BC: Properly exclude external packages when preparing this library for web browsers

Signed-off-by: Jan Kowalleck <[email protected]>

Author: jkowalleck

Diff for: .eslintignore

@@ -1,11 +1,13 @@
 **/node_modules/**
 
-
 # generated files: dist and docs
+/reports/**
 /dist/**
 /dist.*/**
 /docs/api/**
 /examples/node-typescript/dist/**
+/examples/web/dist/**
+
 
 !/src/**
 !/libs/**

Diff for: .github/workflows/nodejs.yml

@@ -263,7 +263,7 @@ jobs:
         run: node -- 'example.${{ matrix.js-type }}'
         working-directory: ${{ env.EXAMPLE_DIR }}
 
-  example-typescript:
+  example-TS:
     needs: [ 'build' ]
     name: example TS${{ matrix.typescript-version }} ${{ matrix.js-type }}
     runs-on: ubuntu-latest
@@ -326,6 +326,38 @@ jobs:
         run: npm run example
         working-directory: ${{ env.EXAMPLE_DIR }}
 
+  examples-Web:
+    needs: [ 'build' ]
+    name: example Web
+    runs-on: ubuntu-latest
+    env:
+      EXAMPLE_DIR: examples/web
+    steps:
+      - name: Checkout
+        # see https://github.com/actions/checkout
+        uses: actions/checkout@v3
+      - name: Setup Node.js ${{ env.NODE_ACTIVE_LTS }}
+        # see https://github.com/actions/setup-node
+        uses: actions/setup-node@v3
+        with:
+          node-version: ${{ env.NODE_ACTIVE_LTS }}
+      - name: fetch build artifact 'node'
+        # see https://github.com/actions/download-artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: dist.web
+          path: dist.web
+      - name: setup library
+        run: |
+          set -ex
+          npm ci --ignore-scripts --omit=dev --include=optional --loglevel=silly
+      - name: setup example project
+        run: npm i --no-save --loglevel=silly
+        working-directory: ${{ env.EXAMPLE_DIR }}
+      - name: build example
+        run: npm run build
+        working-directory: ${{ env.EXAMPLE_DIR }}
+
   api-doc:
     name: api-doc ${{ matrix.target }}
     runs-on: "ubuntu-latest"

Diff for: HISTORY.md

@@ -4,12 +4,22 @@ All notable changes to this project will be documented in this file.
 
 ## unreleased
 
+* BREAKING
+  * Usage in web browsers might no longer work out of the box (via [#880])  
+    It requires a bundler/packer for web. See the `examples/web` as a best-practice guide utilizing _Webpack_.  
+    This is only a breaking change if you used this library in a web browser.
+* Fixed
+  * Properly exclude external packages when preparing this library for web browsers (via [#880])
+* Examples
+  * Adjusted example for usage in web browsers (via [#880])
 * Build
   * Use _TypeScript_ `v5.1.6` now, was `v5.1.5` (via [#866])
   * Use _Webpack_ `v5.88.1` now, was `v5.88.0` (via [#870])
+  * Apply wider exclusion for externals to be future-prove (via [#880])
 
 [#866]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/866
 [#870]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/870
+[#880]: https://github.com/CycloneDX/cyclonedx-javascript-library/pull/880
 
 ## 3.0.0 -- 2023-06-28
 

Diff for: examples/README.md

@@ -9,7 +9,8 @@
   * [`example.cjs`](node-typescript/example.cjs) targets JavaScript, "commonjs" style - from TypeScript `^3.8 || ^4 || ^5`.
   * [`example.mjs`](node-typescript/example.cjs) targets JavaScript, "module" style   - from TypeScript `^3.8 || ^4 || ^5`.
 * `web` showcases the usage in web browser JavaScript
-  * [`example.html`](web/example.html) targets any web-browser.
+  * [`src/index.js`](web/src/index.js) will be compiled, to that it can be embedded by  
+    [`dist/index.html`](web/dist/index.html) and run in any web browser.
 
 ## Data models
 

Diff for: examples/web/.gitignore

@@ -0,0 +1,8 @@
+*
+!/.gitignore
+!/package.json
+!/webpack.json
+!/src
+!/src/**
+!/dist
+!/dist/index.html

Diff for: examples/web/dist/index.html

@@ -0,0 +1,28 @@
+<!DOCTYPE html>
+<!--
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+-->
+<html lang="en">
+<head>
+  <title>example</title>
+</head>
+<body>
+  <script src="./main.js"></script>
+  <p>see JavaScript Console output for result.</p>
+</body>
+</html>

Diff for: examples/web/example.html

@@ -0,0 +1,16 @@
+{
+  "private": true,
+  "name": "example",
+  "license": "Apache-2.0",
+  "dependencies": {
+    "@cyclonedx/cyclonedx-library": "file:../.."
+  },
+  "devDependencies": {
+    "webpack": "^5",
+    "webpack-cli": "^5"
+  },
+  "scripts": {
+    "build": "webpack build",
+    "example": "open index.html"
+  }
+}

Diff for: examples/web/package.json

@@ -0,0 +1,52 @@
+/*!
+This file is part of CycloneDX JavaScript Library.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+   http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+SPDX-License-Identifier: Apache-2.0
+Copyright (c) OWASP Foundation. All Rights Reserved.
+*/
+
+const CDX = require('@cyclonedx/cyclonedx-library')
+
+/** Example how to serialize a Bom to JSON / XML. */
+
+const lFac = new CDX.Factories.LicenseFactory()
+
+const bom = new CDX.Models.Bom()
+bom.metadata.component = new CDX.Models.Component(
+  CDX.Enums.ComponentType.Application,
+  'MyProject'
+)
+bom.metadata.component.licenses.add(lFac.makeFromString('MIT OR Apache-2.0'))
+
+const componentA = new CDX.Models.Component(
+  CDX.Enums.ComponentType.Library,
+  'myComponentA'
+)
+componentA.licenses.add(lFac.makeFromString('Apache-2.0'))
+
+bom.components.add(componentA)
+bom.metadata.component.dependencies.add(componentA.bomRef)
+
+const jsonSerializer = new CDX.Serialize.JsonSerializer(
+  new CDX.Serialize.JSON.Normalize.Factory(
+    CDX.Spec.Spec1dot4))
+const serializedJson = jsonSerializer.serialize(bom)
+console.log(serializedJson)
+
+const xmlSerializer = new CDX.Serialize.XmlSerializer(
+  new CDX.Serialize.XML.Normalize.Factory(
+    CDX.Spec.Spec1dot5))
+const serializedXML = xmlSerializer.serialize(bom)
+console.log(serializedXML)

Diff for: examples/web/src/index.js

@@ -96,7 +96,8 @@
     "typedoc-plugin-missing-exports": "^2.0.0",
     "typescript": "5.1.6",
     "webpack": "5.88.1",
-    "webpack-cli": "5.1.4"
+    "webpack-cli": "5.1.4",
+    "webpack-node-externals": "^3.0.0"
   },
   "browser": "./dist.web/lib.js",
   "types": "./dist.d/index.node.d.ts",

Diff for: package-lock.json

@@ -19,6 +19,7 @@ Copyright (c) OWASP Foundation. All Rights Reserved.
 
 const path = require('path')
 const deepmerge = require('deepmerge')
+const nodeExternals = require('webpack-node-externals')
 
 /* eslint-disable jsdoc/valid-types */
 
@@ -55,13 +56,8 @@ const configBase = {
       type: 'umd'
     }
   },
-  externals: {
-    ajv: 'ajv',
-    'ajv-formats': 'ajv-formats',
-    'ajv-formats-draft2019': 'ajv-formats-draft2019',
-    'packageurl-js': 'packageurl-js',
-    'spdx-expression-parse': 'spdx-expression-parse'
-  }
+  externalsPresets: { node: true },
+  externals: [nodeExternals()]
 }
 
 module.exports = [