revisit option descriptions

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>

README.md

@@ -57,13 +57,21 @@ $ yarn CycloneDX make-sbom
 
 ━━━ Options ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
-  --spec-version #0      Which version of CycloneDX to use. (choices: "1.2", "1.3", "1.4", "1.5", default: "1.5")
-  --output-format #0     Which output format to use. (choices: "JSON", "XML", default: "JSON")
-  --output-file #0       Path to the output file. Set to "-" to write to STDOUT (default: write to STDOUT)
-  --production,--prod    Exclude development dependencies. (default: true if the NODE_ENV environment variable is set to "production", otherwise false)
-  --mc-type #0           Type of the main component. (choices: "application", "framework", "library", "container", "platform", "device-driver", default: "application")
-  --licenses             Include license information for components in generated SBOM. License information will always be absent for components that don't specify licenses unambiguously.
-  --reproducible         Whether to go the extra mile and make the output reproducible. This might result in loss of time- and random-based values.
+  --spec-version #0      Which version of CycloneDX to use.
+                         (choices: "1.2", "1.3", "1.4", "1.5", default: "1.5")
+  --output-format #0     Which output format to use.
+                         (choices: "JSON", "XML", default: "JSON")
+  --output-file #0       Path to the output file.
+                         Set to "-" to write to STDOUT.
+                         (default: write to STDOUT)
+  --production,--prod    Exclude development dependencies.
+                         (default: true if the NODE_ENV environment variable is set to "production", otherwise false)
+  --mc-type #0           Type of the main component.
+                         (choices: "application", "framework", "library", "container", "platform", "device-driver", default: "application")
+  --licenses             Include license information for components in generated SBOM.
+                         License information will always be absent for components that don't specify licenses unambiguously.
+  --reproducible         Whether to go the extra mile and make the output reproducible.
+                         This might result in loss of time- and random-based values.
 
 ━━━ Details ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 

sources/index.ts

@@ -43,6 +43,7 @@ class SBOMCommand extends BaseCommand {
     details: 'Recursively scan workspace dependencies and emits them as Software-Bill-of-Materials(SBOM) in CycloneDX format.',
   });
 
+  // @TODO limit to all supported versions - not hardcoded
   specVersion = Option.String("--spec-version", {
     description: 'Which version of CycloneDX to use.\n(choices: "1.2", "1.3", "1.4", "1.5", default: "1.5")',
   });
@@ -52,7 +53,7 @@ class SBOMCommand extends BaseCommand {
   });
 
   outputFile = Option.String(`--output-file`, {
-    description: `Path to the output file.\nSet to "-" to write to STDOUT\n(default: write to STDOUT)`,
+    description: `Path to the output file.\nSet to "-" to write to STDOUT.\n(default: write to STDOUT)`,
   });
 
   /* mimic option from yarn.
@@ -63,6 +64,7 @@ class SBOMCommand extends BaseCommand {
     description: 'Exclude development dependencies.\n(default: true if the NODE_ENV environment variable is set to "production", otherwise false)',
   });
 
+  // @TODO limit to hardcoded: "application", "firmware", "library"
   componentType = Option.String("--mc-type", {
     description: 'Type of the main component.\n(choices: "application", "framework", "library", "container", "platform", "device-driver", default: "application")',
   });