SocketDev · pvdz · May 19, 2025 · May 19, 2025 · May 19, 2025 · May 19, 2025
diff --git a/src/cli.mts b/src/cli.mts
@@ -10,7 +10,6 @@ import { logger } from '@socketsecurity/registry/lib/logger'
 
 import { cmdAnalytics } from './commands/analytics/cmd-analytics.mts'
 import { cmdAuditLog } from './commands/audit-log/cmd-audit-log.mts'
-import { cmdCdxgen } from './commands/cdxgen/cmd-cdxgen.mts'
 import { cmdCI } from './commands/ci/cmd-ci.mts'
 import { cmdConfig } from './commands/config/cmd-config.mts'
 import { cmdScanCreate } from './commands/dependencies/cmd-dependencies.mts'
@@ -56,7 +55,6 @@ void (async () => {
   try {
     await meowWithSubcommands(
       {
-        cdxgen: cmdCdxgen,
         ci: cmdCI,
         config: cmdConfig,
         fix: cmdFix,

diff --git a/src/commands/cdxgen/cmd-cdxgen.mts → ...commands/manifest/cmd-manifest-cdxgen.mts b/src/commands/cdxgen/cmd-cdxgen.mts → ...commands/manifest/cmd-manifest-cdxgen.mts
@@ -226,7 +226,7 @@ const config: CliCommandConfig = {
   help: () => '',
 }
 
-export const cmdCdxgen = {
+export const cmdManifestCdxgen = {
   description: config.description,
   hidden: config.hidden,
   run,

diff --git a/src/commands/cdxgen/cmd-cdxgen.test.mts → ...nds/manifest/cmd-manifest-cdxgen.test.mts b/src/commands/cdxgen/cmd-cdxgen.test.mts → ...nds/manifest/cmd-manifest-cdxgen.test.mts
@@ -2,22 +2,25 @@ import path from 'node:path'
 
 import { describe, expect } from 'vitest'
 
-import constants from '../../../src/constants.mts'
 import { cmdit, invokeNpm } from '../../../test/utils.mts'
+import constants from '../../constants.mts'
 
 const { CLI } = constants
 
-describe('socket cdxgen', async () => {
+describe('socket manifest cdxgen', async () => {
   // Lazily access constants.rootBinPath.
   const entryPath = path.join(constants.rootBinPath, `${CLI}.js`)
 
-  cmdit(['cdxgen', '--help'], 'should support --help', async cmd => {
-    const { code, stderr, stdout } = await invokeNpm(entryPath, cmd, {
-      // Need to pass it on as env because --config will break cdxgen
-      SOCKET_CLI_CONFIG: '{}',
-    })
-    expect(stdout).toMatchInlineSnapshot(
-      `
+  cmdit(
+    ['manifest', 'cdxgen', '--help'],
+    'should support --help',
+    async cmd => {
+      const { code, stderr, stdout } = await invokeNpm(entryPath, cmd, {
+        // Need to pass it on as env because --config will break cdxgen
+        SOCKET_CLI_CONFIG: '{}',
+      })
+      expect(stdout).toMatchInlineSnapshot(
+        `
       "cdxgen [command]
 
       Commands:
@@ -74,19 +77,22 @@ describe('socket cdxgen', async () => {
 
       for documentation, visit https://cyclonedx.github.io/cdxgen"
     `,
-    )
-    expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
+      )
+      expect(`\n   ${stderr}`).toMatchInlineSnapshot(`
       "
          _____         _       _        /---------------
         |   __|___ ___| |_ ___| |_      | Socket.dev CLI ver <redacted>
         |__   | * |  _| '_| -_|  _|     | Node: <redacted>, API token set: <redacted>
-        |_____|___|___|_,_|___|_|.dev   | Command: \`socket cdxgen\`, cwd: <redacted>"
+        |_____|___|___|_,_|___|_|.dev   | Command: \`socket manifest cdxgen\`, cwd: <redacted>"
     `)
 
-    // expect(code, 'explicit help should exit with code 0').toBe(0)
-    expect(code, 'help should exit with code 2').toBe(0) // cdxgen special case
-    expect(stderr, 'banner includes base command').toContain('`socket cdxgen`')
-  })
+      // expect(code, 'explicit help should exit with code 0').toBe(0)
+      expect(code, 'help should exit with code 2').toBe(0) // cdxgen special case
+      expect(stderr, 'banner includes base command').toContain(
+        '`socket manifest cdxgen`',
+      )
+    },
+  )
 
   // cdxgen does not support --dry-run
   // cmdit(

diff --git a/src/commands/manifest/cmd-manifest.mts b/src/commands/manifest/cmd-manifest.mts
@@ -1,4 +1,5 @@
 import { cmdManifestAuto } from './cmd-manifest-auto.mts'
+import { cmdManifestCdxgen } from './cmd-manifest-cdxgen.mts'
 import { cmdManifestConda } from './cmd-manifest-conda.mts'
 import { cmdManifestGradle } from './cmd-manifest-gradle.mts'
 import { cmdManifestKotlin } from './cmd-manifest-kotlin.mts'
@@ -58,6 +59,7 @@ async function run(
   await meowWithSubcommands(
     {
       auto: cmdManifestAuto,
+      cdxgen: cmdManifestCdxgen,
       conda: cmdManifestConda,
       scala: cmdManifestScala,
       gradle: cmdManifestGradle,

diff --git a/src/commands/manifest/cmd-manifest.test.mts b/src/commands/manifest/cmd-manifest.test.mts
@@ -25,6 +25,7 @@ describe('socket manifest', async () => {
 
           Commands
             auto              Auto-detect build and attempt to generate manifest file
+            cdxgen            Create an SBOM with CycloneDX generator (cdxgen)
             conda             [beta] Convert a Conda environment.yml file to a python requirements.txt
             gradle            [beta] Use Gradle to generate a manifest file (\`pom.xml\`) for a Gradle/Java/Kotlin/etc project
             kotlin            [beta] Use Gradle to generate a manifest file (\`pom.xml\`) for a Kotlin project

diff --git a/src/commands/cdxgen/run-cdxgen.mts → src/commands/manifest/run-cdxgen.mts b/src/commands/cdxgen/run-cdxgen.mts → src/commands/manifest/run-cdxgen.mts
diff --git a/test/socket-cdxgen.test.mts b/test/socket-cdxgen.test.mts
@@ -28,7 +28,7 @@ const spawnOpts: PromiseSpawnOptions = {
   },
 }
 
-describe('Socket cdxgen command', async () => {
+describe('Socket manifest cdxgen command', async () => {
   // Lazily access constants.rootBinPath.
   const entryPath = path.join(constants.rootBinPath, `${CLI}.js`)
 
@@ -44,7 +44,7 @@ describe('Socket cdxgen command', async () => {
         const ret = await spawn(
           // Lazily access constants.execPath.
           constants.execPath,
-          [entryPath, 'cdxgen', '--yes', command],
+          [entryPath, 'manifest', 'cdxgen', '--yes', command],
           spawnOpts,
         )
         expect(
@@ -75,7 +75,7 @@ describe('Socket cdxgen command', async () => {
           spawn(
             // Lazily access constants.execPath.
             constants.execPath,
-            [entryPath, 'cdxgen', '-y', command],
+            [entryPath, 'manifest', 'cdxgen', '-y', command],
             spawnOpts,
           ),
         // @ts-ignore toHaveStderrInclude is defined above
@@ -91,7 +91,7 @@ describe('Socket cdxgen command', async () => {
           spawn(
             // Lazily access constants.execPath.
             constants.execPath,
-            [entryPath, 'cdxgen', '--yes', command],
+            [entryPath, 'manifest', 'cdxgen', '--yes', command],
             spawnOpts,
           ),
         // @ts-ignore toHaveStderrInclude is defined above
@@ -106,7 +106,7 @@ describe('Socket cdxgen command', async () => {
           spawn(
             // Lazily access constants.execPath.
             constants.execPath,
-            [entryPath, 'cdxgen', '-y', '-u', '-h', '--unknown'],
+            [entryPath, 'manifest', 'cdxgen', '-y', '-u', '-h', '--unknown'],
             spawnOpts,
           ),
         // @ts-ignore toHaveStderrInclude is defined above