CycloneDX SBOM for pnpm

February 25, 2026 ยท View on GitHub

shield_license
shield_website shield_slack shield_groups shield_twitter-follow

Create CycloneDX Software Bill of Materials (SBOM) from pnpm projects.

Note


This project has been abandoned because native CycloneDX SBOM generation is now supported directly in pnpm.
The capability was introduced following issue https://github.com/pnpm/pnpm/issues/9088 and merged in PR https://github.com/pnpm/pnpm/pull/10592.

Since the functionality now exists upstream, this repository is no longer necessary.

๐Ÿšง ๐Ÿ—๏ธ this project is in early development stage

See the projects issues, pull requests and milestones for the progress.

Development will happen in branch 1.0-dev.

Requirements

to be determined

  • node >= 18
  • pnpm in range 8 - 9

Internals

This tool utilizes the CycloneDX library to generate the actual data structures.

This tool does not expose any additional public API or classes - all code is intended to be internal and might change without any notice during version upgrades.

License

Permission to modify and redistribute is granted under the terms of the Apache 2.0 license.
See the LICENSE file for the full license.