github · lseppala · Jun 8, 2022 · Jun 8, 2022
@@ -2,9 +2,11 @@
 
 `@github/dependency-submission-toolkit` is a TypeScript library for
 creating dependency snapshots and submitting them to the dependency
-submission API. Snapshots are a set of dependencies grouped by manifest
-with some related metadata. A manifest can be a physical file or a more abstract representation of a dependency grouping (such as a docker image id). After submission to the API, the included
-dependencies appear in the repository's [dependency
+submission API. Snapshots are a set of dependencies grouped by manifest with
+some related metadata. A manifest can be a physical file or a more abstract
+representation of a dependency grouping (such the processing of program
+outputs). After submission to the API, the included dependencies appear in the
+repository's [dependency
 graph](https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/about-the-dependency-graph).
 
 ## Usage

@@ -10002,14 +10002,12 @@ exports.main = main;
 "use strict";
 
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.submitSnapshot = exports.Snapshot = exports.Package = exports.Metadata = exports.PackageCache = exports.Manifest = exports.BuildTarget = void 0;
+exports.submitSnapshot = exports.Snapshot = exports.Package = exports.PackageCache = exports.Manifest = exports.BuildTarget = void 0;
 const package_cache_1 = __nccwpck_require__(833);
 Object.defineProperty(exports, "PackageCache", ({ enumerable: true, get: function () { return package_cache_1.PackageCache; } }));
 const manifest_1 = __nccwpck_require__(4786);
 Object.defineProperty(exports, "Manifest", ({ enumerable: true, get: function () { return manifest_1.Manifest; } }));
 Object.defineProperty(exports, "BuildTarget", ({ enumerable: true, get: function () { return manifest_1.BuildTarget; } }));
-const metadata_1 = __nccwpck_require__(5439);
-Object.defineProperty(exports, "Metadata", ({ enumerable: true, get: function () { return metadata_1.Metadata; } }));
 const package_1 = __nccwpck_require__(4715);
 Object.defineProperty(exports, "Package", ({ enumerable: true, get: function () { return package_1.Package; } }));
 const snapshot_1 = __nccwpck_require__(7794);
@@ -10062,13 +10060,12 @@ class Dependency {
  * Manifest defines the dependencies and the relationships of those dependencies.
  */
 class Manifest {
-    constructor(name, filePath, metadata) {
+    constructor(name, filePath) {
         this.resolved = {};
         this.name = name;
         if (filePath) {
             this.file = { source_location: filePath };
         }
-        this.metadata = metadata;
     }
     /**
      * addIndirectDependency adds a package as an indirect dependency to the
@@ -10162,50 +10159,6 @@ class BuildTarget extends Manifest {
 exports.BuildTarget = BuildTarget;
 
 
-/***/ }),
-
-/***/ 5439:
-/***/ ((__unused_webpack_module, exports) => {
-
-"use strict";
-
-Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.Metadata = exports.MAX_METADATA_SIZE = void 0;
-exports.MAX_METADATA_SIZE = 8;
-/**
- * Metadata provides a means of associating additional metadata with a
- * Dependency, Manifest, or Snapshot. Metadata are simple key-value pairs.
- *
- * @extends {Map<string, Scalar>}
- */
-class Metadata extends Map {
-    /**
-     * Set a metadata key-value pair. Note that a maximum of 8 metadata key-value
-     * pairs may be set.
-     *
-     * @param {string} key
-     * @param {Scalar} value
-     * @returns {this}
-     */
-    set(key, value) {
-        if (this.size === exports.MAX_METADATA_SIZE) {
-            throw new Error(`Maximum size of Metadata exceeded. Only ${exports.MAX_METADATA_SIZE} key-value pairs may be specified`);
-        }
-        super.set(key, value);
-        return this;
-    }
-    /**
-     * Metadata has a custom toJSON serializer
-     *
-     * @returns {object}
-     */
-    toJSON() {
-        return Object.fromEntries(this.entries());
-    }
-}
-exports.Metadata = Metadata;
-
-
 /***/ }),
 
 /***/ 833:
@@ -10453,13 +10406,11 @@ class Snapshot {
      * @param {Detector} detector
      * @param {Context} context
      * @param {Job} job
-     * @param {Metadata} metadata
      * @param {Date} date
      * @param {number} version
      */
-    constructor(detector, context = github.context, job, metadata, date = new Date(), version = 0) {
+    constructor(detector, context = github.context, job, date = new Date(), version = 0) {
         this.detector = detector;
-        this.metadata = metadata;
         this.version = version;
         this.job = job || jobFromContext(context);
         this.sha = context.sha;

@@ -1,14 +1,12 @@
 import { PackageCache } from './package-cache'
 import { Manifest, BuildTarget } from './manifest'
-import { Metadata } from './metadata'
 import { Package } from './package'
 import { Snapshot, submitSnapshot } from './snapshot'
 
 export {
   BuildTarget,
   Manifest,
   PackageCache,
-  Metadata,
   Package,
   Snapshot,
   submitSnapshot

@@ -1,6 +1,5 @@
 import { Manifest } from './manifest'
 import { PackageCache } from './package-cache'
-import { Metadata } from './metadata'
 
 const cache = new PackageCache()
 cache
@@ -13,11 +12,7 @@ function roundTripJSON(obj: any): object {
 
 describe('Manifest', () => {
   it('renders expected JSON', () => {
-    const manifest = new Manifest(
-      'test',
-      './some/test',
-      new Metadata().set('hello', 'world')
-    )
+    const manifest = new Manifest('test', './some/test')
     manifest.addDirectDependency(
       cache.package('pkg:npm/%40github/[email protected]')
     )
@@ -28,9 +23,6 @@ describe('Manifest', () => {
       file: {
         source_location: './some/test'
       },
-      metadata: {
-        hello: 'world'
-      },
       name: 'test',
       resolved: {
         'pkg:npm/%40actions/[email protected]': {

@@ -1,7 +1,5 @@
 import { Package } from './package'
 
-import { Metadata } from './metadata'
-
 /**
  * FileInfo specifies where the manifest or build-target are specified in the repository.
  */
@@ -82,15 +80,13 @@ export class Manifest {
   resolved: Record<string, Dependency>
   name: string
   file?: FileInfo
-  metadata?: Metadata
 
-  constructor(name: string, filePath?: string, metadata?: Metadata) {
+  constructor(name: string, filePath?: string) {
     this.resolved = {}
     this.name = name
     if (filePath) {
       this.file = { source_location: filePath }
     }
-    this.metadata = metadata
   }
 
   /**

@@ -2,7 +2,6 @@ import { context } from '@actions/github'
 
 import { Manifest } from './manifest'
 import { PackageCache } from './package-cache'
-import { Metadata } from './metadata'
 import { Snapshot } from './snapshot'
 
 function roundTripJSON(obj: any): object {
@@ -14,11 +13,7 @@ cache
   .package('pkg:npm/%40github/[email protected]')
   .dependsOn(cache.package('pkg:npm/%40actions/[email protected]'))
 
-const manifest = new Manifest(
-  'test',
-  './some/test',
-  new Metadata().set('hello', 'world')
-)
+const manifest = new Manifest('test', './some/test')
 manifest.addDirectDependency(
   cache.package('pkg:npm/%40github/[email protected]')
 )
@@ -38,7 +33,6 @@ describe('Snapshot', () => {
       },
       context,
       { id: 42, correlator: 'test' },
-      new Metadata().set('hello', 'snapshot'),
       new Date('2022-06-04T05:07:06.457Z')
     )
     snapshot.addManifest(manifest)
@@ -48,9 +42,6 @@ describe('Snapshot', () => {
         url: 'https://github.com/github/dependency-submission-toolkit',
         version: '0.0.1'
       },
-      metadata: {
-        hello: 'snapshot'
-      },
       version: 0,
       job: {
         id: 42,
@@ -77,9 +68,6 @@ describe('Snapshot', () => {
           name: 'test',
           file: {
             source_location: './some/test'
-          },
-          metadata: {
-            hello: 'world'
           }
         }
       }

@@ -5,7 +5,6 @@ import { Octokit } from '@octokit/rest'
 import { RequestError } from '@octokit/request-error'
 
 import { Manifest } from './manifest'
-import { Metadata } from './metadata'
 
 /*
 Core functionality for creating a snapshot of a project's dependencies.
@@ -85,31 +84,24 @@ export class Snapshot {
    * @type {Detector}
    */
   detector: Detector
-  /**
-   * @type {Metadata}
-   */
-  metadata?: Metadata
 
   /**
    * All construor parameters of a Snapshot are optional, but can be specified for specific overrides
    *
    * @param {Detector} detector
    * @param {Context} context
    * @param {Job} job
-   * @param {Metadata} metadata
    * @param {Date} date
    * @param {number} version
    */
   constructor(
     detector: Detector,
     context: Context = github.context,
     job?: Job,
-    metadata?: Metadata,
     date: Date = new Date(),
     version: number = 0
   ) {
     this.detector = detector
-    this.metadata = metadata
     this.version = version
     this.job = job || jobFromContext(context)
     this.sha = context.sha