| Namespace | Description |
|---|---|
cdx:npm:package |
Namespace for package specific properties. |
cdx:npm:package:constraint |
Namespace for package constraints. |
Boolean value are true or false. Case sensitive.
| Property | Description |
|---|---|
cdx:npm:package:bundled |
Whether the package was bundled(shipped) with its parent component. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:extraneous |
Whether the package was installed extraneous. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:private |
Whether the package was flagged as "private". Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:development |
Whether the package was flagged as "devDependency". Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:path |
A path the package is installed to. Posix-like path representation relative to the root directory of the project under analysis. To represent the root dir, an empty string is used. May appear multiple times with different values. Example value: node_modules/cliui/node_modules/strip-ansi |
| Property | Description |
|---|---|
cdx:npm:package:constraint:engine:<NAME> |
Supported/required engine marker. May appear once. Example: cdx:npm:package:constraint:engine:node = >=12.2 |
cdx:npm:package:constraint:engine-strict |
Whether the engine is a requirement, or an advice. Boolean value. If the property is missing, then assume the value to be false. May appear once. |
cdx:npm:package:constraint:os |
Supported/required operating system markers. May appear multiple times with different values. |