Lines Matching defs:const
2 const crypto = require('crypto')
3 const normalizeData = require('normalize-package-data')
4 const npa = require('npm-package-arg')
5 const ssri = require('ssri')
7 const SPDX_SCHEMA_VERSION = 'SPDX-2.3'
8 const SPDX_DATA_LICENSE = 'CC0-1.0'
9 const SPDX_IDENTIFER = 'SPDXRef-DOCUMENT'
11 const NO_ASSERTION = 'NOASSERTION'
13 const REL_DESCRIBES = 'DESCRIBES'
14 const REL_PREREQ = 'PREREQUISITE_FOR'
15 const REL_OPTIONAL = 'OPTIONAL_DEPENDENCY_OF'
16 const REL_DEV = 'DEV_DEPENDENCY_OF'
17 const REL_DEP = 'DEPENDENCY_OF'
19 const REF_CAT_PACKAGE_MANAGER = 'PACKAGE-MANAGER'
20 const REF_TYPE_PURL = 'purl'
22 const spdxOutput = ({ npm, nodes, packageType }) => {
23 const rootNode = nodes.find(node => node.isRoot)
24 const childNodes = nodes.filter(node => !node.isRoot && !node.isLink)
25 const rootID = rootNode.pkgid
26 const uuid = crypto.randomUUID()
27 const ns = `http://spdx.org/spdxdocs/${npa(rootID).escapedName}-${rootNode.version}-${uuid}`
29 const relationships = []
30 const seen = new Set()
41 const rels = [...node.edgesOut.values()]
50 const extraRelationships = nodes.filter(node => node.extraneous)
55 const bom = {
82 const toSpdxItem = (node, { packageType }) => {
88 const purl = npa.toPurl(spec) + (isGitNode(node) ? `?vcs_url=${node.resolved}` : '')
103 const pkg = {
124 const integrity = ssri.parse(node.integrity, { single: true })
133 const toSpdxRelationship = (node, edge) => {
156 const toSpdxID = (node) => {
168 const isGitNode = (node) => {
174 const { type } = npa(node.resolved)