-
-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"--omit dev" created a lot of "DummyComponent.InterferedDependency..." entries in the BOM #254
Comments
I have tried this on another project without "prod" dependencies and only dev dependencies. It seems that all dev dependencies are added to the BOM as DummyComponent. |
thank you for the report, @AndreVirtimo . i will check into this.
PS: tried to reproduce with all the information you gave and the exact dependencies from your report, and was not able to reproduce. could you create a github repo with a setup that isolates your issue and makes it reproducible? |
previously i tried with some arbitrary I found the issue was gone when i used I am sorry, you might need to upgrade your NPM to a version >= 8.7.0 to fix this issue. Will change internal implementations of this tool to circumvent the issue. see #259 |
@jkowalleck thank you for checking this issue. I can confirm that this issue was gone after updating npm to version 8.19.2. |
this issue was fixed in v1.3.0 of |
When I'm using the "--omit dev" parameter then I got a lot of entries with the prefix "DummyComponent.InterferedDependency."
I'm using "@cyclonedx/cyclonedx-npm" version 1.2.0 as dev dependency. And it seems this is also in the BOM which I didn't expected.
To Reproduce
Snippet from my package.json with to internal dependencies removed.
Expected behavior
No dummy entries and no dev dependencies.
Environment
npm - 8.5.1
node - v17.6.0
macOS 12.6
The text was updated successfully, but these errors were encountered: