From 658780806230c76350323df29d26dcd116b2a7b7 Mon Sep 17 00:00:00 2001
From: Oliver Nocon <33484802+OliverNocon@users.noreply.github.com>
Date: Wed, 13 Dec 2023 18:36:59 +0100
Subject: [PATCH] fix(npm): don't publish sboms in npm package (#4692)

Co-authored-by: Anil Keshav <anil.keshav@sap.com>
---
 pkg/npm/publish.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkg/npm/publish.go b/pkg/npm/publish.go
index b522f9d6c..628729894 100644
--- a/pkg/npm/publish.go
+++ b/pkg/npm/publish.go
@@ -58,7 +58,6 @@ func (exec *Execute) publish(packageJSON, registry, username, password string, p
 	oldWorkingDirectory, err := exec.Utils.Getwd()
 
 	scope, err := exec.readPackageScope(packageJSON)
-
 	if err != nil {
 		return errors.Wrapf(err, "error reading package scope from %s", packageJSON)
 	}
@@ -82,6 +81,8 @@ func (exec *Execute) publish(packageJSON, registry, username, password string, p
 	// temporary installation folder used to install BOM to be ignored
 	log.Entry().Debug("adding tmp to npmignore")
 	npmignore.Add("tmp/")
+	log.Entry().Debug("adding sboms to npmignore")
+	npmignore.Add("**/bom*.xml")
 
 	npmrc := NewNPMRC(filepath.Dir(packageJSON))
 
@@ -206,7 +207,6 @@ func (exec *Execute) publish(packageJSON, registry, username, password string, p
 
 func (exec *Execute) readPackageScope(packageJSON string) (string, error) {
 	b, err := exec.Utils.FileRead(packageJSON)
-
 	if err != nil {
 		return "", err
 	}