export function isSensitiveEnvironmentVariableName(varName: any): boolean; export function recordObservedActivity(kind: any, target: any, options?: {}): any; export function recordDecisionActivity(target: any, options?: {}): any; export function recordDiscoveryActivity(target: any, options?: {}): any; export function recordPolicyActivity(target: any, options?: {}): any; export function recordSymlinkResolution(sourcePath: any, resolvedPath: any, options?: {}): any; export function recordEnvironmentRead(varName: any, options?: {}): any; export function recordSensitiveFileRead(filePath: any, options?: {}): any; export function readEnvironmentVariable(varName: any, options?: {}): any; export function setDryRunMode(enabled: any): void; export function createDryRunError(action: any, target: any, reason: any): Error; export function isDryRunError(error: any): boolean; export function setActivityContext(context?: {}): void; export function resetActivityContext(): void; export function recordActivity(activity: any): any; export function getRecordedActivities(): any[]; export function resetRecordedActivities(): void; /** * Safely check if a file path exists without crashing due to a lack of permissions * * @param {String} filePath File path * @Boolean True if the path exists. False otherwise */ export function safeExistsSync(filePath: string): any; export function safeWriteSync(filePath: any, data: any, options: any): undefined; /** * Safely create a directory without crashing due to a lack of permissions * * @param {String} filePath File path * @param options {Options} mkdir options * @Boolean True if the path exists. False otherwise */ export function safeMkdirSync(filePath: string, options: Options): undefined; export function safeMkdtempSync(prefix: any, options?: undefined): any; export function safeRmSync(filePath: any, options?: undefined): undefined; export function safeUnlinkSync(filePath: any): undefined; export function safeCopyFileSync(src: any, dest: any, mode?: undefined): any; export function safeExtractArchive(sourcePath: any, targetPath: any, extractor: any, kind?: string, options?: undefined): Promise; /** * Safe wrapper around spawnSync that enforces permission checks, injects default * options (maxBuffer, encoding, timeout), warns about unsafe Python and pip/uv * invocations, and records every executed command in the commandsExecuted set. * * @param {string} command The executable to spawn * @param {string[]} args Arguments to pass to the command * @param {Object} options Options forwarded to spawnSync (e.g. cwd, env, shell) * @returns {Object} spawnSync result object with status, stdout, stderr, and error fields */ export function safeSpawnSync(command: string, args: string[], options: Object): Object; /** * Determines whether license information should be fetched from remote sources, * based on the FETCH_LICENSE environment variable. * * @returns {boolean} True if the FETCH_LICENSE env var is set to "true" or "1" */ export function shouldFetchLicense(): boolean; /** * Determines whether remote package metadata should be fetched for enrichment. * * @returns {boolean} True when registry metadata enrichment is enabled. */ export function shouldFetchPackageMetadata(): boolean; /** * Determines whether VCS (version control system) information should be fetched * for Go packages, based on the GO_FETCH_VCS environment variable. * * @returns {boolean} True if the GO_FETCH_VCS env var is set to "true" or "1" */ export function shouldFetchVCS(): boolean; /** * Returns the Java executable command to use, resolved in priority order: * JAVA_CMD env var > JAVA_HOME/bin/java > "java". * * @returns {string} Path or name of the Java executable */ export function getJavaCommand(): string; /** * Returns the Python executable command to use, resolved in priority order: * PYTHON_CMD env var > CONDA_PYTHON_EXE env var > "python". * * @returns {string} Path or name of the Python executable */ export function getPythonCommand(): string; /** * Method to check if a given feature flag is enabled. * * @param {Object} cliOptions CLI options * @param {String} feature Feature flag * * @returns {Boolean} True if the feature is enabled */ export function isFeatureEnabled(cliOptions: Object, feature: string): boolean; /** * Method to check if the given project types are allowed by checking against include and exclude types passed from the CLI arguments. * * @param {Array} projectTypes project types to check * @param {Object} options CLI options * @param {Boolean} defaultStatus Default return value if there are no types provided */ export function hasAnyProjectType(projectTypes: any[], options: Object, defaultStatus?: boolean): any; /** * Determine whether the predictive dependency audit should run for the current * CLI invocation. * * OBOM-focused runs (`obom` or explicit `-t os` / OS aliases only) should keep * the direct BOM audit findings but skip the predictive dependency audit. * * @param {object} options CLI options * @param {string} [commandPath] Invoked command path or name * @returns {boolean} True when predictive dependency audit should run */ export function shouldRunPredictiveBomAudit(options: object, commandPath?: string): boolean; /** * Determine the default BOM audit categories for the current CLI invocation. * * OBOM-focused runs should default to the runtime-specific rule pack unless the * user explicitly requests other categories. * * @param {object} options CLI options * @param {string} [commandPath] Invoked command path or name * @returns {string | undefined} Default category string, if any */ export function getDefaultBomAuditCategories(options: object, commandPath?: string): string | undefined; /** * Convenient method to check if the given package manager is allowed. * * @param {String} name Package manager name * @param {Array} conflictingManagers List of package managers * @param {Object} options CLI options * * @returns {Boolean} True if the package manager is allowed */ export function isPackageManagerAllowed(name: string, conflictingManagers: any[], options: Object): boolean; export function isAllowedHttpHost(hostname: any, allowedHostsEnv?: any): boolean; /** * Method to get files matching a pattern * * @param {string} dirPath Root directory for search * @param {string} pattern Glob pattern (eg: *.gradle) * @param {Object} options CLI options * * @returns {Array[string]} List of matched files */ export function getAllFiles(dirPath: string, pattern: string, options?: Object): any; /** * Method to get files matching a pattern * * @param {string} dirPath Root directory for search * @param {string} pattern Glob pattern (eg: *.gradle) * @param {Boolean} includeDot whether hidden files can be included. * @param {Array} ignoreList Directory patterns to ignore * * @returns {Array[string]} List of matched files */ export function getAllFilesWithIgnore(dirPath: string, pattern: string, includeDot: boolean, ignoreList: any[]): any; /** * Return the current timestamp in YYYY-MM-DDTHH:MM:SSZ format. * * @returns {string} ISO formatted timestamp, without milliseconds. */ export function getTimestamp(): string; export function getTmpDir(): any; /** * Method to determine if a license is a valid SPDX license expression * * @param {string} license License string * @returns {boolean} true if the license is a valid SPDX license expression * @see https://spdx.dev/learn/handling-license-info/ **/ export function isSpdxLicenseExpression(license: string): boolean; /** * Convert the array of licenses to a CycloneDX 1.5 compliant license array. * This should return an array containing: * - one or more SPDX license if no expression is present * - the license of the expression if one expression is present * - a unified conditional 'OR' license expression if more than one expression is present * * @param {Array} licenses Array of licenses * @returns {Array} CycloneDX 1.5 compliant license array */ export function adjustLicenseInformation(licenses: any[]): any[]; /** * Performs a lookup + validation of the license specified in the * package. If the license is a valid SPDX license ID, set the 'id' * and url of the license object, otherwise, set the 'name' of the license * object. */ export function getLicenses(pkg: any): any[] | undefined; /** * Method to retrieve known license by known-licenses.json * * @param {String} licenseUrl Repository url * @param {String} pkg Bom ref * @return {Object} Objetct with SPDX license id or license name */ export function getKnownLicense(licenseUrl: string, pkg: string): Object; /** * Tries to find a file containing the license text based on commonly * used naming and content types. If a candidate file is found, add * the text to the license text object and stop. */ export function addLicenseText(pkg: any, l: any, licenseContent: any): void; /** * Read the file from the given path to the license text object and includes * content-type attribute, if not default. Returns the license text object. */ export function readLicenseText(licenseFilepath: any, licenseContentType: any): { content: any; } | null; /** * Fetches license information for a list of Swift packages by querying the * GitHub repository license API for packages hosted on github.com. * * @param {Object[]} pkgList List of Swift package objects with optional repository.url fields * @returns {Promise} Resolved list of package objects, each augmented with a license field where available */ export function getSwiftPackageMetadata(pkgList: Object[]): Promise; /** * Method to retrieve metadata for npm packages by querying npmjs * * @param {Array} pkgList Package list */ export function getNpmMetadata(pkgList: any[]): Promise; export function parsePkgJson(pkgJsonFile: any, simple?: boolean, securityProps?: boolean): Promise; /** * Parse nodejs package lock file * * @param {string} pkgLockFile package-lock.json file * @param {object} options Command line options */ export function parsePkgLock(pkgLockFile: string, options?: object): Promise<{ pkgList: any; dependenciesList: any; }>; /** * Given a lock file this method would return an Object with the identity as the key and parsed name and value * eg: "@actions/core@^1.2.6", "@actions/core@^1.6.0": * version "1.6.0" * would result in two entries * * @param {string} lockData Yarn Lockfile data */ export function yarnLockToIdentMap(lockData: string): {}; /** * Parse nodejs yarn lock file * * @param {string} yarnLockFile yarn.lock file * @param {Object} parentComponent parent component * @param {Array[String]} workspacePackages Workspace packages * @param {Object} workspaceSrcFiles Workspace package.json files * @param {Object} _workspaceDirectDeps Direct dependencies of each workspace * @param {Object} depsWorkspaceRefs Workspace references for each dependency */ export function parseYarnLock(yarnLockFile: string, parentComponent?: Object, workspacePackages?: any, workspaceSrcFiles?: Object, _workspaceDirectDeps?: Object, depsWorkspaceRefs?: Object): Promise<{ pkgList: any[]; dependenciesList: any[]; }>; /** * Parse nodejs shrinkwrap deps file * * @param {string} swFile shrinkwrap-deps.json file */ export function parseNodeShrinkwrap(swFile: string): Promise; /** * Parse pnpm workspace file * * @param {string} workspaceFile pnpm-workspace.yaml * @returns {object} Object containing packages and catalogs */ export function parsePnpmWorkspace(workspaceFile: string): object; /** * Helper function to create a properly encoded workspace PURL * * @param {string} packageName - Package name (e.g., "@babel/core") * @param {string} version - Package version * @returns {string} Encoded PURL string */ export function createNpmWorkspacePurl(packageName: string, version: string): string; /** * Parses the workspaces field from a package.json file and returns the list of * workspace glob patterns. Handles both array and object (with packages key) formats. * * @param {string} packageJsonFile Path to the package.json file to parse * @returns {Object} Object with a packages array of workspace glob patterns, or an empty object on error */ export function parseYarnWorkspace(packageJsonFile: string): Object; /** * Helper function to find a package path in pnpm node_modules structure * * @param {string} baseDir Base directory containing node_modules * @param {string} packageName Package name (with or without scope) * @param {string} version Package version * @returns {string|null} Path to the package directory or null if not found */ export function findPnpmPackagePath(baseDir: string, packageName: string, version: string): string | null; /** * pnpm packages with metadata from local node_modules * * @param {Array} pkgList Package list to enhance * @param {string} lockFilePath Path to the pnpm-lock.yaml file * @returns {Array} Enhanced package list */ export function pnpmMetadata(pkgList: any[], lockFilePath: string): any[]; /** * Parse nodejs pnpm lock file * * @param {string} pnpmLock pnpm-lock.yaml file * @param {Object} parentComponent parent component * @param {Array[String]} workspacePackages Workspace packages * @param {Object} workspaceSrcFiles Workspace package.json files * @param {Object} workspaceCatalogs Workspace catalogs * @param {Object} workspaceDirectDeps Direct dependencies of each workspace * @param {Object} depsWorkspaceRefs Workspace references for each dependency */ export function parsePnpmLock(pnpmLock: string, parentComponent?: Object, workspacePackages?: any, workspaceSrcFiles?: Object, _workspaceCatalogs?: {}, _workspaceDirectDeps?: {}, depsWorkspaceRefs?: Object): Promise<{ pkgList?: undefined; dependenciesList?: undefined; parentSubComponents?: undefined; } | { pkgList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; parentSubComponents: { group: any; name: any; version: any; type: string; purl: string; "bom-ref": string; }[]; }>; /** * Parse bower json file * * @param {string} bowerJsonFile bower.json file */ export function parseBowerJson(bowerJsonFile: string): Promise; /** * Parse minified js file * * @param {string} minJsFile min.js file */ export function parseMinJs(minJsFile: string): Promise; /** * Parse pom file * * @param {string} pomFile pom file to parse * @returns {Object} Object containing pom properties, modules, and array of dependencies */ export function parsePom(pomFile: string): Object; /** * Parse maven tree output * @param {string} rawOutput Raw string output * @param {string} pomFile .pom file for evidence * * @returns {Object} Object containing packages and dependencies */ export function parseMavenTree(rawOutput: string, pomFile: string): Object; /** * Parse mill dependencies from file * * @param {string} module name of the module * @param {map} dependencies the parsed dependencies * @param {map} relations a map containing all relations * @param {string} millRootPath root of the project * * @returns the bom-ref of the module */ export function parseMillDependency(module: string, dependencies: map, relations: map, millRootPath: string): any; /** * Parse gradle dependencies output * @param {string} rawOutput Raw string output * @param {string} rootProjectName Root project name * @param {map} gradleModules Cache with all gradle modules that have already been read * @param {string} gradleRootPath Root path where Gradle is to be run when getting module information */ export function parseGradleDep(rawOutput: string, rootProjectName?: string, gradleModules?: map, gradleRootPath?: string): Promise<{ pkgList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; } | { pkgList?: undefined; dependenciesList?: undefined; }>; /** * Parse clojure cli dependencies output * @param {string} rawOutput Raw string output */ export function parseCljDep(rawOutput: string): any[]; /** * Parse lein dependency tree output * @param {string} rawOutput Raw string output */ export function parseLeinDep(rawOutput: string): Object[]; /** * Recursively walks a parsed EDN map node produced by the Leiningen dependency * tree and collects unique dependency entries into the deps array. * * @param {Object} node Parsed EDN node (expected to have a "map" property) * @param {Object} keys_cache Cache object used to deduplicate entries by group-name-version key * @param {Object[]} deps Accumulator array of dependency objects with group, name, and version fields * @returns {Object[]} The populated deps array */ export function parseLeinMap(node: Object, keys_cache: Object, deps: Object[]): Object[]; /** * Parse gradle projects output * * @param {string} rawOutput Raw string output */ export function parseGradleProjects(rawOutput: string): { rootProject: string; projects: any[]; }; /** * Parse gradle properties output * * @param {string} rawOutput Raw string output * @param {string} gradleModuleName The name (or 'path') of the module as seen from the root of the project */ export function parseGradleProperties(rawOutput: string, gradleModuleName?: string): { rootProject: string; projects: any[]; metadata: { group: string; version: string; properties: never[]; }; }; /** * Execute gradle properties command using multi-threading and return parsed output * * @param {string} dir Directory to execute the command * @param {array} allProjectsStr List of all sub-projects (including the preceding `:`) * @param {array} extraArgs List of extra arguments to use when calling gradle * * @returns {string} The combined output for all subprojects of the Gradle properties task */ export function executeParallelGradleProperties(dir: string, allProjectsStr: array, extraArgs?: array): string; /** * Parse bazel action graph output * @param {string} rawOutput Raw string output */ export function parseBazelActionGraph(rawOutput: string): any[]; /** * Parse bazel skyframe state output * @param {string} rawOutput Raw string output */ export function parseBazelSkyframe(rawOutput: string): any[]; /** * Parse bazel BUILD file * @param {string} rawOutput Raw string output */ export function parseBazelBuild(rawOutput: string): any[]; /** * Parse dependencies in Key:Value format */ export function parseKVDep(rawOutput: any): any[]; /** * Method to find the spdx license id from name * * @param {string} name License full name */ export function findLicenseId(name: string): any; /** * Method to guess the spdx license id from license contents * * @param {string} content License file contents */ export function guessLicenseId(content: string): any; /** * Method to retrieve metadata for maven packages by querying maven central * * @param {Array} pkgList Package list * @param {Object} jarNSMapping Jar Namespace mapping object * @param {Boolean} force Force fetching of license * * @returns {Array} Updated package list */ export function getMvnMetadata(pkgList: any[], jarNSMapping?: Object, force?: boolean): any[]; /** * Method to compose URL of pom.xml * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {String} fullUrl */ export function composePomXmlUrl({ urlPrefix, group, name, version }: string): string; /** * Method to fetch pom.xml data and parse it to JSON * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {Object|undefined} */ export function fetchPomXmlAsJson({ urlPrefix, group, name, version }: string): Object | undefined; /** * Method to fetch pom.xml data * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {Promise} */ export function fetchPomXml({ urlPrefix, group, name, version }: string): Promise; /** * Method extract single or multiple license entries that might appear in pom.xml * * @param {Object|Array} license */ export function parseLicenseEntryOrArrayFromPomXml(license: Object | any[]): any[] | undefined; /** * Method to parse pom.xml in search of a comment containing license text * * @param {String} urlPrefix * @param {String} group * @param {String} name * @param {String} version * * @return {Promise} License ID */ export function extractLicenseCommentFromPomXml({ urlPrefix, group, name, version, }: string): Promise; /** * Method to parse python requires_dist attribute found in pypi setup.py * * @param {String} dist_string string */ export function parsePyRequiresDist(dist_string: string): { name: string; version: string; } | undefined; /** * Method to mimic pip version solver using node-semver * * @param {Array} versionsList List of version numbers available * @param {*} versionSpecifiers pip version specifier */ export function guessPypiMatchingVersion(versionsList: any[], versionSpecifiers: any): any; /** * Method to retrieve metadata for python packages by querying pypi * * @param {Array} pkgList Package list * @param {Boolean} fetchDepsInfo Fetch dependencies info from pypi */ export function getPyMetadata(pkgList: any[], fetchDepsInfo: boolean): Promise; /** * Method to parse bdist_wheel metadata (dist-info/METADATA) * * @param {string} mDataFile bdist_wheel metadata file * @param {string} rawMetadata Raw metadata * */ export function parseBdistMetadata(mDataFile: string, rawMetadata?: string): { name: string; version: string; description: string; author: string; licenses: never[]; externalReferences: never[]; properties: never[]; }[]; /** * Method to parse pipfile.lock data * * @param {Object} lockData JSON data from Pipfile.lock */ export function parsePiplockData(lockData: Object): Promise; /** * Method to parse python pyproject.toml file * * @param {string} tomlFile pyproject.toml file * @returns {Object} Object with parent component, root dependencies, and metadata. */ export function parsePyProjectTomlFile(tomlFile: string): Object; /** * Method to parse python lock files such as poetry.lock, pdm.lock, uv.lock, and pylock.toml. * * @param {string} lockData Raw TOML text from poetry.lock, pdm.lock, uv.lock, or pylock.toml * @param {string} lockFile Lock file name for evidence * @param {string} pyProjectFile pyproject.toml file */ export function parsePyLockData(lockData: string, lockFile: string, pyProjectFile: string): Promise<{ pkgList: any[]; dependenciesList: any[]; parentComponent?: undefined; rootList?: undefined; pyLockProperties?: undefined; workspaceWarningShown?: undefined; } | { parentComponent: any; pkgList: any[]; rootList: { name: any; version: any; description: any; properties: never[]; }[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; pyLockProperties: any[]; workspaceWarningShown: boolean; }>; /** * Method to parse requirements.txt file. This must be replaced with atom parsedeps. * * @param {String} reqFile Requirements.txt file * @param {Boolean} fetchDepsInfo Fetch dependencies info from pypi * * @returns {Promise[Array]} List of direct dependencies from the requirements file */ export function parseReqFile(reqFile: string, fetchDepsInfo?: boolean): any; /** * Parse environment markers into structured format * * @param {String} markersStr Raw markers string * @returns {Array} Structured markers array */ export function parseReqEnvMarkers(markersStr: string): Array; /** * Method to find python modules by parsing the imports and then checking with PyPI to obtain the latest version * * @param {string} src directory * @param {Array} epkgList Existing package list * @param {Object} options CLI options * @returns List of packages */ export function getPyModules(src: string, epkgList: any[], options: Object): Promise<{ allImports: {}; pkgList: any; dependenciesList: { ref: string; dependsOn: never[]; }[]; modList: any; }>; /** * Method to parse setup.py data * * @param {Object} setupPyData Contents of setup.py */ export function parseSetupPyFile(setupPyData: Object): Promise; /** * Method to parse pixi.lock data * * @param {String} pixiLockFileName pixi.lock file name * @param {String} path File path */ export function parsePixiLockFile(pixiLockFileName: string, path: string): { pkgList: any; formulationList: any[]; rootList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; frozen: boolean; }; /** * Method to parse pixi.toml file * * @param {String} pixiToml */ export function parsePixiTomlFile(pixiToml: string): { description: any; name: any; version: any; homepage: any; repository: any; }; /** * Method to construct a GitHub API url for the given repo metadata * @param {Object} repoMetadata Repo metadata with group and name * @return {String|undefined} github api url (or undefined - if not enough data) */ export function repoMetadataToGitHubApiUrl(repoMetadata: Object): string | undefined; /** * Method to run cli command `pixi install` * * */ export function generatePixiLockFile(_path: any): void; /** * Method to split GitHub url into its parts * @param {String} repoUrl Repository url * @return {[String]} parts from url */ export function getGithubUrlParts(repoUrl: string): [string]; /** * Method to construct GitHub api url from repo metadata or one of multiple formats of repo URLs * @param {String} repoUrl Repository url * @param {Object} repoMetadata Object containing group and package name strings * @return {String|undefined} github api url (or undefined - if not a GitHub repo) */ export function toGitHubApiUrl(repoUrl: string, repoMetadata: Object): string | undefined; /** * Method to retrieve repo license by querying github api * * @param {String} repoUrl Repository url * @param {Object} repoMetadata Object containing group and package name strings * @return {Promise} SPDX license id */ export function getRepoLicense(repoUrl: string, repoMetadata: Object): Promise; /** * Method to get go pkg license from go.dev site. * * @param {Object} repoMetadata Repo metadata */ export function getGoPkgLicense(repoMetadata: Object): Promise; /** * Builds a Go package component object containing purl, bom-ref, integrity hash, * and optionally license and VCS external reference information. * * @param {string} group Package group (module path prefix, may be empty) * @param {string} name Package name (full module path when group is empty) * @param {string} version Package version string * @param {string} hash Integrity hash (e.g. "sha256-…"), used as _integrity * @returns {Promise} Component object ready for inclusion in a BOM package list */ export function getGoPkgComponent(group: string, name: string, version: string, hash: string): Promise; /** * Method to parse go.mod files * * @param {String} goModData Contents of go.mod file * @param {Object} gosumMap Data from go.sum files * * @returns {Object} Object containing parent component, rootList and packages list */ export function parseGoModData(goModData: string, gosumMap: Object): Object; /** * Parses a Go modules text file (e.g. vendor/modules.txt) and returns a list of * Go package components. Cross-references the go.sum map for integrity hashes and * sets scope and confidence based on hash availability. * * @param {string} txtFile Path to the modules.txt file * @param {Object} gosumMap Map of "module@version" keys to sha256 hash values from go.sum * @returns {Promise} List of Go package component objects with evidence */ export function parseGoModulesTxt(txtFile: string, gosumMap: Object): Promise; /** * Parse go list output * * @param {string} rawOutput Output from go list invocation * @param {Object} gosumMap go.sum data * @returns Object with parent component and List of packages */ export function parseGoListDep(rawOutput: string, gosumMap: Object): Promise<{ parentComponent: {}; pkgList: Object[]; }>; /** * Parse go mod graph * * @param {string} rawOutput Output from go mod graph invocation * @param {string} goModFile go.mod file * @param {Object} gosumMap Hashes from gosum for lookups * @param {Array} epkgList Existing package list * @param {Object} parentComponent Current parent component * * @returns Object containing List of packages and dependencies */ export function parseGoModGraph(rawOutput: string, goModFile: string, gosumMap: Object, epkgList?: any[], parentComponent?: Object): Promise<{ pkgList: any[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; parentComponent: any; rootList: any; }>; /** * Parse go mod why output. * * @param {string} rawOutput Output from go mod why * @returns {string|undefined} package name or none */ export function parseGoModWhy(rawOutput: string): string | undefined; /** * Parse go sum data * @param {string} gosumData Content of go.sum * @returns package list */ export function parseGosumData(gosumData: string): Promise; /** * Parses the contents of a Gopkg.lock or Gopkg.toml file (dep tool format) and * returns a list of Go package components. Optionally fetches license information * for each package when FETCH_LICENSE is enabled. * * @param {string} gopkgData Raw string contents of the Gopkg lock/toml file * @returns {Promise} List of Go package component objects */ export function parseGopkgData(gopkgData: string): Promise; /** * Parses the output of `go version -m` (build info) and returns a list of Go * package components for each "dep" line, including name, version, and integrity hash. * * @param {string} buildInfoData Raw string output from `go version -m` * @returns {Promise} List of Go package component objects */ export function parseGoVersionData(buildInfoData: string): Promise; /** * Method to query rubygems api for gems details * * @param {Array} pkgList List of packages with metadata */ export function getRubyGemsMetadata(pkgList: any[]): Promise; /** * Utility method to convert a gem package name to a CamelCased module name. Low accuracy. * * @param name Package name */ export function toGemModuleNames(name: any): string[]; /** * Collect all namespaces for a given gem present at the given gemHome * * @param {String} rubyCommand Ruby command to use if bundle is not available * @param {String} bundleCommand Bundle command to use * @param {String} gemHome Value to use as GEM_HOME env variable * @param {String} gemName Name of the gem * @param {String} filePath File path to the directory containing the Gemfile or .bundle directory * * @returns {Array} List of module names */ export function collectGemModuleNames(rubyCommand: string, bundleCommand: string, gemHome: string, gemName: string, filePath: string): Array; /** * Method to parse Gemspec file contents * * @param {string} gemspecData Gemspec data * @param {string} gemspecFile File name for evidence. */ export function parseGemspecData(gemspecData: string, gemspecFile: string): Promise; /** * Method to parse Gemfile.lock * * @param {object} gemLockData Gemfile.lock data * @param {string} lockFile Lock file */ export function parseGemfileLockData(gemLockData: object, lockFile: string): Promise; /** * Method to retrieve metadata for rust packages by querying crates * * @param {Array} pkgList Package list */ export function getCratesMetadata(pkgList: any[]): Promise; /** * Method to retrieve metadata for dart packages by querying pub.dev * * @param {Array} pkgList Package list */ export function getDartMetadata(pkgList: any[]): Promise; /** * Method to parse cargo.toml data * * The component described by a [package] section will be put at the front of * the list, regardless of if [package] appears before or after * [dependencies]. Found dependencies will be placed at the back of the * list. * * The Cargo documentation specifies that the [package] section should appear * first as a convention, but it is not enforced. * https://doc.rust-lang.org/stable/style-guide/cargo.html#formatting-conventions * * @param {String} cargoTomlFile cargo.toml file * @param {boolean} simple Return a simpler representation of the component by skipping extended attributes and license fetch. * @param {Object} pkgFilesMap Object with package name and list of files * * @returns {Array} Package list */ export function parseCargoTomlData(cargoTomlFile: string, simple?: boolean, pkgFilesMap?: Object, context?: {}): any[]; /** * Parse a Cargo.lock file to find components within the Rust project. * * @param {String} cargoLockFile A path to a Cargo.lock file. The Cargo.lock-file path may be used as information for extended attributes, such as manifest based evidence. * @param {boolean} simple Return a simpler representation of the component by skipping extended attributes and license fetch. * @param {Object} pkgFilesMap Object with package name and list of files * * @returns {Array} A list of the project's components as described by the Cargo.lock-file. */ export function parseCargoData(cargoLockFile: string, simple?: boolean, pkgFilesMap?: Object): any[]; /** * Build a Cargo dependency graph from manifest relationships so workspace roots * and member-to-member links can complement lockfile-derived dependency data. * * @param {string} cargoTomlFile Cargo.toml path * @param {object} [context] manifest graph context * @returns {object[]} Cargo dependency relationships */ export function parseCargoManifestDependencyData(cargoTomlFile: string, context?: object): object[]; /** * Parses a Cargo.lock file's TOML data and returns a flat dependency graph as an * array of objects mapping each package purl to the purls it directly depends on. * * @param {string} cargoLockData Raw TOML string contents of a Cargo.lock file * @returns {Object[]} Array of dependency relationship objects with ref and dependsOn fields */ export function parseCargoDependencyData(cargoLockData: string): Object[]; /** * Parses tab-separated cargo-auditable binary metadata output and returns a list * of Rust package components. Optionally fetches crates.io metadata when * FETCH_LICENSE is enabled. * * @param {string} cargoData Tab-separated string output from cargo-auditable or similar tool * @returns {Promise} List of Rust package component objects with group, name, and version */ export function parseCargoAuditableData(cargoData: string): Promise; /** * Method to parse pubspec.lock files. * * @param pubLockData Contents of lock data * @param lockFile Filename for setting evidence * * @returns {Object} */ export function parsePubLockData(pubLockData: any, lockFile: any): Object; /** * Parses a Dart pub package's pubspec.yaml content and returns a list containing * a single component object with name, description, version, homepage, and purl. * * @param {string} pubYamlData Raw YAML string contents of a pubspec.yaml file * @returns {Object[]} List containing a single Dart package component object */ export function parsePubYamlData(pubYamlData: string): Object[]; /** * Parses Helm chart YAML data (Chart.yaml or repository index.yaml) and returns * a list of Helm chart component objects including the chart itself and any * declared dependencies or index entries. * * @param {string} helmData Raw YAML string contents of a Helm Chart.yaml or index.yaml file * @returns {Object[]} List of Helm chart component objects with name, version, and optional homepage/repository */ export function parseHelmYamlData(helmData: string): Object[]; /** * Recursively walks a parsed YAML/JSON object structure to find container image * references stored under common keys (image, repository, dockerImage, etc.) and * appends discovered image and service entries to pkgList while tracking seen * images in imgList to avoid duplicates. * * @param {Object|Array|string} keyValueObj The object, array, or string node to inspect * @param {Object[]} pkgList Accumulator array that receives {image} and {service} entries * @param {string[]} imgList Accumulator array of image name strings already seen * @returns {string[]} The updated imgList */ export function recurseImageNameLookup(keyValueObj: Object | any[] | string, pkgList: Object[], imgList: string[]): string[]; /** * Parses the contents of a Dockerfile or Containerfile and returns a list of * base image objects referenced by FROM instructions, substituting ARG default * values where possible and skipping multi-stage build alias references. * * @param {string} fileContents Raw string contents of the Dockerfile/Containerfile * @returns {Object[]} Array of objects with an image property for each unique base image */ export function parseContainerFile(fileContents: string): Object[]; /** * Parses a Bitbucket Pipelines YAML file and extracts all Docker image references * used as build environments and pipe references (docker:// pipes are normalized). * * @param {string} fileContents Raw string contents of the bitbucket-pipelines.yml file * @returns {Object[]} Array of objects with an image property for each referenced image or pipe */ export function parseBitbucketPipelinesFile(fileContents: string): Object[]; /** * Parses container specification data such as Docker Compose files, Kubernetes * manifests, Tekton tasks, Skaffold configs, or Kustomize overlays (YAML, possibly * multi-document) and returns a list of image, service, and OCI spec entries. * * @param {string} dcData Raw YAML string contents of the container spec file * @returns {Object[]} Array of objects with image, service, or ociSpec properties */ export function parseContainerSpecData(dcData: string): Object[]; /** * Identifies the data flow direction of a Privado processing object based on its * sinkId value: "write" sinks map to "inbound", "read" sinks to "outbound", and * HTTP/gRPC sinks to "bi-directional". * * @param {Object} processingObj Privado processing object, expected to have a sinkId property * @returns {string} Flow direction string: "inbound", "outbound", "bi-directional", or "unknown" */ export function identifyFlow(processingObj: Object): string; /** * Parses a Privado data flow JSON file and returns a list of service objects * enriched with data classifications, endpoints, trust-boundary flag, violations, * and git metadata properties extracted from the scan result. * * @param {string} f Path to the Privado scan result JSON file * @returns {Object[]} List of service component objects suitable for a SaaSBOM */ export function parsePrivadoFile(f: string): Object[]; /** * Parses an OpenAPI specification (JSON or YAML string) and returns a list * containing a single service object with name, version, endpoints, and * authentication flag derived from the spec's info, servers, paths, and * securitySchemes sections. * * @param {string} oaData Raw JSON or YAML string contents of an OpenAPI specification * @returns {Object[]} List containing a single service component object */ export function parseOpenapiSpecData(oaData: string): Object[]; /** * Parses Haskell Cabal freeze file content and extracts package name and version * pairs from constraint lines (lines containing " =="). * * @param {string} cabalData Raw string contents of a Cabal freeze file * @returns {Object[]} List of package objects with name and version fields */ export function parseCabalData(cabalData: string): Object[]; /** * Parses an Elixir mix.lock file and extracts Hex package name and version pairs * from lines containing ":hex". * * @param {string} mixData Raw string contents of a mix.lock file * @returns {Object[]} List of package objects with name and version fields */ export function parseMixLockData(mixData: string): Object[]; /** * Parses a GitHub Actions workflow YAML file and returns a list of action * components for each step that uses an external action (steps with a "uses" * field). Each component captures the action name, group, version/commit SHA, * version pinning type, job context (runner, permissions, environment), and * workflow-level metadata (triggers, concurrency, write permissions). * * @param {string} f Path to the GitHub Actions workflow YAML file * @returns {Object[]} List of action component objects with purl, properties, and evidence */ export function parseGitHubWorkflowData(f: string): Object[]; /** * Parse Google Cloud Build YAML data and extract container image steps as packages. * * @param {string} cbwData Raw YAML string of a Cloud Build configuration file * @returns {Object[]} Array of package objects parsed from the build steps */ export function parseCloudBuildData(cbwData: string): Object[]; /** * Map a Conan package reference string to a PackageURL string, name, and version. * * Parses a full Conan package reference of the form * `name/version@user/channel#recipe_revision:package_id#package_revision` * and returns the equivalent purl string together with the extracted name and version. * * @param {string} conanPkgRef Conan package reference string * @returns {Array} Tuple of [purlString, name, version], or [null, null, null] on parse failure */ export function mapConanPkgRefToPurlStringAndNameAndVersion(conanPkgRef: string): any[]; /** * Parse Conan lock file data (conan.lock) and return the package list, dependency map, * and parent component dependencies. * * Supports both the legacy `graph_lock.nodes` format (Conan 1.x) and the newer * `requires` format (Conan 2.x). * * @param {string} conanLockData Raw JSON string of the Conan lock file * @returns {{ pkgList: Object[], dependencies: Object, parentComponentDependencies: string[] }} */ export function parseConanLockData(conanLockData: string): { pkgList: Object[]; dependencies: Object; parentComponentDependencies: string[]; }; /** * Parse a Conan conanfile.txt and extract required and optional packages. * * @param {string} conanData Raw text contents of a conanfile.txt * @returns {Object[]} Array of package objects with purl, name, version, and scope */ export function parseConanData(conanData: string): Object[]; /** * Parse Collider lock file data (collider.lock) and return the package list and * parent component dependencies. * * @param {string} colliderLockData Raw JSON string of the Collider lock file * @param {string} lockFile Source lock file path * @returns {{ pkgList: Object[], dependencies: Object, parentComponentDependencies: string[] }} */ export function parseColliderLockData(colliderLockData: string, lockFile: string): { pkgList: Object[]; dependencies: Object; parentComponentDependencies: string[]; }; /** * Parse Leiningen project.clj data and extract dependency packages. * * @param {string} leinData Raw text contents of a Leiningen project.clj file * @returns {Object[]} Array of package objects with group, name, and version */ export function parseLeiningenData(leinData: string): Object[]; /** * Parse EDN (Extensible Data Notation) deps.edn data and extract dependency packages. * * Handles Clojure deps.edn files, extracting packages listed under the `:deps` key. * * @param {string} rawEdnData Raw EDN text contents of a deps.edn file * @returns {Object[]} Array of package objects with group, name, and version */ export function parseEdnData(rawEdnData: string): Object[]; /** * Method to parse .nupkg files * * @param {String} nupkgFile .nupkg file * @returns {Object} Object containing package list and dependencies */ export function parseNupkg(nupkgFile: string): Object; /** * Method to parse flake.nix files * * @param {String} flakeNixFile flake.nix file to parse * @returns {Object} Object containing package information */ export function parseFlakeNix(flakeNixFile: string): Object; /** * Method to parse flake.lock files * * @param {String} flakeLockFile flake.lock file to parse * @returns {Object} Object containing locked dependency information */ export function parseFlakeLock(flakeLockFile: string): Object; /** * Method to parse .nuspec files * * @param {String} nupkgFile .nupkg file * @param {String} nuspecData Raw nuspec data * @returns {Object} Object containing package list and dependencies */ export function parseNuspecData(nupkgFile: string, nuspecData: string): Object; /** * Parse a C# packages.config XML file and return a list of NuGet package components. * * @param {string} pkgData Raw XML string of a packages.config file * @param {string} pkgFile Path to the packages.config file, used for evidence properties * @returns {Object[]} Array of NuGet package objects with purl, name, and version */ export function parseCsPkgData(pkgData: string, pkgFile: string): Object[]; /** * Method to find all text nodes in PropertyGroup elements in .props files. * * @param {String} propsFiles .props files in this project * * @returns {Object} Containing text nodes from PropertyGroup elements and their values */ export function getPropertyGroupTextNodes(propsFiles: string): Object; /** * Method to parse .csproj like xml files * * @param {String} csProjData Raw data * @param {String} projFile File name * @param {Object} pkgNameVersions Package name - version map object * * @returns {Object} Containing parent component, package, and dependencies */ export function parseCsProjData(csProjData: string, projFile: string, pkgNameVersions?: Object, msbuildInstalled?: boolean, pkgVersionLabelCandidates?: {}): Object; /** * Parse a .NET project.assets.json file and return the package list and dependency tree. * * Extracts NuGet packages and their transitive dependency relationships from the * `libraries` and `targets` sections of a project.assets.json file produced by * the .NET restore process. * * @param {string} csProjData Raw JSON string of the project.assets.json file * @param {string} assetsJsonFile Path to the project.assets.json file, used for evidence properties * @returns {{ pkgList: Object[], dependenciesList: Object[] }} */ export function parseCsProjAssetsData(csProjData: string, assetsJsonFile: string): { pkgList: Object[]; dependenciesList: Object[]; }; /** * Parse a .NET packages.lock.json file and return the package list, dependency tree, * and list of direct/root dependencies. * * @param {string} csLockData Raw JSON string of the packages.lock.json file * @param {string} pkgLockFile Path to the packages.lock.json file, used for evidence properties * @returns {{ pkgList: Object[], dependenciesList: Object[], rootList: Object[] }} */ export function parseCsPkgLockData(csLockData: string, pkgLockFile: string): { pkgList: Object[]; dependenciesList: Object[]; rootList: Object[]; }; /** * Parse a Paket dependency manager lock file (paket.lock) and return the package list * and dependency tree. * * @param {string} paketLockData Raw text contents of the paket.lock file * @param {string} pkgLockFile Path to the paket.lock file, used for evidence properties * @returns {{ pkgList: Object[], dependenciesList: Object[] }} */ export function parsePaketLockData(paketLockData: string, pkgLockFile: string): { pkgList: Object[]; dependenciesList: Object[]; }; /** * Parse composer.json file * * @param {string} composerJsonFile composer.json file * * @returns {Object} Object with rootRequires and parent component */ export function parseComposerJson(composerJsonFile: string): Object; /** * Parse composer lock file * * @param {string} pkgLockFile composer.lock file * @param {array} rootRequires require section from composer.json */ export function parseComposerLock(pkgLockFile: string, rootRequires: array): never[] | { pkgList: { group: any; name: any; purl: string; "bom-ref": string; version: any; repository: any; license: any; description: any; scope: string; properties: { name: string; value: string; }[]; evidence: { identity: { field: string; confidence: number; methods: { technique: string; confidence: number; value: string; }[]; }; }; }[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; rootList: { group: any; name: any; purl: string; "bom-ref": string; version: any; repository: any; license: any; description: any; scope: string; properties: { name: string; value: string; }[]; evidence: { identity: { field: string; confidence: number; methods: { technique: string; confidence: number; value: string; }[]; }; }; }[]; }; /** * Parse an sbt dependency tree output file and return the package list and dependency tree. * * Reads a file produced by the sbt `dependencyTree` command and extracts Maven artifact * coordinates, building a hierarchical dependency graph. Evicted packages and ranges are ignored. * * @param {string} sbtTreeFile Path to the sbt dependency tree output file * @returns {{ pkgList: Object[], dependenciesList: Object[] }} */ export function parseSbtTree(sbtTreeFile: string): { pkgList: Object[]; dependenciesList: Object[]; }; /** * Parse sbt lock file * * @param {string} pkgLockFile build.sbt.lock file */ export function parseSbtLock(pkgLockFile: string): { group: any; name: any; version: any; _integrity: string; scope: string | undefined; properties: { name: string; value: string; }[]; evidence: { identity: { field: string; confidence: number; methods: { technique: string; confidence: number; value: string; }[]; }; }; }[]; /** * Method to execute dpkg --listfiles to determine the files provided by a given package * * @param {string} pkgName deb package name * @returns */ export function executeDpkgList(pkgName: string): any; /** * Method to execute dnf repoquery to determine the files provided by a given package * * @param {string} pkgName deb package name * @returns */ export function executeRpmList(pkgName: string): any; /** * Method to execute apk -L info to determine the files provided by a given package * * @param {string} pkgName deb package name * @returns */ export function executeApkList(pkgName: string): any; /** * Method to execute alpm -Ql to determine the files provided by a given package * * @param {string} pkgName deb package name * @returns */ export function executeAlpmList(pkgName: string): any; /** * Method to execute equery files to determine the files provided by a given package * * @param {string} pkgName deb package name * @returns */ export function executeEqueryList(pkgName: string): any; /** * Convert OS query results * * @param {string} queryCategory Query category * @param {Object} queryObj Query Object from the queries.json configuration * @param {Array} results Query Results * @param {Boolean} enhance Optionally enhance results by invoking additional package manager commands */ export function convertOSQueryResults(queryCategory: string, queryObj: Object, results: any[], enhance?: boolean): { name: any; group: string; version: any; description: any; publisher: any; "bom-ref": string; purl: string | undefined; scope: any; type: any; }[]; /** * Create a PackageURL object from a repository URL string, package type, and version. * * Supports HTTPS URLs, SSH `git@` URLs, Bitbucket SSH URLs, and local paths. * Extracts the namespace (host + path prefix) and repository name from the URL. * * @param {string} type PackageURL type (e.g. `"swift"`, `"generic"`) * @param {string} repoUrl Repository URL string * @param {string} version Package version * @returns {PackageURL|undefined} PackageURL object, or undefined for unsupported URL formats */ export function purlFromUrlString(type: string, repoUrl: string, version: string): PackageURL | undefined; /** * Parse swift dependency tree output json object * * @param {Array} pkgList Package list * @param {Array} dependenciesList Dependencies * @param {string} jsonObject Swift dependencies json object * @param {string} pkgFile Package.swift file */ export function parseSwiftJsonTreeObject(pkgList: any[], dependenciesList: any[], jsonObject: string, pkgFile: string): string; /** * Parse swift dependency tree output * @param {string} rawOutput Swift dependencies json output * @param {string} pkgFile Package.swift file */ export function parseSwiftJsonTree(rawOutput: string, pkgFile: string): { rootList?: undefined; pkgList?: undefined; dependenciesList?: undefined; } | { rootList: any[]; pkgList: any[]; dependenciesList: any[]; }; /** * Parse swift package resolved file * @param {string} resolvedFile Package.resolved file */ export function parseSwiftResolved(resolvedFile: string): { name: string; group: string | null | undefined; version: string | null | undefined; purl: string; "bom-ref": string; properties: { name: string; value: string; }[]; evidence: { identity: { field: string; confidence: number; methods: { technique: string; confidence: number; value: string; }[]; }; }; }[]; /** * Collect maven dependencies * * @param {string} mavenCmd Maven command to use * @param {string} basePath Path to the maven project * @param {boolean} cleanup Remove temporary directories * @param {boolean} includeCacheDir Include maven and gradle cache directories */ export function collectMvnDependencies(mavenCmd: string, basePath: string, cleanup?: boolean, includeCacheDir?: boolean): Promise<{}>; /** * Collect Gradle project dependencies by scanning the Gradle cache directory for JAR files * and their associated POM files. * * Uses the `GRADLE_CACHE_DIR` or `GRADLE_USER_HOME` environment variables to locate the * Gradle files-2.1 cache, then delegates to {@link collectJarNS} to extract namespace * and purl information from those JARs. * * @param {string} _gradleCmd Gradle command (unused; reserved for future use) * @param {string} _basePath Base project path (unused; reserved for future use) * @param {boolean} _cleanup Whether to clean up temporary files (unused; reserved for future use) * @param {boolean} _includeCacheDir Whether to include cache directory (unused; reserved for future use) * @returns {Promise} JAR namespace mapping object returned by collectJarNS */ export function collectGradleDependencies(_gradleCmd: string, _basePath: string, _cleanup?: boolean, _includeCacheDir?: boolean): Promise; /** * Method to collect class names from all jars in a directory * * @param {string} jarPath Path containing jars * @param {object} pomPathMap Map containing jar to pom names. Required to successfully parse gradle cache. * * @return object containing jar name and class list */ export function collectJarNS(jarPath: string, pomPathMap?: object): Promise<{}>; /** * Convert a JAR namespace mapping (produced by {@link collectJarNS}) into an array * of CycloneDX package component objects. * * Each entry in the mapping is resolved to a component with name, group, version, * purl, hashes, namespace properties, and source file evidence. * * @param {Object} jarNSMapping Map of purl string to `{ jarFile, pom, namespaces, hashes }` * @returns {Promise} Array of component objects derived from the JAR mapping */ export function convertJarNSToPackages(jarNSMapping: Object): Promise; /** * Deprecated function to parse pom.xml. Use parsePom instead. * * @deprecated * @param pomXmlData XML contents * @returns {Object} Parent component data */ export function parsePomXml(pomXmlData: any): Object; /** * Parse a JAR MANIFEST.MF file and return its key-value pairs as an object. * * @param {string} jarMetadata Raw text contents of a MANIFEST.MF file * @returns {Object} Key-value pairs extracted from the manifest */ export function parseJarManifest(jarMetadata: string): Object; /** * Select the most reliable group candidate from JAR manifest metadata. * * @param {Object} jarMetadata Parsed MANIFEST.MF key-value map * @returns {string} Best group candidate, or empty string if none exists */ export function inferJarGroupFromManifest(jarMetadata?: Object): string; /** * Trim group suffix that duplicates the artifact name for compound artifact names. * * @param {string} group Group candidate * @param {string} name Artifact name candidate * @returns {string} Adjusted group */ export function trimJarGroupSuffix(group: string, name: string): string; /** * Parse a Maven pom.properties file and return its key-value pairs as an object. * * @param {string} pomProperties Raw text contents of a pom.properties file * @returns {Object} Key-value pairs extracted from the properties file */ export function parsePomProperties(pomProperties: string): Object; /** * Encode a string for safe inclusion in a PackageURL, percent-encoding special characters * while preserving already-encoded `%40` sequences and keeping `:` and `/` unencoded. * * @param {string} s String to encode * @returns {string} Encoded string suitable for use in a PackageURL component */ export function encodeForPurl(s: string): string; /** * Method to get pom properties from maven directory * * @param {string} mavenDir Path to maven directory * * @return array with pom properties */ export function getPomPropertiesFromMavenDir(mavenDir: string): {}; /** * Computes the checksum for a file path using the given hash algorithm * * @param {string} hashName name of hash algorithm * @param {string} path path to file * @returns {Promise} hex value of hash */ export function checksumFile(hashName: string, path: string): Promise; /** * Computes multiple checksum for a file path using the given hash algorithms * * @param {Array[String]} algorithms Array of algorithms * @param {string} path path to file * @returns {Promise} hashes object */ export function multiChecksumFile(algorithms: any, path: string): Promise; /** * Method to extract a war or ear file * * @param {string} jarFile Path to jar file * @param {string} tempDir Temporary directory to use for extraction * @param {object} jarNSMapping Jar class names mapping object * * @return pkgList Package list */ export function extractJarArchive(jarFile: string, tempDir: string, jarNSMapping?: object): Promise; /** * Determine the version of SBT used in compilation of this project. * By default it looks into a standard SBT location i.e. * /project/build.properties * Returns `null` if the version cannot be determined. * * @param {string} projectPath Path to the SBT project */ export function determineSbtVersion(projectPath: string): (string | number | boolean) | null; /** * Adds a new plugin to the SBT project by amending its plugins list. * Only recommended for SBT < 1.2.0 or otherwise use `addPluginSbtFile` * parameter. * The change manipulates the existing plugins' file by creating a copy of it * and returning a path where it is moved to. * Once the SBT task is complete one must always call `cleanupPlugin` to remove * the modifications made in place. * * @param {string} projectPath Path to the SBT project * @param {string} plugin Name of the plugin to add */ export function addPlugin(projectPath: string, plugin: string): string | null; /** * Cleans up modifications to the project's plugins' file made by the * `addPlugin` function. * * @param {string} projectPath Path to the SBT project * @param {string} originalPluginsFile Location of the original plugins file, if any */ export function cleanupPlugin(projectPath: string, originalPluginsFile: string): boolean; /** * Returns a default location of the plugins file. * * @param {string} projectPath Path to the SBT project */ export function sbtPluginsPath(projectPath: string): any; /** * Method to read a single file entry from a zip file * * @param {string} zipFile Zip file to read * @param {string} filePattern File pattern * @param {string} contentEncoding Encoding. Defaults to utf-8 * * @returns File contents */ export function readZipEntry(zipFile: string, filePattern: string, contentEncoding?: string): Promise; /** * Method to get the classes and relevant sources in a jar file * * @param {string} jarFile Jar file to read * * @returns List of classes and sources matching certain known patterns */ export function getJarClasses(jarFile: string): Promise; /** * Method to return the gradle command to use. * * @param {string} srcPath Path to look for gradlew wrapper * @param {string|null} rootPath Root directory to look for gradlew wrapper */ export function getGradleCommand(srcPath: string, rootPath: string | null): string; /** * Method to return the mill command to use. * * @param {string} srcPath Path to look for mill wrapper */ export function getMillCommand(srcPath: string): string; /** * Method to combine the general gradle arguments, the sub-commands and the sub-commands' arguments in the correct way * * @param {string[]} gradleArguments The general gradle arguments, which must only be added once * @param {string[]} gradleSubCommands The sub-commands that are to be executed by gradle * @param {string[]} gradleSubCommandArguments The arguments specific to the sub-command(s), which much be added PER sub-command * @param {int} gradleCommandLength The length of the full gradle-command * * @returns {string[]} Array of arrays of arguments to be added to the gradle command */ export function buildGradleCommandArguments(gradleArguments: string[], gradleSubCommands: string[], gradleSubCommandArguments: string[], gradleCommandLength: int): string[]; /** * Method to split the output produced by Gradle using parallel processing by project * * @param {string} rawOutput Full output produced by Gradle using parallel processing * @param {string[]} relevantTasks The list of gradle tasks whose output need to be considered. * @returns {map} Map with subProject names as keys and corresponding dependency task outputs as values. */ export function splitOutputByGradleProjects(rawOutput: string, relevantTasks: string[]): map; /** * Parse the contents of a 'Podfile.lock' * * @param {Object} podfileLock The content of the podfile.lock as an Object * @param {String} projectPath The path to the project root * @returns {Map} Map of all dependencies with their direct dependencies */ export function parsePodfileLock(podfileLock: Object, projectPath: string): Map; /** * Parse all targets and their direct dependencies from the 'Podfile' * * @param {Object} target A JSON-object representing a target * @param {Map} allDependencies The map containing all parsed direct dependencies for a target * @param {String} [prefix=undefined] Prefix to add to the targets name */ export function parsePodfileTargets(target: Object, allDependencies: Map, prefix?: string): void; /** * Parse a single line representing a dependency * * @param {String} dependencyLine The line that should be parsed as a dependency * @param {boolean} [parseVersion=true] Include parsing the version of the dependency * @returns {Object} Object representing a dependency */ export function parseCocoaDependency(dependencyLine: string, parseVersion?: boolean): Object; /** * Execute the 'pod'-command with parameters * * @param {String[]} parameters The parameters for the command * @param {String} path The path where the command should be executed * @param {Object} options CLI options * @returns {Object} The result of running the command */ export function executePodCommand(parameters: string[], path: string, options: Object): Object; /** * Method that handles object creation for cocoa pods. * * @param {Object} dependency The dependency that is to be transformed into an SBOM object * @param {Object} options CLI options * @param {String} [type="library"] The type of Object to create * @returns {Object} An object representing the pod in SBOM-format */ export function buildObjectForCocoaPod(dependency: Object, options: Object, type?: string): Object; /** * Method that handles object creation for gradle modules. * * @param {string} name The simple name of the module * @param {object} metadata Object with all other parsed data for the gradle module * @returns {object} An object representing the gradle module in SBOM-format */ export function buildObjectForGradleModule(name: string, metadata: object): object; /** * Method to return the maven command to use. * * @param {string} srcPath Path to look for maven wrapper * @param {string} rootPath Root directory to look for maven wrapper */ export function getMavenCommand(srcPath: string, rootPath: string): string; /** * Retrieves the atom command by referring to various environment variables */ export function getAtomCommand(): any; /** * Execute the atom tool against a source directory or file with the given arguments. * * Resolves the atom binary via `getAtomCommand`, sets up the required environment * (including `JAVA_HOME` from `ATOM_JAVA_HOME` if set), and spawns the process. * Logs diagnostic messages for common failure modes such as unsupported Java versions, * missing `astgen`, and JVM crashes. * * @param {string} src Path to the source directory or file to analyse * @param {string[]} args Arguments to pass to the atom command * @param {Object} extra_env Additional environment variables to merge into the process environment * @returns {boolean} `true` if atom executed successfully and the language is supported; `false` otherwise */ export function executeAtom(src: string, args: string[], extra_env?: Object): boolean; /** * Find the imported modules in the application with atom parsedeps command * * @param {string} src * @param {string} language * @param {string} methodology * @param {string} slicesFile * @returns List of imported modules */ export function findAppModules(src: string, language: string, methodology?: string, slicesFile?: string): any; /** * Create uv.lock file with uv sync command. * * @param {string} basePath Path * @param {Object} options CLI options */ export function createUVLock(basePath: string, options: Object): void; /** * Execute pip freeze by creating a virtual env in a temp directory and construct the dependency tree * * @param {string} basePath Base path * @param {string} reqOrSetupFile Requirements or setup.py file * @param {string} tempVenvDir Temp venv dir * @param {Object} parentComponent Parent component * * @returns {Object} List of packages from the virtual env */ export function getPipFrozenTree(basePath: string, reqOrSetupFile: string, tempVenvDir: string, parentComponent: Object): Object; /** * The problem: pip installation can fail for a number of reasons such as missing OS dependencies and devel packages. * When it fails, we don't get any dependency tree. As a workaroud, this method would attempt to install one package at a time to the same virtual environment and then attempts to obtain a dependency tree. * Such a tree could be incorrect or quite approximate, but some users might still find it useful to know the names of the indirect dependencies. * * @param {string} basePath Base path * @param {Array} pkgList Existing package list * @param {string} tempVenvDir Temp venv dir * @param {Object} parentComponent Parent component * * @returns List of packages from the virtual env */ export function getPipTreeForPackages(basePath: string, pkgList: any[], tempVenvDir: string, parentComponent: Object): { failedPkgList?: undefined; rootList?: undefined; dependenciesList?: undefined; } | { failedPkgList: any[]; rootList: { name: any; version: any; purl: string; "bom-ref": string; }[]; dependenciesList: { ref: string; dependsOn: any[]; }[]; }; /** * Parse a package.json `name` field (or a plain string) and extract its scope, * full name, project name, and module name components. * * @param {string|Object} name The package name string or an object with a `name` property * @returns {{ scope: string|null, fullName: string, projectName: string|null, moduleName: string|null }} */ export function parsePackageJsonName(name: string | Object): { scope: string | null; fullName: string; projectName: string | null; moduleName: string | null; }; /** * Collect bom-refs from metadata.tools entries. * * @param {Object[]|Object} tools CycloneDX metadata.tools section * @param {Function} predicate Optional filter function * @returns {string[]} Unique tool bom-refs */ export function extractToolRefs(tools: Object[] | Object, predicate: Function): string[]; /** * Attach evidence.identity.tools references to the supplied subjects. * * @param {Object|Object[]} subjects Component or service objects * @param {string[]} toolRefs Tool bom-refs * @returns {Object|Object[]} The same mutated subject(s) */ export function attachIdentityTools(subjects: Object | Object[], toolRefs: string[]): Object | Object[]; /** * Method to add occurrence evidence for components based on import statements. Currently useful for js * * @param {array} pkgList List of package * @param {object} allImports Import statements object with package name as key and an object with file and location details * @param {object} allExports Exported modules if available from node_modules * @param {Boolean} deep Deep mode */ export function addEvidenceForImports(pkgList: array, allImports: object, allExports: object, deep: boolean): Promise; /** * Comparator function for sorting CycloneDX component objects. * * Compares components by `bom-ref`, then `purl`, then `name`, using locale-aware * string comparison on the first available key. * * @param {Object|string} a First component to compare * @param {Object|string} b Second component to compare * @returns {number} Negative, zero, or positive integer as required by Array.sort */ export function componentSorter(a: Object | string, b: Object | string): number; /** * Parse a CMake-generated dot/graphviz file and extract components and their dependency * relationships. * * The first `digraph` entry becomes the parent component. Subsequent `node` entries * with a `label` attribute are treated as direct dependencies, while commented * `node -> node` relationships are used to construct the dependency graph. * * @param {string} dotFile Path to the CMake-generated dot file * @param {string} pkgType PackageURL type to assign to extracted packages (e.g. `"generic"`) * @param {Object} options CLI options; may contain `projectGroup`, `projectName`, and `projectVersion` * @returns {{ parentComponent: Object, pkgList: Object[], dependenciesList: Object[] }} */ export function parseCmakeDotFile(dotFile: string, pkgType: string, options?: Object): { parentComponent: Object; pkgList: Object[]; dependenciesList: Object[]; }; /** * Parse a CMake-like build file (CMakeLists.txt, meson.build, etc.) and extract the * parent component and list of dependency packages. * * Handles `set`, `project`, `find_package`, `find_library`, `find_dependency`, * `find_file`, `FetchContent_MakeAvailable`, and `dependency()` directives. * Uses the MesonWrapDB to improve name resolution confidence. * * @param {string} cmakeListFile Path to the CMake-like build file * @param {string} pkgType PackageURL type to assign to extracted packages (e.g. `"generic"`) * @param {Object} options CLI options; may contain `projectGroup`, `projectName`, and `projectVersion` * @returns {{ parentComponent: Object, pkgList: Object[] }} */ export function parseCmakeLikeFile(cmakeListFile: string, pkgType: string, options?: Object): { parentComponent: Object; pkgList: Object[]; }; /** * Find the OS package component that provides a given file, by searching the * `PkgProvides` property of each package in the OS package list. * * @param {string} afile Filename or path to look up (matched case-insensitively) * @param {Object[]} osPkgsList Array of OS package component objects to search * @returns {Object|undefined} The matching OS package component, or undefined if not found */ export function getOSPackageForFile(afile: string, osPkgsList: Object[]): Object | undefined; /** * Method to find c/c++ modules by collecting usages with atom * * @param {string} src directory * @param {object} options Command line options * @param {array} osPkgsList Array of OS pacakges represented as components * @param {array} epkgList Existing packages list */ export function getCppModules(src: string, options: object, osPkgsList: array, epkgList: array): { parentComponent: Object | { name: any; version: any; description: any; license: any; purl: string; type: string; "bom-ref": string; group?: undefined; } | { group: any; name: any; version: string; type: string; description?: undefined; license?: undefined; purl?: undefined; "bom-ref"?: undefined; } | undefined; pkgList: any[]; dependenciesList: { ref: any; dependsOn: any[]; }[]; }; /** * NOT IMPLEMENTED YET. * A future method to locate a generic package given some name and properties * * @param {object} apkg Package to locate * @returns Located project with precise purl or the original unmodified input. */ export function locateGenericPackage(apkg: object): object; export function parseCUsageSlice(sliceData: any): {} | undefined; /** * Method to retrieve metadata for nuget packages * * @param {Array} pkgList Package list * @param {Array} dependencies Dependencies */ export function getNugetMetadata(pkgList: any[], dependencies?: any[]): Promise<{ pkgList: any[]; dependencies: any[]; }>; /** * Enrich .NET package components with occurrence evidence and imported module/method * information from a dosai dependency slices file. * * Builds a mapping of DLL filenames to purls using the `PackageFiles` property of each * package, then reads the slices file to add occurrence locations, imported modules, * called methods, and assembly version information where available. * * @param {Object[]} pkgList Array of .NET package component objects to enrich * @param {string} slicesFile Path to the dosai dependency slices JSON file * @returns {Object[]} The enriched package list (same array, mutated in place) */ export function addEvidenceForDotnet(pkgList: Object[], slicesFile: string): Object[]; /** * Function to parse the .d make files * * @param {String} dfile .d file path * * @returns {Object} pkgFilesMap Object with package name and list of files */ export function parseMakeDFile(dfile: string): Object; /** * Function to validate an externalReference URL for conforming to the JSON schema or bomLink * https://github.com/CycloneDX/cyclonedx-core-java/blob/75575318b268dda9e2a290761d7db11b4f414255/src/main/resources/bom-1.5.schema.json#L1140 * https://datatracker.ietf.org/doc/html/rfc3987#section-2.2 * https://cyclonedx.org/capabilities/bomlink/ * * @param {String} iri IRI to validate * * @returns {Boolean} Flag indicating whether the supplied URL is valid or not * */ export function isValidIriReference(iri: string): boolean; /** * Method to check if a given dependency tree is partial or not. * * @param {Array} dependencies List of dependencies * @param {Number} componentsCount Number of components * @returns {Boolean} True if the dependency tree lacks any non-root parents without children. False otherwise. */ export function isPartialTree(dependencies: any[], componentsCount?: number): boolean; /** * Re-compute and set the scope based on the dependency tree * * @param {Array} pkgList List of components * @param {Array} dependencies List of dependencies * * @returns {Array} Updated list */ export function recomputeScope(pkgList: any[], dependencies: any[]): any[]; /** * Function to parse a list of environment variables to identify the paths containing executable binaries * * @param envValues {Array[String]} Environment variables list * @returns {Array[String]} Binary Paths identified from the environment variables */ export function extractPathEnv(envValues: any): any; /** * Collect all executable files from the given list of binary paths * * @param basePath Base directory * @param binPaths {Array[String]} Paths containing potential binaries * @param excludePaths {Array[String]} Container-relative paths that should be excluded from the result set * @return {Array[String]} List of executables */ export function collectExecutables(basePath: any, binPaths: any, excludePaths?: any): any; /** * Collect all shared library files from the given list of paths * * @param basePath Base directory * @param libPaths {Array[String]} Paths containing potential libraries * @param ldConf {String} Config file used by ldconfig to locate additional paths * @param ldConfDirPattern {String} Config directory that can contain more .conf files for ldconfig * @param excludePaths {Array[String]} Container-relative paths that should be excluded from the result set * * @return {Array[String]} List of executables */ export function collectSharedLibs(basePath: any, libPaths: any, ldConf: string, ldConfDirPattern: string, excludePaths?: any): any; /** * Get information about the runtime. * * @returns {Object} Object containing the name and version of the runtime */ export function getRuntimeInformation(): Object; /** * Checks for dangerous Unicode characters that could enable homograph attacks * * @param {string} str String to check * @returns {boolean} true if dangerous Unicode is found */ export function hasDangerousUnicode(str: string): boolean; /** * Validates that a root is a legitimate Windows drive letter format * * @param {string} root Root to validate * @returns {boolean} true if valid drive format */ export function isValidDriveRoot(root: string): boolean; /** * Get version and runtime information */ export function retrieveCdxgenVersion(): string; /** * Retrieve the version of the cdxgen plugins binary package from package.json. * * Reads the local package.json and searches the `optionalDependencies` for a package * whose name starts with `@cdxgen/cdxgen-plugins-bin`, returning its declared version. * * @returns {string|undefined} Version string of the plugins binary package, or undefined if not found */ export function retrieveCdxgenPluginVersion(): string | undefined; /** * Helper to split a command line string into an array of arguments, * respecting single and double quotes. * * @param {String} commandString The full command line string * @returns {Array} Array of tokens */ export function splitCommandArgs(commandString: string): Array; /** * Convert hyphenated strings to camel case. * * @param {String} str String to convert * @returns {String} camelCased string */ export function toCamel(str: string): string; export const dirNameStr: any; export const isSecureMode: any; export let isDryRun: any; export const isNode: boolean; export const isBun: boolean; export const isDeno: boolean; export const isWin: boolean; export const isMac: boolean; export const DRY_RUN_ERROR_CODE: "CDXGEN_DRY_RUN"; export const commandsExecuted: Set; export const frameworksList: any; export const CDXGEN_VERSION: any; export const DEBUG_MODE: boolean; export const CDXGEN_SPDX_CREATED_BY: any; export const TABLE_BORDER_STYLE: string; export const TIMEOUT_MS: number; export const MAX_BUFFER: number; export let metadata_cache: {}; export const includeMavenTestScope: boolean; export const PREFER_MAVEN_DEPS_TREE: boolean; export const FETCH_LICENSE: boolean; export const SEARCH_MAVEN_ORG: boolean; export const JAVA_CMD: string; export const PYTHON_CMD: string; export let DOTNET_CMD: string; export let NODE_CMD: string; export let NPM_CMD: string; export let YARN_CMD: string; export let GCC_CMD: string; export let RUSTC_CMD: string; export let GO_CMD: string; export let CARGO_CMD: string; export let CLJ_CMD: string; export let LEIN_CMD: string; export let CDXGEN_TEMP_DIR: string; export const SWIFT_CMD: any; export const RUBY_CMD: any; export const PYTHON_EXCLUDED_COMPONENTS: string[]; export const PROJECT_TYPE_ALIASES: { java: string[]; android: string[]; jar: string[]; "gradle-index": string[]; "sbt-index": string[]; "maven-index": string[]; "cargo-cache": string[]; js: string[]; mcp: string[]; "ai-skill": string[]; py: string[]; go: string[]; rust: string[]; php: string[]; ruby: string[]; csharp: string[]; dart: string[]; haskell: string[]; elixir: string[]; c: string[]; clojure: string[]; github: string[]; hbom: string[]; os: string[]; jenkins: string[]; helm: string[]; "helm-index": string[]; universal: string[]; cloudbuild: string[]; swift: string[]; binary: string[]; oci: string[]; cocoa: string[]; scala: string[]; nix: string[]; caxa: string[]; asar: string[]; "vscode-extension": string[]; "chrome-extension": string[]; }; export namespace PACKAGE_MANAGER_ALIASES { let scala: string[]; } export const remoteHostsAccessed: Set; export const cdxgenAgent: import("got").Got<{ headers: { "user-agent": string; }; cache: Keyv | undefined; retry: { limit: number; }; followRedirect: boolean; hooks: { beforeRequest: ((options: import("got").NormalizedOptions) => void)[]; afterResponse: ((response: any) => any)[]; beforeError: ((error: import("got").RequestError) => import("got").RequestError)[]; }; }>; export const RUBY_PLATFORM_PREFIXES: string[]; import { PackageURL } from "packageurl-js"; import Keyv from "keyv"; //# sourceMappingURL=utils.d.ts.map