List view
- No due date•10/10 issues closed
***PLEASE READ THE FOLLOWING WHOLE DESCRIPTION FIRST*** ----- caused by https://owasp.slack.com/archives/C6R3R32H4/p1667674523556749 caused by https://github.com/CycloneDX/cyclonedx-node-npm/discussions/233 ---- **NodeJS's module system is file-system based.** It works regardless of package dependencies, When code in module "foo" tries to use/require/access code from a different module "bar", then node will look in "foo";s own/direct "node_module" folder (depth 1). if it did not find any "bar" there, then node traverses all folders upwards and does the same lookup there, until it finds any "bar". Lets see the following simple file trees * ```text my-app |- node_modules |- foo |- bar ``` * ```text my-app |- node_modules |- foo |- node_modules |- bar ``` * ```text my-app |- node_modules |- bar |- node_modules |- foo ``` what about a situation where "bar" is installed multiple times? * ```text my-app |- node_modules |- bar |- foo |- node_modules |- bar ``` **This is the problem to be solved:** how can this "bar" be de-duplicated in the SBOM? is it possible at all? lets discuss and evaluate via https://github.com/CycloneDX/cyclonedx-node-npm/discussions/307
No due date•2/5 issues closed