Skip to content

herodevs/eol-shared

BranchesTags

Repository files navigation

@herodevs/eol-shared

A TypeScript utility library for End-of-Life (EOL) scanning and analysis.

Installation

npm install github:herodevs/eol-shared

Requirements

  • Node.js 22 or higher

API

spdxToCdxBom(spdxBom: SPDX23): CdxBom

Converts an SPDX BOM to CycloneDX format. This conversion takes the most important package and relationship data from SPDX and translates them into CycloneDX components and dependencies as closely as possible.

import { spdxToCdxBom } from '@herodevs/eol-shared';
import type { CdxBom } from '@herodevs/eol-shared';

const spdxBom = {
  /* your SPDX BOM data */
};
const cdxBom: CdxBom = spdxToCdxBom(spdxBom);

Parameters: spdxBom - The SPDX BOM object to convert
Returns: A CycloneDX BOM object

xmlStringToJSON(xmlString: string): CdxBom

Converts a CycloneDX XML string to a JSON object. The CycloneDX spec does not change between formats, so conversion from XML to JSON is lossless.

import { xmlStringToJSON } from '@herodevs/eol-shared';
import type { CdxBom } from '@herodevs/eol-shared';

const xmlString = `<?xml version="1.0"?>...`;
const jsonBom: CdxBom = xmlStringToJSON(xmlString);

Parameters: xmlString - The XML string to parse
Returns: The parsed CycloneDX BOM object

trimCdxBom(cdxBom: CdxBom): CdxBom

Creates a trimmed copy of a CycloneDX BOM by removing SBOM data not necessary for EOL scanning:

  • externalReferences from components
  • evidence from components
  • hashes from components
  • properties from components
import { trimCdxBom } from '@herodevs/eol-shared';
import type { CdxBom } from '@herodevs/eol-shared';

const originalBom: CdxBom = {
  /* your CycloneDX BOM */
};
const trimmedBom: CdxBom = trimCdxBom(originalBom);

Parameters: cdxBom - The CycloneDX BOM to trim
Returns: A new trimmed CycloneDX BOM object

Types

The package exports the following TypeScript types:

BOM

  • CdxBom - CycloneDX BOM structure as exported from @cyclonedx/cyclonedx-library
  • Component - Component definition
  • Dependency - Dependency relationship
  • Hash - Hash/checksum information
  • License - License information
  • ExternalReference - External reference data
  • ComponentScope - Component scope enumeration

EOL

  • CveStats - CVE statistics with ID, CVSS score, and publication date
  • EolScanComponentMetadata - Metadata for EOL scan components including EOL status, dates, reasons, and CVE information
  • EolScanComponent - Component data for EOL scanning with metadata, PURL, and optional NES remediation
  • EolReportMetadata - Report-level metadata including component counts
  • EolReport - Complete EOL scan report with components and metadata
  • EolReportQueryResponse - GraphQL response type for EOL report queries
  • EolReportMutationResponse - GraphQL response type for EOL report mutations
  • CreateEolReportInput - Input parameters for creating new EOL reports
  • ComponentStatus - Component status enumeration (UNKNOWN, OK, EOL, EOL_UPCOMING)

Resources

This package is designed to work with:

  • CycloneDX - Industry standard for Software Bill of Materials
  • SPDX - Software Package Data Exchange standard

About

Common patterns, tools, and types for EOL parsing and handling

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages