2<sup>nd</sup> Edition
 </pre>
 <p><img src="img/ecma-logo.svg" id="ecma-logo" alt="Ecma International logo"></p>
 <div id="metadata-block">
-  <h1>About this Specification</h1>
+  <h1>About this specification</h1>
   <p>The document at <a href="https://tc54.org/ecma424/">https://tc54.org/ecma424/</a> is the most accurate and
     up-to-date CycloneDX specification.</p>
   <p>This document is available as <a href>a single page</a> and as <a href="multipage/">multiple pages</a>.</p>
-  <h1>Contributing to this Specification</h1>
+  <h1>Contributing to this specification</h1>
   <p>This specification is developed on GitHub with the help of the OWASP community. There are a number of ways to
     contribute to the development of this specification:</p>
   <ul>

excerpts/0x10-Introduction.html

@@ -21,4 +21,5 @@ <h1>Introduction</h1>
         components, CycloneDX enables organizations to achieve greater security and reliability in their supply chains,
         supporting a wide range of use cases from product security to vendor risk management.
     </p>
+    <p class="adoption-info">This Ecma Standard was developed by Technical Committee 54 and was adopted by the General Assembly of December 2025.</p>
 </emu-intro>

excerpts/0x20-Scope-Conformance-References.html

@@ -6,7 +6,7 @@ <h1>Scope</h1>
 <emu-clause id="sec-conformance">
     <h1>Conformance</h1>
     <emu-clause id="sec-requirements-terminology">
-        <h1>Requirements Terminology</h1>
+        <h1>Requirements terminology</h1>
         <p>
             In this standard, the words that are used to define the significance of each requirement are detailed below.
             These words are used in accordance with their definitions in <a href="https://www.ietf.org/rfc/rfc2119.txt">RFC 2119</a>,
@@ -20,7 +20,7 @@ <h1>Requirements Terminology</h1>
         <p>The words "must not", "shall not", "should not", and "not recommended", are the negative forms of "must", "shall", "should", and "recommended", respectively. There is no negative form of "may".</p>
     </emu-clause>
     <emu-clause id="sec-implementation-conformance">
-        <h1>Implementation Conformance</h1>
+        <h1>Implementation conformance</h1>
         <p>
             This standard includes the implementation requirements that systems processing CycloneDX content must satisfy
             in order to achieve conforming interoperability. An implementation is a consumer, or a producer, or both a
@@ -43,15 +43,15 @@ <h1>Implementation Conformance</h1>
 </emu-clause>
 
 <emu-clause id="sec-normative-references">
-    <h1>Normative References</h1>
-    <p>The following referenced documents are indispensable for the application of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.</p>
+    <h1>Normative references</h1>
+    <p>The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.</p>
     <p>
-        RFC 3986, <i>Uniform Resource Identifier (URI): Generic Syntax</i>.<br>
-        <a href="https://datatracker.ietf.org/doc/html/rfc3986">https://datatracker.ietf.org/doc/html/rfc3986</a>
+        ECMA-404, <i>The JSON Data Interchange Format</i><br>
+        <a href="https://ecma-international.org/publications-and-standards/standards/ecma-404/">https://ecma-international.org/publications-and-standards/standards/ecma-404/</a>
     </p>
     <p>
-        ECMA ECMA-404, <i>The JSON Data Interchange Format</i><br>
-        <a href="https://ecma-international.org/publications-and-standards/standards/ecma-404/">https://ecma-international.org/publications-and-standards/standards/ecma-404/</a>
+        IETF RFC 3986, <i>Uniform Resource Identifier (URI): Generic Syntax</i><br>
+        <a href="https://datatracker.ietf.org/doc/html/rfc3986">https://datatracker.ietf.org/doc/html/rfc3986</a>
     </p>
     <p>
         IETF RFC3339, <i>Date and Time on the Internet: Timestamps</i><br>
@@ -72,74 +72,74 @@ <h1>Normative References</h1>
 </emu-clause>
 
 <emu-clause id="sec-terms-and-definitions">
-  <h1>Terms and Definitions</h1>
+  <h1>Terms and definitions</h1>
   <p>For the purposes of this document, the following terms and definitions apply. Terms explicitly defined in this standard are not to be presumed to refer implicitly to similar terms defined elsewhere.</p>
   <emu-clause id="sec-terms-and-definitions-attestation">
-    <h1>Attestation</h1>
+    <h1>attestation</h1>
     <p>A formal declaration that something is true or accurate, often backed by documentation or verification from an authoritative source. It serves as a confirmation or proof of a fact, condition, or compliance with specific standards or requirements.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-author">
-    <h1>Author</h1>
+    <h1>author</h1>
     <p>A person who creates written works, such as software or data.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-component-function">
-    <h1>Component function</h1>
+    <h1>component function</h1>
     <p>The purpose for which a software component exists. Examples of component functions include parsers, database persistence, and authentication providers.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-component-type">
-    <h1>Component type</h1>
+    <h1>component type</h1>
     <p>The general classification of a software components architecture. Examples of component types include libraries, frameworks, applications, containers, and operating systems.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-manufacturer">
-    <h1>Manufacturer</h1>
+    <h1>manufacturer</h1>
     <p>An entity that develops and produces products such as virtual or physical goods.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-direct-dependency">
-    <h1>Direct dependency</h1>
+    <h1>direct dependency</h1>
     <p>A component that is referenced by a main (metadata) component itself.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-purl">
     <h1>Package-URL (PURL)</h1>
     <p>An ecosystem-agnostic specification which standardizes the syntax and location information of software components.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-pedigree">
-    <h1>Pedigree</h1>
+    <h1>pedigree</h1>
     <p>Data which describes the lineage and/or process for which software has been created or altered.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-procurement">
-    <h1>Procurement</h1>
+    <h1>procurement</h1>
     <p>The process of agreeing to terms and acquiring physical or virtual goods or services.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-provenance">
-    <h1>Provenance</h1>
+    <h1>provenance</h1>
     <p>The chain of custody and origin of a software component. Provenance incorporates the point of origin through distribution as well as derivatives in the case of software that has been modified.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-provider">
-    <h1>Provider</h1>
+    <h1>provider</h1>
     <p>An entity that offers services, infrastructure, or platforms. These services can include computing resources, storage, software applications, and networking capabilities.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-publisher">
-    <h1>Publisher</h1>
+    <h1>publisher</h1>
     <p>An entity that produces and distributes content, such as software, to the public.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-swid">
-    <h1>Software Identification (SWID)</h1>
+    <h1>Software identification (SWID)</h1>
     <p>An ISO standard that formalizes XML records that uniquely identify software products, versions, and installations to support asset management, security, and compliance.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-spdx">
     <h1>Software Package Data Exchange (SPDX)</h1>
     <p>A Linux Foundation project which produces a standardized list of open source licences and defines an expression language for those licences.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-supplier">
-    <h1>Supplier</h1>
+    <h1>supplier</h1>
     <p>An entity that provides products or services to another entity, typically within a supply chain.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-third-party-component">
-    <h1>Third-party component</h1>
+    <h1>third-party component</h1>
     <p>Any software component not directly created including open source, "source available", and commercial or proprietary software.</p>
   </emu-clause>
   <emu-clause id="sec-terms-and-definitions-transitive-dependency">
-    <h1>Transitive dependency</h1>
+    <h1>transitive dependency</h1>
     <p>A software component that is indirectly used by another component by means of being a dependency of a dependency.</p>
   </emu-clause>
 </emu-clause>

excerpts/0x30-Overview.html

@@ -11,7 +11,7 @@ <h1>Overview</h1>
     project and, in December 2025, was formally adopted as an Ecma International Standard.
   </p>
   <emu-clause id="sec-overview-purpose-benefits">
-    <h1>Purpose and Benefits</h1>
+    <h1>Purpose and benefits</h1>
     <p>
       At its core, CycloneDX enables software and system transparency. It provides detailed information about
       components such as versions, suppliers, and dependencies, allowing organizations to:
@@ -30,7 +30,7 @@ <h1>Purpose and Benefits</h1>
   </emu-clause>
 
   <emu-clause id="sec-overview-design-philosophy-and-guiding-principles">
-    <h1>Design Philosophy and Guiding Principles</h1>
+    <h1>Design philosophy and guiding principles</h1>
     <p>
       The simplicity of design is at the forefront of the CycloneDX philosophy. The format is easily understandable
       by a wide range of technical and non-technical roles. CycloneDX is a full-stack BOM format with many advanced
@@ -202,7 +202,7 @@ <h3>Common Release Notes Format</h3>
   </emu-clause>
 
   <emu-clause id="sec-cyclonedx-object-model">
-    <h1>CycloneDX Object Model</h1>
+    <h1>CycloneDX object model</h1>
     <p>Within the root element, CycloneDX defines the following object types:</p>
     <emu-figure caption="Root Object Model Overview">
       <img src="img/Object-Model/CycloneDX-Object-Type-Overview.svg" alt="Root Object Model Overview">
@@ -364,8 +364,7 @@ <h4>Extensions</h4>
     <h2>Serialization Formats</h2>
     <p>CycloneDX can be represented in JSON, XML, and Protocol Buffers (protobuf) and has corresponding schemas for each.</p>
 
-    <emu-table id="table-cyclonedx-serialization-formats">
-      <caption>Serialization formats in CycloneDX</caption>
+    <emu-table id="table-cyclonedx-serialization-formats" caption="Serialization formats in CycloneDX">
       <table>
         <thead>
         <tr>

excerpts/1x10-Grammar.html

@@ -1,6 +1,6 @@
 <!--
 <emu-annex id="sec-grammar-summary">
-  <h1>Grammar Summary</h1>
+  <h1>Grammar summary</h1>
   <p>TODO</p>
 </emu-annex>
 -->

package.json

@@ -21,7 +21,8 @@
     "build-only": "ecmarkup --verbose spec.html --multipage out",
     "build": "npm run build-head",
     "build-for-pdf": "npm run prebuild-only && ecmarkup --verbose spec.html out/index.html --assets external --assets-dir out --printable --lint-spec",
-    "pdf": "npm run build-for-pdf && pagedjs-cli --page-size a4 out/index.html -o out/index.pdf",
+    "pdf": "npm run build-for-pdf && prince-books --script ./node_modules/ecmarkup/js/print.js out/index.html -o out/ECMA-424.pdf",
+    "local-dev-pdf": "npm run generate-spec && npm run pdf",
     "prebuild-snapshot": "npm run clean",
     "build-snapshot": "npm run build-head && node scripts/insert_snapshot_warning.js",
     "clean": "rm -rf out",