pnpm
Replies: 3 comments
-
|
I also would be very interested in SBOMs for pnpm this is an important feature of npm |
Beta Was this translation helpful? Give feedback.
-
|
Adding a bit more context and linking this with an existing feature request. There is already an open feature request for built-in SBOM generation:
That issue includes:
At this point, SBOM generation is no longer a "nice to have":
It feels like the missing piece is not demand, but:
If maintainers or contributors are interested in reviewing or co-owning this effort, #9088 seems like the right place to coordinate implementation. I'm happy to help with testing or validation from a real CI / SCA pipeline perspective. |
Beta Was this translation helpful? Give feedback.
-
|
This is being released in an upcoming version :) |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Description:
Hi pnpm team,
I'd like to inquire about potential plans for Software Bill of Materials (SBOM) support in pnpm. Many package managers, including npm with its
npm sbomcommand, now provide capabilities to generate SPDX or CycloneDX reports - crucial tools for managing supply chain security, vulnerability assessments, and compliance requirements.Given the growing significance of SBOM in the software development ecosystem, I'm particularly interested in learning about:
npm sbom)Looking forward to your insights on this topic. Thank you for maintaining such an excellent package manager! 🚀
Beta Was this translation helpful? Give feedback.
All reactions