XML serialization fails if not running extracted package #1017
Description
Follow-up to CycloneDX/cyclonedx-node-yarn#13 (comment)
XML serializer is not found unless this library is extracted in the file system. Result is failing XML serialization for example when this library is bundled or the package manager uses a linker that does not create the node_modules folder.
Discussion from referenced issue follows:
CycloneDX's XML serializer cannot find its xmlbuilder2 dependency, at least when bundled as Yarn plugin.
I checked this again and the problem is that the bundler cannot process the
requirebecause it does not contain a constant. You could change https://github.com/CycloneDX/cyclonedx-javascript-library/blob/main/libs/universal-node-xml/index.js#L36 fromconst possibleStringifier = require(`./stringifiers/${file}`)to
const possibleStringifier = require(`./stringifiers/xmlbuilder2`)This defeats the idea of having the list of potential serializers in the
possibleStringifiersarray but as it only has 1 hard-coded option for now, making the change is an option.Alternatively, if you want to retain the listing, you could have
requirecalls containing constants but wrap them in functions. Then iterate over this structure and calls the functions to test for presence of serializers.const possibleStringifiers = [ // prioritized list of possible implementations ['xmlbuilder2', () => require(`./stringifiers/xmlbuilder2`)] ] ... for (const [serializerName, loaderFunc] of possibleStringifiers) { try { const possibleStringifier = loaderFunc() ....