-
-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Deserializer/Denormalizer #86
Comments
Pull requests are welcome. Having a Denormalizer would be the first step, don't you think? A denormalizer should be implemented in a file PS: do not use the types from normalizer for the job of denormalization, as long as you cannot assert them. |
We could, but I can't promise how fast it will be done, as we're quite busy and approaching holidays - but it makes sense to put it into this lib.
Maybe :) I didn't study it to close. What is the concept behind Denormalizer/Normalizer? |
Data models do not provide logic for de/normalization, de/serialization , conversion etc. These tasks are done by others. A JSON-normalizer, for example, converts CycloneDX data models into these structures that a JSON-serializer could use. And that JSON-serializer will transform these structures into a string, does beautification, etc ... A Normalizer transforms data models to data structures that conform to the JSON-/XML-spec of CycloneDX. JSON is easy, it is a first-class-citizen of JavaScript. The thing with the data models is, that they are near the JSON-/XML-data-structures, but they differ for obvious reasons. |
Regarding implementationFirst, don't rely the denormalizer on the data structures defined for normalizing. preamble: the deserializers should be as forgiving as possible. dont abort deserializations, if optional values are unexpected. An idea i had:
example test data: {
"bomFormat": "CycloneDX",
"specVersion": "1.4",
"externalReferences": null,
"metadata": {
"authors": [
"me",
{
"email": "hans@mail.com",
"foobar": "bazz"
}
]
}
} results in:
|
📣 please read before implementing! Do not simply start implementing, or drop a PullRequest out of nowhere. Most importantly: embrace the change. No reason to keep this library as it is. here are critical remarks from previous implementation attempts, that should be followed:
|
Any progress on this one? Last attempt with #506 seems to be hanging after code review. Do you know if anyone is working on it? |
This is a community project. I am not aware of anybody championing or working this feature. |
Sure it is, and it is generating invaluable tools for the community.
Since, you requested people to show up and ask for some guidance, I was hoping that someone may have done it and already started working on this and did not want to step on anyone's feet but it seems like the previous PR has been sitting there about a year. I'd be happy to chip in if you want to give some guidance (if you've much more to add on top of the comments and notes from #506). |
@hakandilek sure. I will ping you in the CycloneDX community slack. |
It would be great to provide a factory/deserializer, in order to provide a
cdx.Models.Bom
from an inputstream of json.returns a "halfbaked" model, where calls to
will raise
The text was updated successfully, but these errors were encountered: