prep demo

jkowalleck · jkowalleck · commit 2983707e1238 · 2022-11-12T16:05:21.000+01:00
Signed-off-by: Jan Kowalleck &lt;jan.kowalleck@gmail.com&gt;
diff --git a/HISTORY.md b/HISTORY.md
@@ -9,10 +9,9 @@ All notable changes to this project will be documented in this file.
 * Misc
   * Added test for flattened results (via [#312])
 
-[#312]: https://github.com/CycloneDX/cyclonedx-node-npm/pull/312
-
 [#306]: https://github.com/CycloneDX/cyclonedx-node-npm/issues/306
 [#309]: https://github.com/CycloneDX/cyclonedx-node-npm/pull/309
+[#312]: https://github.com/CycloneDX/cyclonedx-node-npm/pull/312
 
 ## 1.6.0 - 2022-11-12
 
diff --git a/README.md b/README.md
@@ -83,9 +83,10 @@ Options:
                             (can be set multiple times)
                             (choices: "dev", "optional", "peer", default: "dev" if the NODE_ENV environment variable is set to "production", otherwise empty)
   --flatten-components      Whether to flatten the components.
-                            Enabling this feature means the actual nesting of node packages is not represented in the SBOM result.
+                            Enabling this feature means the actual nesting of node packages is not represented in the SBOM result, which causes a massive information loss.
                             (default: false)
   --deduplicate-components  Whether to artificially de-duplicate the node packages.
+                            Enabling this feature means the actual multiple/parallel installed instances of a packages are displayed as one component, which causes a massive information loss.
                             Enabling this feature implies option "--flatten-components=true"
                             (default: false)
   --short-PURLs             Omit all qualifiers from PackageURLs.
diff --git a/demo/gen-boms.sh b/demo/gen-boms.sh
@@ -39,6 +39,16 @@ do
       --output-format "$format" \
       --output-file "$result_dir/flat/bom.$spec.$format" \
       "$package"
+
+      echo ">>> $result_dir $spec $format deduplicated"
+      mkdir -p "$result_dir/deduplicated"
+      node -- "$BIN_CDX_N" \
+      --deduplicate-components \
+      --spec-version "$spec" \
+      --output-reproducible \
+      --output-format "$format" \
+      --output-file "$result_dir/deduplicated/bom.$spec.$format" \
+      "$package"
     done
   done
 done
diff --git a/src/cli.ts b/src/cli.ts
@@ -87,12 +87,13 @@ function makeCommand (process: NodeJS.Process): Command {
     new Option(
       '--flatten-components',
       'Whether to flatten the components.\n' +
-      'Enabling this feature means the actual nesting of node packages is not represented in the SBOM result.'
+      'Enabling this feature means the actual nesting of node packages is not represented in the SBOM result, which causes a massive information loss.'
     ).default(false)
   ).addOption(
     new Option(
       '--deduplicate-components',
       'Whether to artificially de-duplicate the node packages.\n' +
+      'Enabling this feature means the actual multiple/parallel installed instances of a packages are displayed as one component, which causes a massive information loss.\n' +
       'Enabling this feature implies option "--flatten-components=true"'
     ).default(false)
   ).addOption(
