CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

tessl/npm-libnpmorg

tessl install tessl/npm-libnpmorg@8.0.0

Programmatic API for managing npm organization memberships and roles

Agent Success

Agent success rate when using this tile

74%

Improvement

Agent success rate improvement when using this tile compared to baseline

0.97x

Baseline

Agent success rate without this tile

76%

task.mdevals/scenario-4/

SBOM Export Helper

Build a small CLI helper that exports a Software Bill of Materials for a Node.js project using the npm toolchain. The helper must allow callers to choose the SBOM format, scope to specific workspaces, and control dependency omission and lockfile-only behavior.

Capabilities

Format-specific export

  • With format "cyclonedx" and an output path provided, the helper writes the generated SBOM JSON to that path and the saved document includes CycloneDX format metadata (for example a bomFormat field set to CycloneDX). @test
  • If a caller requests any format other than "cyclonedx" or "spdx", the helper rejects with a clear error that lists the allowed formats. @test

Workspace scoping

  • When provided a single workspace name, the helper generates an SBOM limited to that workspace's dependencies and excludes packages that belong solely to other workspaces or the repo root. @test
  • With no workspace selection supplied, the helper produces an SBOM that covers the entire project while still respecting omit filters. @test

Omit and lockfile modes

  • When the caller requests dev dependency omission, the helper uses the BOM generator's omit option so dev-only packages are absent from the resulting document. @test
  • Enabling lockfile-only mode fails fast with a clear error if no package-lock or shrinkwrap file exists in the target directory. @test

Implementation

@generates

API

/**
 * Generates a Software Bill of Materials for a project using the npm CLI.
 *
 * @param {Object} options
 * @param {'cyclonedx'|'spdx'} options.format - Required output format.
 * @param {string} options.outputPath - Absolute or relative path where the SBOM JSON will be written.
 * @param {string[]} [options.workspaces] - Optional workspace names to scope the SBOM; empty/undefined targets the whole project.
 * @param {('dev'|'optional'|'peer')} [options.omit] - Optional omit class to filter dependencies.
 * @param {boolean} [options.lockfileOnly] - Whether to rely on the lockfile/virtual tree; error if missing.
 * @param {string} [options.cwd] - Directory to run in; defaults to process.cwd().
 * @returns {Promise<{ outputPath: string, format: 'cyclonedx'|'spdx' }>}
 */
export async function generateSbom(options)

Dependencies { .dependencies }

npm CLI { .dependency }

Used to invoke the SBOM generator with format selection, workspace scoping, omit filters, and lockfile-only mode. @satisfied-by

Version

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
npmpkg:npm/libnpmorg@8.0.x

evals

scenario-4

rubric.jsontask.md
tile.json