cdx:npm Namespace TaxonomyThis is the namespace for official CycloneDX properties related to the Node NPM ecosystem.
The official rules and processes apply - see parent document.
| Namespace | Description |
|---|---|
cdx:npm:package |
Namespace for package specific properties. |
cdx:npm:package:constraint |
Namespace for package constraints. |
Boolean value are true or false; case sensitive.
cdx:npm:package Namespace Taxonomy| Property | Description |
|---|---|
cdx:npm:package:bundled |
Whether the package was bundled(shipped) with its parent component. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:extraneous |
Whether the package was installed extraneous. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:private |
Whether the package was flagged as “private”. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:development |
Whether the package was flagged as “devDependency”. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:path |
A path the package is installed to. Posix-like path representation relative to the root directory of the project under analysis. To represent the root dir, an empty string is used. May appear multiple times with different values. Example value: node_modules/cliui/node_modules/strip-ansi |
cdx:npm:package:constraint Namespace Taxonomy| Property | Description |
|---|---|
cdx:npm:package:constraint:engine:<NAME> |
Supported/required engine marker. May appear once. Example: cdx:npm:package:constraint:engine:node = >=12.2 |
cdx:npm:package:constraint:engine-strict |
Whether the engine is a requirement, or an advice. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:constraint:os |
Supported/required operating system markers. May appear multiple times with different values. |