From da9372f660f40c0574a99697ac20219c9f654a6d Mon Sep 17 00:00:00 2001
From: Jan Kowalleck <jan.kowalleck@gmail.com>
Date: Sat, 12 Nov 2022 09:51:32 +0100
Subject: [PATCH] prep demo

Signed-off-by: Jan Kowalleck <jan.kowalleck@gmail.com>
---
 README.md        |  3 ++-
 demo/gen-boms.sh | 10 ++++++++++
 src/cli.ts       |  3 ++-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 57935f088..1b285ff14 100644
--- a/README.md
+++ b/README.md
@@ -83,9 +83,10 @@ Options:
                             (can be set multiple times)
                             (choices: "dev", "optional", "peer", default: "dev" if the NODE_ENV environment variable is set to "production", otherwise empty)
   --flatten-components      Whether to flatten the components.
-                            Enabling this feature means the actual nesting of node packages is not represented in the SBOM result.
+                            Enabling this feature means the actual nesting of node packages is not represented in the SBOM result, which causes a massive information loss.
                             (default: false)
   --deduplicate-components  Whether to artificially de-duplicate the node packages.
+                            Enabling this feature means the actual multiple/parallel installed instances of a packages are displayed as one component, which causes a massive information loss.
                             Enabling this feature implies option "--flatten-components=true"
                             (default: false)
   --short-PURLs             Omit all qualifiers from PackageURLs.
diff --git a/demo/gen-boms.sh b/demo/gen-boms.sh
index cb5f8c73f..8d7718577 100755
--- a/demo/gen-boms.sh
+++ b/demo/gen-boms.sh
@@ -39,6 +39,16 @@ do
       --output-format "$format" \
       --output-file "$result_dir/flat/bom.$spec.$format" \
       "$package"
+
+      echo ">>> $result_dir $spec $format deduplicated"
+      mkdir -p "$result_dir/deduplicated"
+      node -- "$BIN_CDX_N" \
+      --deduplicate-components \
+      --spec-version "$spec" \
+      --output-reproducible \
+      --output-format "$format" \
+      --output-file "$result_dir/deduplicated/bom.$spec.$format" \
+      "$package"
     done
   done
 done
diff --git a/src/cli.ts b/src/cli.ts
index e698058fc..a4829f2df 100644
--- a/src/cli.ts
+++ b/src/cli.ts
@@ -87,12 +87,13 @@ function makeCommand (process: NodeJS.Process): Command {
     new Option(
       '--flatten-components',
       'Whether to flatten the components.\n' +
-      'Enabling this feature means the actual nesting of node packages is not represented in the SBOM result.'
+      'Enabling this feature means the actual nesting of node packages is not represented in the SBOM result, which causes a massive information loss.'
     ).default(false)
   ).addOption(
     new Option(
       '--deduplicate-components',
       'Whether to artificially de-duplicate the node packages.\n' +
+      'Enabling this feature means the actual multiple/parallel installed instances of a packages are displayed as one component, which causes a massive information loss.\n' +
       'Enabling this feature implies option "--flatten-components=true"'
     ).default(false)
   ).addOption(