CycloneDX/cdxgen

[gpt] Non-working prompts (thread)

Opened this issue · 2 comments

prabhu commented

Got any prompts that didn’t hit the mark? Drop ’em here—and if you’ve got the SBOM, even better!

prabhu commented

Explaining error messages

As mentioned here, the gpt doesn't do a good job of explaining error messages yet.

Prompt

I am getting the below error

Unable to parse package-lock.json without legacy peer dependencies. Retrying ...
Unable to parse package-lock.json in legacy and non-legacy mode. The resulting SBOM would be incomplete.

What should I do?

Output

Image

Analysis

Perhaps, cdxgen could use some error codes for messages like these, with a document containing some workarounds.

cdxgen/lib/helpers/utils.js

Line 1326 in bc98665

`Unable to parse ${pkgLockFile} without legacy peer dependencies. Retrying ...`,

cdxgen/lib/helpers/utils.js

Line 1336 in bc98665

`Unable to parse ${pkgLockFile} in legacy and non-legacy mode. The resulting SBOM would be incomplete.`,

prabhu commented

cdxgenGPT is not detecting the "uv" package manager, despite my attempts to improve the knowledge file with explicit instructions. It always looks at the purl and makes a wild guess :(