From 72accde6040b5cf6b9c4dbda6fa272bc6eb59432 Mon Sep 17 00:00:00 2001
From: jdalton <john.david.dalton@gmail.com>
Date: Mon, 1 Jul 2024 13:07:30 -0400
Subject: [PATCH] Ensure the @jdalton/packageurl-js is used for cdxgen

---
 package-lock.json | 13 +++----
 package.json      | 88 +++++++++++++++++++++++++----------------------
 2 files changed, 54 insertions(+), 47 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b0ae6463..fd95ab6d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -523,6 +523,13 @@
         "win32"
       ]
     },
+    "node_modules/@cyclonedx/cdxgen/node_modules/packageurl-js": {
+      "name": "@jdalton/packageurl-js",
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/@jdalton/packageurl-js/-/packageurl-js-1.2.7.tgz",
+      "integrity": "sha512-xcur8vvQEr3k9G2EpM+8lXSeCz2ZKb9h986PlrCfz6i8JHOYrcqSXhtYna+tNfO+15PJDENQdIAmahRR2ZWTWA==",
+      "license": "MIT"
+    },
     "node_modules/@es-joy/jsdoccomment": {
       "version": "0.43.1",
       "resolved": "https://registry.npmjs.org/@es-joy/jsdoccomment/-/jsdoccomment-0.43.1.tgz",
@@ -10411,12 +10418,6 @@
         "node": ">=12.20"
       }
     },
-    "node_modules/packageurl-js": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/packageurl-js/-/packageurl-js-1.0.2.tgz",
-      "integrity": "sha512-fWC4ZPxo80qlh3xN5FxfIoQD3phVY4+EyzTIqyksjhKNDmaicdpxSvkWwIrYTtv9C1/RcUN6pxaTwGmj2NzS6A==",
-      "license": "MIT"
-    },
     "node_modules/pacote": {
       "version": "18.0.6",
       "resolved": "https://registry.npmjs.org/pacote/-/pacote-18.0.6.tgz",
diff --git a/package.json b/package.json
index 059627c4..9b028f27 100644
--- a/package.json
+++ b/package.json
@@ -14,9 +14,6 @@
     "url": "https://socket.dev"
   },
   "license": "MIT",
-  "engines": {
-    "node": "^20.9.0 || >=21.1.0"
-  },
   "type": "module",
   "bin": {
     "socket": "cli.js",
@@ -30,18 +27,32 @@
     "lib/**/*.cjs",
     "lib/shadow/**"
   ],
-  "scripts": {
-    "check:dependency-check": "dependency-check '*.js' 'lib/shadow/*.cjs' '*.mjs' 'test/**/*.js' --no-dev --ignore-module node:* --ignore-module @cyclonedx/* --ignore-module synp",
-    "check:installed-check": "installed-check -i eslint-plugin-jsdoc",
-    "check:lint": "eslint --report-unused-disable-directives .",
-    "check:tsc": "tsc",
-    "check:type-coverage": "type-coverage --detail --strict --at-least 95 --ignore-files 'test/*'",
-    "check": "run-p -c --aggregate-output check:*",
-    "prepare": "husky install",
-    "test:unit": "c8 --reporter=lcov --reporter text node --test",
-    "test-ci": "run-s test:*",
-    "test": "run-s check test:*",
-    "//postinstall": "node ./cli.js wrapper --postinstall"
+  "dependencies": {
+    "@apideck/better-ajv-errors": "^0.3.6",
+    "@cyclonedx/cdxgen": "^10.7.0",
+    "@inquirer/select": "^2.3.5",
+    "@socketsecurity/config": "^2.1.3",
+    "@socketsecurity/sdk": "^1.2.0",
+    "chalk": "^5.3.0",
+    "chalk-table": "^1.0.2",
+    "execa": "^9.1.0",
+    "globby": "^14.0.1",
+    "hpagent": "^1.2.0",
+    "ignore": "^5.3.1",
+    "ignore-by-default": "^2.1.0",
+    "inquirer": "^9.2.23",
+    "is-interactive": "^2.0.0",
+    "is-unicode-supported": "^2.0.0",
+    "meow": "^13.2.0",
+    "open": "^10.1.0",
+    "ora": "^8.0.1",
+    "pony-cause": "^2.1.11",
+    "prompts": "^2.4.2",
+    "synp": "^1.9.13",
+    "terminal-link": "^3.0.0",
+    "update-notifier": "^7.0.0",
+    "which": "^4.0.0",
+    "yargs-parser": "^21.1.1"
   },
   "devDependencies": {
     "@socketsecurity/eslint-config": "^5.0.1",
@@ -82,31 +93,26 @@
     "type-coverage": "^2.29.0",
     "typescript": "~5.5.2"
   },
-  "dependencies": {
-    "@apideck/better-ajv-errors": "^0.3.6",
-    "@cyclonedx/cdxgen": "^10.7.0",
-    "@inquirer/select": "^2.3.5",
-    "@socketsecurity/config": "^2.1.3",
-    "@socketsecurity/sdk": "^1.2.0",
-    "chalk": "^5.3.0",
-    "chalk-table": "^1.0.2",
-    "execa": "^9.1.0",
-    "globby": "^14.0.1",
-    "hpagent": "^1.2.0",
-    "ignore": "^5.3.1",
-    "ignore-by-default": "^2.1.0",
-    "inquirer": "^9.2.23",
-    "is-interactive": "^2.0.0",
-    "is-unicode-supported": "^2.0.0",
-    "meow": "^13.2.0",
-    "open": "^10.1.0",
-    "ora": "^8.0.1",
-    "pony-cause": "^2.1.11",
-    "prompts": "^2.4.2",
-    "synp": "^1.9.13",
-    "terminal-link": "^3.0.0",
-    "update-notifier": "^7.0.0",
-    "which": "^4.0.0",
-    "yargs-parser": "^21.1.1"
+  "overrides": {
+    "@cyclonedx/cdxgen": {
+      "packageurl-js": "https://registry.npmjs.org/@jdalton/packageurl-js/-/packageurl-js-1.2.7.tgz"
+    }
+  },
+  "engines": {
+    "node": "^20.9.0 || >=21.1.0"
+  },
+
+  "scripts": {
+    "check:dependency-check": "dependency-check '*.js' 'lib/shadow/*.cjs' '*.mjs' 'test/**/*.js' --no-dev --ignore-module node:* --ignore-module @cyclonedx/* --ignore-module synp",
+    "check:installed-check": "installed-check -i eslint-plugin-jsdoc",
+    "check:lint": "eslint --report-unused-disable-directives .",
+    "check:tsc": "tsc",
+    "check:type-coverage": "type-coverage --detail --strict --at-least 95 --ignore-files 'test/*'",
+    "check": "run-p -c --aggregate-output check:*",
+    "prepare": "husky install",
+    "test:unit": "c8 --reporter=lcov --reporter text node --test",
+    "test-ci": "run-s test:*",
+    "test": "run-s check test:*",
+    "//postinstall": "node ./cli.js wrapper --postinstall"
   }
 }