You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: accepted/0000-sbom-command.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -52,11 +52,11 @@ While you can effectively generate the same output we’re proposing with this c
52
52
53
53
## Implementation
54
54
55
-
The `npm-sbom` command is similar in function to `npm-ls` command and will likely utilize a similar implementation. We’ll use <code>[arborist](https://github.com/npm/cli/tree/latest/workspaces/arborist)</code> to construct the dependency tree and the <code>[treeverse](https://github.com/isaacs/treeverse)</code> library to traverse the tree and assemble the SBOM.
55
+
The `npm-sbom` command will use <code>[arborist](https://github.com/npm/cli/tree/latest/workspaces/arborist)</code> to construct the dependency tree for the current project and then invoke `querySelectorAll`to select the set of nodes to be included in the SBOM.
56
56
57
57
### Errors
58
58
59
-
When using the `node_modules` to render the SBOM (i.e. when NOT using the `--package-lock-only` flag) and of the following conditions will cause an error to be reported and prevent the SBOM from being generated:
59
+
When using the `node_modules` to render the SBOM (i.e. when NOT using the `--package-lock-only` flag) any of the following conditions will cause an error to be reported and prevent the SBOM from being generated:
60
60
61
61
- Any missing dependencies which are NOT marked as optional
62
62
- Any invalid dependencies (e.g. a mismatch between the `package-lock.json` and the `node_modules`)
0 commit comments