pnpm sbom
Added in: v11.0.0
Generate a Software Bill of Materials (SBOM) for the project.
Supported formats:
- CycloneDX 1.7 (JSON)
- SPDX 2.3 (JSON)
Usage
pnpm sbom --sbom-format cyclonedx
pnpm sbom --sbom-format spdx
pnpm sbom --sbom-format cyclonedx --lockfile-only
pnpm sbom --sbom-format spdx --prod
Options
--sbom-format <cyclonedx|spdx>" title="Direct link to --sbom-format " translate=no>
The SBOM output format. This option is required. Supported values: cyclonedx, spdx.
--sbom-type <library|application>" title="Direct link to --sbom-type " translate=no>
- Default: library
The component type for the root package.
--sbom-spec-version <version>" title="Direct link to --sbom-spec-version " translate=no>
Added in: v11.1.0
- Default: 1.7
- Type: 1.5, 1.6, 1.7
The CycloneDX specification version to emit. Only valid with --sbom-format cyclonedx.
--lockfile-only
Only use lockfile data (skip reading from the store).
--sbom-authors <names>" title="Direct link to --sbom-authors " translate=no>
Comma-separated list of SBOM authors. Written to metadata.authors in the CycloneDX output.
--sbom-supplier <name>" title="Direct link to --sbom-supplier " translate=no>
SBOM supplier name. Written to metadata.supplier in the CycloneDX output.
--prod, -P
Only include dependencies and optionalDependencies.
--dev, -D
Only include devDependencies.
--no-optional
Don't include optionalDependencies.