"--omit dev" created a lot of "DummyComponent.InterferedDependency..." entries in the BOM #254
Description
When I'm using the "--omit dev" parameter then I got a lot of entries with the prefix "DummyComponent.InterferedDependency."
I'm using "@cyclonedx/cyclonedx-npm" version 1.2.0 as dev dependency. And it seems this is also in the BOM which I didn't expected.
{
"ref": "DummyComponent.InterferedDependency.@cyclonedx/cyclonedx-npm",
"dependsOn": [
"DummyComponent.InterferedDependency.@cyclonedx/cyclonedx-library",
"DummyComponent.InterferedDependency.@cyclonedx/cyclonedx-npm|DummyComponent.InterferedDependency.commander",
"DummyComponent.InterferedDependency.xmlbuilder2"
]
},
{
"ref": "DummyComponent.InterferedDependency.@cyclonedx/cyclonedx-npm|DummyComponent.InterferedDependency.commander"
},
{
"ref": "DummyComponent.InterferedDependency.@cyclonedx/cyclonedx-library",
"dependsOn": [
"DummyComponent.InterferedDependency.packageurl-js",
"DummyComponent.InterferedDependency.xmlbuilder2"
]
},
...
To Reproduce
Snippet from my package.json with to internal dependencies removed.
"devDependencies": {
"@cyclonedx/cyclonedx-npm": "^1.2.0",
"css-loader": "^6.7.1",
"cypress": "^10.10.0",
"cypress-intellij-reporter": "^0.0.7",
"eslint": "8.26.0",
"eslint-plugin-cypress": "^2.12.1",
"eslint-plugin-mocha": "^10.1.0",
"eslint-plugin-node": "^11.1.0",
"eslint-plugin-no-only-tests": "^3.1.0",
"file-loader": "^6.2.0",
"style-loader": "^3.3.1",
"webpack": "^5.74.0",
"webpack-cli": "^4.10.0",
"webpack-merge": "^5.8.0"
},
"dependencies": {
"@amcharts/amcharts4": "^4.10.29",
"ace-builds": "^1.12.3",
"ace-diff": "^3.0.3",
"ajv": "^8.11.0",
"ajv-formats": "^2.1.1",
"dompurify": "^2.4.0",
"froala-editor": "^4.0.15",
"json-source-map": "^0.6.1",
"vkbeautify": "^0.99.3"
},
Expected behavior
No dummy entries and no dev dependencies.
Environment
npm - 8.5.1
node - v17.6.0
macOS 12.6