Skip to content

Commit 79e3c1e

Browse files
committed
fix: use @npmcli/package-json to normalize package data
1 parent f73e65d commit 79e3c1e

File tree

2 files changed

+8
-4
lines changed

2 files changed

+8
-4
lines changed

lib/utils/sbom-cyclonedx.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
const crypto = require('node:crypto')
2-
const normalizeData = require('normalize-package-data')
32
const parseLicense = require('spdx-expression-parse')
3+
const PackageJson = require('@npmcli/package-json')
44
const npa = require('npm-package-arg')
55
const ssri = require('ssri')
66

@@ -79,7 +79,9 @@ const toCyclonedxItem = (node, { packageType }) => {
7979
const purl = npa.toPurl(spec) + (isGitNode(node) ? `?vcs_url=${node.resolved}` : '')
8080

8181
if (node.package) {
82-
normalizeData(node.package)
82+
const toNormalize = new PackageJson()
83+
toNormalize.fromContent(node.package).normalize({ steps: ['normalizeData'] })
84+
node.package = toNormalize.content
8385
}
8486

8587
let parsedLicense

lib/utils/sbom-spdx.js

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11

22
const crypto = require('node:crypto')
3-
const normalizeData = require('normalize-package-data')
3+
const PackageJson = require('@npmcli/package-json')
44
const npa = require('npm-package-arg')
55
const ssri = require('ssri')
66

@@ -90,7 +90,9 @@ const spdxOutput = ({ npm, nodes, packageType }) => {
9090
}
9191

9292
const toSpdxItem = (node, { packageType }) => {
93-
normalizeData(node.package)
93+
const toNormalize = new PackageJson()
94+
toNormalize.fromContent(node.package).normalize({ steps: ['normalizeData'] })
95+
node.package = toNormalize.content
9496

9597
// Calculate purl from package spec
9698
let spec = npa(node.pkgid)

0 commit comments

Comments
 (0)