LinuxCommandLibrary

npm-sbom

generates Software Bill of Materials

TLDR

Generate SBOM

$ npm sbom
copy
SPDX format
$ npm sbom --sbom-format spdx
copy
CycloneDX format
$ npm sbom --sbom-format cyclonedx
copy
Output to file
$ npm sbom > [sbom.json]
copy
Include dev deps
$ npm sbom --omit dev
copy

SYNOPSIS

npm sbom [options]

DESCRIPTION

npm sbom generates Software Bill of Materials. Lists all dependencies.
The command creates SBOM document. Supports SPDX and CycloneDX formats.

PARAMETERS

--sbom-format FORMAT

Output format (spdx, cyclonedx).
--omit TYPE
Omit dependency type.
--help
Display help information.

CAVEATS

Added in npm 9. Supply chain security. Multiple formats supported.

HISTORY

npm sbom was added to support software supply chain security initiatives.

SEE ALSO

npm(1), npm-audit(1), npm-ls(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community