chore: Reorder options by moving --package-lock-only to the top

molikuner · molikuner · commit 7f029632cf13 · 2026-03-25T11:31:17.000+01:00
Signed-off-by: Florian Schreiber &lt;florian.schreiber@free-now.com&gt;
diff --git a/README.md b/README.md
@@ -67,12 +67,12 @@ $ yarn cyclonedx
 
 ━━━ Options ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
 
+  --package-lock-only        Only use the yarn.lock file for dependency information.
+                             No network calls will be made.
   --production,--prod        Exclude development dependencies.
                              (default: true if the NODE_ENV environment variable is set to "production", otherwise false)
   --gather-license-texts     Search for license files in components and include them as license evidence.
                              This feature is experimental.
-  --package-lock-only        Only use the yarn.lock file for dependency information.
-                             No network calls will be made.
   --short-PURLs              Omit all qualifiers from PackageURLs.
                              This causes information loss in trade-off shorter PURLs, which might improve ingesting these strings.
   --sv,--spec-version #0     Which version of CycloneDX to use.
diff --git a/src/commands.ts b/src/commands.ts
@@ -76,6 +76,11 @@ export class MakeSbomCommand extends Command<CommandContext> {
     details: 'Recursively scan workspace dependencies and emits them as Software-Bill-of-Materials(SBOM) in CycloneDX format.'
   })
 
+  readonly packageLockOnly = Option.Boolean('--package-lock-only', false, {
+    description: 'Only use the yarn.lock file for dependency information.\n'+
+        'No network calls will be made.'
+  })
+
   /* mimic option from yarn.
     - see  https://classic.yarnpkg.com/lang/en/docs/cli/install/#toc-yarn-install-production-true-false
     - see https://yarnpkg.com/cli/workspaces/focus
@@ -90,10 +95,6 @@ export class MakeSbomCommand extends Command<CommandContext> {
       'This feature is experimental.'
   })
 
-  readonly packageLockOnly = Option.Boolean('--package-lock-only', false, {
-    description: 'Only use the yarn.lock file for dependency information. No network calls will be made.'
-  })
-
   readonly shortPURLs = Option.Boolean('--short-PURLs', false, {
     description: 'Omit all qualifiers from PackageURLs.\n' +
       'This causes information loss in trade-off shorter PURLs, which might improve ingesting these strings.'
