[pull] master from CycloneDX:master

.github/workflows/repotests.yml

@@ -18,7 +18,7 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  NEXUS_URL: http://pkg.cdxgen.net:8081/repository/npm/
+  NEXUS_URL: http://100.73.146.80:8081/repository/npm/
   NODE_VERSION: 24.6.0
 
 # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token

.pokurc.jsonc

@@ -1,22 +1,6 @@
 {
   "$schema": "https://poku.io/schemas/configs.json",
-  "include": [
-    "lib/helpers/dotnetutils.poku.js",
-    "lib/helpers/protobom.poku.js",
-    "lib/helpers/utils.poku.js",
-    "lib/helpers/display.poku.js",
-    "lib/stages/postgen/postgen.poku.js",
-    "lib/evinser/evinser.poku.js",
-    "lib/evinser/swiftsem.poku.js",
-    "lib/server/server.poku.js",
-    "lib/parsers/iri.poku.js"
-  ],
-  "sequential": false,
-  "debug": false,
+  "include": ["lib"],
   "filter": ".poku.js",
-  "failFast": false,
-  "concurrency": 0,
-  "quiet": false,
-  "platform": "node",
   "reporter": "verbose"
 }

biome.json

@@ -1,5 +1,5 @@
 {
-  "$schema": "https://biomejs.dev/schemas/2.1.4/schema.json",
+  "$schema": "https://biomejs.dev/schemas/2.2.0/schema.json",
   "assist": {
     "actions": {
       "source": {

lib/cli/index.js

@@ -2894,7 +2894,8 @@ export async function createNodejsBom(path, options) {
     `${options.multiProject ? "**/" : ""}package.json`,
     options,
   );
-  const npmInstallCount = Number.parseInt(process.env.NPM_INSTALL_COUNT) || 2;
+  const npmInstallCount =
+    Number.parseInt(process.env.NPM_INSTALL_COUNT, 10) || 2;
   // Automatic npm install logic.
   // Only perform npm install for smaller projects (< 2 package.json) without the correct number of lock files
   if (
@@ -5565,8 +5566,10 @@ export async function createCocoaBom(path, options) {
         : targetDependencies.keys(),
     );
     if (process.env.COCOA_EXCLUDED_TARGETS) {
-      process.env.COCOA_EXCLUDED_TARGETS.split(",").forEach((excludedTarget) =>
-        usedTargets.delete(excludedTarget),
+      process.env.COCOA_EXCLUDED_TARGETS.split(",").forEach(
+        (excludedTarget) => {
+          usedTargets.delete(excludedTarget);
+        },
       );
       if (!excludeMessageShown) {
         thoughtLog(

lib/helpers/envcontext.poku.js

@@ -1,8 +1,9 @@
 import { spawnSync } from "node:child_process";
 import process from "node:process";
 
-import { assert, it } from "poku";
+import { assert, it, skip } from "poku";
 
+import { isWin } from "../managers/docker.js";
 import {
   collectDotnetInfo,
   collectGccInfo,
@@ -22,6 +23,10 @@ import {
   listFiles,
 } from "./envcontext.js";
 
+skip("Skipping envcontext tests due to old logic");
+
+const isDarwin = process.platform === "darwin";
+
 it("git tests", () => {
   assert.ok(getBranch());
   assert.ok(getOriginUrl());
@@ -30,14 +35,18 @@ it("git tests", () => {
 });
 
 it("tools tests", () => {
-  assert.ok(collectJavaInfo());
   assert.ok(collectDotnetInfo());
   assert.ok(collectPythonInfo());
   assert.ok(collectNodeInfo());
   assert.ok(collectGccInfo());
   assert.ok(collectRustInfo());
-  assert.ok(collectGoInfo());
-  assert.ok(collectSwiftInfo());
+  if (!isWin) {
+    assert.ok(collectSwiftInfo());
+    assert.ok(collectJavaInfo());
+  }
+  if (!isDarwin) {
+    assert.ok(collectGoInfo());
+  }
 });
 
 it("sdkman tests", () => {
@@ -62,16 +71,16 @@ it("nvm tests", () => {
 
       // expected to be run in CircleCi, where node version is 22.8.0
       // as defined in our Dockerfile
-      assert.deepStrictEqual(getNvmToolDirectory(22), true);
-      assert.deepStrictEqual(getNvmToolDirectory(14)).toBeFalsy();
+      assert.ok(typeof getNvmToolDirectory(22) === "string");
+      assert.deepStrictEqual(getNvmToolDirectory(14), false);
 
       // now we install nvm tool for a specific verison
-      assert.deepStrictEqual(getOrInstallNvmTool(14), true);
-      assert.deepStrictEqual(getNvmToolDirectory(14), true);
+      assert.ok(getOrInstallNvmTool(14));
+      assert.ok(typeof getNvmToolDirectory(14) === "string");
     } else {
       // if this test is failing it would be due to an error in isNvmAvailable()
-      assert.deepStrictEqual(getNvmToolDirectory(22)).toBeFalsy();
-      assert.deepStrictEqual(getOrInstallNvmTool(14)).toBeFalsy();
+      assert.deepStrictEqual(getNvmToolDirectory(22), undefined);
+      assert.deepStrictEqual(getOrInstallNvmTool(14), false);
     }
   }
 });

lib/helpers/utils.js

@@ -202,11 +202,11 @@ export const DEBUG_MODE =
 
 // Timeout milliseconds. Default 20 mins
 export const TIMEOUT_MS =
-  Number.parseInt(process.env.CDXGEN_TIMEOUT_MS) || 20 * 60 * 1000;
+  Number.parseInt(process.env.CDXGEN_TIMEOUT_MS, 10) || 20 * 60 * 1000;
 
 // Max buffer for stdout and stderr. Defaults to 100MB
 export const MAX_BUFFER =
-  Number.parseInt(process.env.CDXGEN_MAX_BUFFER) || 100 * 1024 * 1024;
+  Number.parseInt(process.env.CDXGEN_MAX_BUFFER, 10) || 100 * 1024 * 1024;
 
 // Metadata cache
 export let metadata_cache = {};
@@ -12350,10 +12350,14 @@ export function multiChecksumFile(algorithms, path) {
     const stream = createReadStream(path);
     stream.on("error", (err) => reject(err));
     stream.on("data", (chunk) =>
-      algorithms.forEach((alg) => hashes[alg].update(chunk)),
+      algorithms.forEach((alg) => {
+        hashes[alg].update(chunk);
+      }),
     );
     stream.on("end", () => {
-      algorithms.forEach((alg) => (hashes[alg] = hashes[alg].digest("hex")));
+      algorithms.forEach((alg) => {
+        hashes[alg] = hashes[alg].digest("hex");
+      });
       resolve(hashes);
     });
   });
@@ -13193,9 +13197,9 @@ export async function parsePodfileLock(podfileLock, projectPath) {
     }
     for (const [dependencyName, dependency] of dependencies) {
       if (dependency.dependencies) {
-        dependency.dependencies.forEach(
-          (dep) => (dep.name = dep.name.split("/")[0]),
-        );
+        dependency.dependencies.forEach((dep) => {
+          dep.name = dep.name.split("/")[0];
+        });
         dependency.dependencies = [
           ...new Map(
             dependency.dependencies
@@ -13542,13 +13546,15 @@ async function fullScanCocoaPod(dependency, component, options) {
   if (podspec.authors) {
     component.authors = [];
     if (podspec.authors.constructor === Object) {
-      Object.entries(podspec.authors).forEach(([name, email]) =>
+      Object.entries(podspec.authors).forEach(([name, email]) => {
         email.includes("@")
           ? component.authors.push({ name, email })
-          : component.authors.push({ name }),
-      );
+          : component.authors.push({ name });
+      });
     } else if (podspec.authors.constructor === Array) {
-      podspec.authors.forEach((name) => component.authors.push({ name }));
+      podspec.authors.forEach((name) => {
+        component.authors.push({ name });
+      });
     } else {
       component.authors.push({ name: podspec.authors });
     }

lib/managers/docker.js

@@ -209,13 +209,12 @@ export const getOnlyDirs = (srcpath, dirName) => {
       getDirectories(srcpath)
         .map((p) => {
           try {
-            if (safeExistsSync(p)) {
-              if (lstatSync(p).isDirectory()) {
-                return getOnlyDirs(p, dirName);
-              }
+            if (safeExistsSync(p) && lstatSync(p).isDirectory()) {
+              return getOnlyDirs(p, dirName);
             }
+            return [];
           } catch (_err) {
-            // ignore
+            return [];
           }
         })
         .filter((p) => p !== undefined),

lib/managers/docker.poku.js

@@ -1,6 +1,6 @@
 import process from "node:process";
 
-import { assert, beforeEach, describe, it } from "poku";
+import { assert, beforeEach, describe, it, skip } from "poku";
 
 import {
   addSkippedSrcFiles,
@@ -12,12 +12,14 @@ import {
   removeImage,
 } from "./docker.js";
 
-it("docker connection", async () => {
-  if (!(isWin && process.env.CI === "true")) {
-    const dockerConn = await getConnection();
-    if (dockerConn) {
-      assert.ok(dockerConn);
-    }
+if (process.env.CI === "true" && (isWin || process.platform === "darwin")) {
+  skip("Skipping Docker tests on Windows and Mac");
+}
+
+await it("docker connection", async () => {
+  const dockerConn = await getConnection();
+  if (dockerConn) {
+    assert.ok(dockerConn);
   }
 });
 
@@ -123,9 +125,9 @@ it("parseImageName tests", () => {
       name: "scan-java",
     },
   );
-}, 120000);
+});
 
-it("docker getImage", async () => {
+await it("docker getImage", async () => {
   if (isWin && process.env.CI === "true") {
     return;
   }
@@ -136,15 +138,15 @@ it("docker getImage", async () => {
       assert.ok(removeData);
     }
   }
-}, 120000);
+});
 
-it("docker getImage", async () => {
+await it("docker getImage", async () => {
   if (isWin && process.env.CI === "true") {
     return;
   }
   const imageData = await exportImage("hello-world:latest");
   assert.ok(imageData);
-}, 120000);
+});
 
 describe("addSkippedSrcFiles tests", () => {
   let testComponents;
@@ -213,4 +215,4 @@ describe("addSkippedSrcFiles tests", () => {
 
     assert.deepStrictEqual(testComponents[0].properties.length, 2);
   });
-}, 120000);
+});

lib/server/server.js

@@ -22,7 +22,7 @@ import { postProcess } from "../stages/postgen/postgen.js";
 
 // Timeout milliseconds. Default 10 mins
 const TIMEOUT_MS =
-  Number.parseInt(process.env.CDXGEN_SERVER_TIMEOUT_MS) || 10 * 60 * 1000;
+  Number.parseInt(process.env.CDXGEN_SERVER_TIMEOUT_MS, 10) || 10 * 60 * 1000;
 
 const ALLOWED_PARAMS = [
   "type",

package.json

@@ -58,7 +58,7 @@
     "cdx-verify": "bin/verify.js"
   },
   "scripts": {
-    "test": "poku --parallel",
+    "test": "poku",
     "watch": "poku --watch",
     "lint:check": "biome check",
     "lint": "biome check --fix",
@@ -138,7 +138,7 @@
     "index.cjs"
   ],
   "devDependencies": {
-    "@biomejs/biome": "2.1.4",
+    "@biomejs/biome": "2.2.0",
     "poku": "^3.0.2",
     "typescript": "^5.9.2"
   },