refactor: use sophisticated logger #1129
Conversation
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
There was a problem hiding this comment.
Thank you for the contribution, @jase88 .
I had a quick review and found some remarks.
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
Thank you @jkowalleck. I have made some changes and am happy to receive further feedback |
| @@ -17,12 +17,14 @@ SPDX-License-Identifier: Apache-2.0 | |||
| Copyright (c) OWASP Foundation. All Rights Reserved. | |||
| */ | |||
|
|
|||
| import { existsSync } from 'node:fs' | |||
| import * as path from 'node:path' | |||
There was a problem hiding this comment.
the node: notation, this might not work on node14.0 -- which is a supported branch.
will add additional CI tests and have it tested
There was a problem hiding this comment.
test run including node 14.0.0
https://github.com/CycloneDX/cyclonedx-node-npm/actions/runs/7114640707/job/19369091011?pr=1129
There was a problem hiding this comment.
tests with node14.0.0 do not complete due to a transitive dependency that is not installable.
|
first of all, thanks you for the contribution. Some (transitive) dependencies are not available for node14.0.0. see https://github.com/CycloneDX/cyclonedx-node-npm/actions/runs/7114640707/job/19369116439?pr=1129#step:4:2384 I tried out your implementation, and here are the things i don't like:
|
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
so raising to node
should be fixed by now.
couldn't figure out why, will have a closer look at the docs next days.
you don't want to see any timestamp or you don't like the format of the timestamp? |
It is no bulk output at the end. You can test it with some deferral like |
Do not want to see any timestamps at all.
for my tests, it was. for a second of delay no output was sent at all, then all was sent as a bulk. sometimes right BEFORE the SBOM, sometimes right after the SBOM. $ ./bin/cyclonedx-npm-cli.js --verbosity debug
{
"$schema": "http://cyclonedx.org/schema/bom-1.4.schema.json",
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"version": 1,
....
"ref": "@oozcitak/url@1.0.4",
"dependsOn": [
"@oozcitak/infra@1.0.8",
"@oozcitak/util@8.3.8"
]
},
{
"ref": "@oozcitak/util@8.3.8"
}
]
}[2023-12-07 12:02:20.950] DEBUG: options: {"verbosity":"debug","ignoreNpmErrors":false,"packageLockOnly":false,"omit":[],"flattenComponents":false,"shortPURLs":false,"specVersion":"1.4","outputFormat":"JSON","outputFile":"-","validate":true,"mcType":"application"}
[2023-12-07 12:02:20.951] DEBUG: packageFile: .../cyclonedx-node-npm/package.json
[2023-12-07 12:02:20.951] INFO: projectDir: .../cyclonedx-node-npm
[2023-12-07 12:02:20.951] DEBUG: detected a node_modules dir
[2023-12-07 12:02:20.953] DEBUG: BomBuilder > makeNpmRunner caused execSync "npm"
[2023-12-07 12:02:20.953] INFO: BomBuilder > detect NPM version ...
[2023-12-07 12:02:21.673] DEBUG: BomBuilder > detected NPM version '9.4.2'
[2023-12-07 12:02:21.673] INFO: BomBuilder > gather dependency tree ...
[2023-12-07 12:02:21.673] DEBUG: BomBuilder > npm-ls: run npm with ["ls","--json","--long","--all"] in '.../cyclonedx-node-npm'
[2023-12-07 12:02:23.267] INFO: BomBuilder > build BOM ... |
Signed-off-by: jase88 <804836+jase88@users.noreply.github.com>
|
see #1131 |
fixes: #158
pino. See GitHub or Docs--verbositylevel with optionsdebugerrorfatalwarn(default)infotracesilentSTDERR